Fraud is a constant concern for businesses and other corporate organizations everywhere. According to PwC’s Global Economic Crime and Fraud Survey 2020, 47 percent of U.S. companies had experienced fraud in the previous 24 months. Another 35 percent were asked to pay a bribe.
In its 2021 report, the Association of Certified Fraud Examiners (ACFE) found that 71 percent of anti-fraud experts believed that fraud levels at their organizations would increase in the coming 12 months.
These findings (and many more) show that fraud is a widespread risk that can affect any organization, its business continuity, and its reputation. So what can your organization do to minimize the possibility of fraud and mitigate its potential harm?
Strong internal controls.
This article explores why your organization needs robust internal anti-fraud controls. It also explains the six essential controls that should be a part of your internal control system.
What Is Corporate Fraud?
Corporate fraud refers to illegal or deceptive actions committed by an internal or external perpetrator against a business for personal or financial gain. Unlike inadvertent errors or mistakes, fraud involves deliberate and malicious acts. Fraud can cause irrevocable harm to employees, investors, customers, partners, and creditors.
Fraud is often difficult to detect. Internal fraudsters might engage in fraudulent activity for years by taking advantage of their “trusted insider” status. Some perform highly complicated accounting schemes that only an expert can detect and understand. Others rely on a lack of visibility within the organization to execute fraudulent behaviors “under the radar.”
Types of Corporate Frauds
There are three primary types of fraud: corruption, asset misappropriation, and financial statement fraud.
Corruption
Corruption schemes usually involve employees misusing their position to influence business transactions for their benefit. Bribery, extortion, and conflicts of interest are the most common types of corporate fraud.
Asset Misappropriation
Also known as insider fraud, asset misappropriation can be committed by an insider such as a company director or employee, or by an outsider such as a third-party vendor.
One common way to perpetrate asset misappropriation fraud is to steal cash before or after it has been recorded in the company’s accounting books. In some fraud cases, fraudsters also steal cash receipt equivalents, such as vouchers or credit notes.
Some other common types of asset misappropriation fraud are:
- Stealing company data, intellectual property, or business secrets;
- Embezzlement by creating false invoices or by implementing a “ghost employee” scheme;
- Making false expense claims for reimbursement;
- Stealing non-cash assets.
Financial Statement Fraud
Employees or senior management create fictitious revenues, understate revenues, hide liabilities, or inflate assets in financial statement fraud. The goal is to paint a false picture of the organization’s financial performance, usually to boost the company’s market value or attract new investors. Improper disclosures are also a type of financial statement fraud.
Financial statement fraud is the least common type of fraud, but it attracts a lot of attention when it occurs. These schemes can take years to detect. Moreover, they can result in battered stock prices, job cuts, and huge losses for investors and shareholders.
These consequences came to pass when the Enron scandal broke in 2001. When news broke about a massive financial misstatement fraud at Enron, its share price quickly collapsed from around $90 to less than $1. Eventually shareholders lost over $74 billion and the company went bankrupt.
The collapse of Enron, along with several other corporate frauds circa 2001, led to enactment of the Sarbanes-Oxley Act in 2022.
What Is the Cost of Corporate Fraud?
In 2018 the average corporate loss arising from fraud was $2.75 million. Even private companies and small businesses were not exempt, suffering a median annual loss of $164,000 due to fraud. The most common fraud schemes that resulted in such losses included:
- Corruption;
- Wire transfer schemes;
- Expense reimbursement schemes;
- Payroll fraud;
- Inventory theft;
- Cash larceny;
- Check tampering;
- Financial statement fraud.
In its 2018 Report to the Nations Global Study on Fraud and Abuse, ACFE predicted that U.S. Businesses would lose around 5 percent of their gross revenues to fraud. The most significant contributing factor was the lack of strong internal controls.
By 2019, fraud events cost businesses $5.127 trillion each year. To put this into perspective, it represents almost 70 percent of the $7.442 trillion the world spent on annual healthcare costs.
In a 2020 PwC survey, respondents reported that they had lost $42 billion due to fraud losses and that this cost directly hit their bottom line. Another 13 percent of victim companies lost $50 million or more.
Fraud costs have also increased in other countries. For example, businesses in Britain now lose a staggering £137 billion annually to fraud. Costs have also gone up in Canada, from $2.87 lost per $1 of fraud in 2020 to $3.02 lost per $1 of fraud in 2021.
The Importance of Internal Controls for Preventing Fraud
Regardless of how fraud is perpetrated, most incidents occur due to an outdated, weak internal control system. Without a robust control environment, fraudsters can exploit a weakness or take advantage of their position or influence to commit a fraudulent activity. Effective internal controls minimize the possibility of fraud and its repercussions.
Hence the bedrock of any corporate fraud prevention program is a strong internal controls environment. Simply put, to protect your organization from fraud, you must lock down your system of internal controls. Moreover, your internal control process should include three types of internal controls:
- Preventive controls to prevent fraud from happening;
- Detective controls to identify and minimize the harm of fraud that has already occurred;
- Corrective controls to address and fix problems that may lead to fraud, cause financial losses, or damage the organization’s reputation.
Six Key Controls to Help Protect Against Fraud
Here are six critical internal controls that can help improve fraud detection and protect your organization from fraud losses.
A Strong Code of Conduct and Ethics
ACFE’s 2020 Report to the Nations cited a robust code of conduct is a valuable anti-fraud control. The code sets the tone from the top and provides a clear roadmap about which behaviors are and are not acceptable. Defining these expectations will help safeguard the company’s reputation, prevent regulatory fines, and avoid legal litigation.
A well-written code of conduct outlines your organization’s mission, vision, values, principles, and commitments. More importantly, it links them to expected ethical and moral standards of professional behavior. It serves as a benchmark to assess behaviors and hold employees accountable if they are non-compliant.
The code of conduct should include these policies to articulate expectations and guide behaviors:
- Whistleblower policy;
- Incident response plan;
- Executive-specific policies;
- Code of business ethics;
- Anti-fraud policy;
- Conflicts of interest;
- Financial and fiscal policies around:
- Cash disbursements;
- Expense reimbursements;
- Travel reimbursements;
- Petty cash.
A Robust Internal Reporting System
Employees detect a large portion of corporate fraud cases. A confidential hotline, an internal website or portal, or another type of reporting mechanism provides employees with the means to report suspected fraudulent activities.
It’s essential to make this system anonymous since most whistleblowers hesitate to report incidents openly to employers; they fear reprisals, job loss, or other punishment. The anonymous reporting system and whistleblower policy should be used in tandem to detect and investigate fraud.
Segregation of Duties
Segregating duties (also known as separation of duties) is a critical internal control to reduce fraud risk. It means that no single person has multiple duties that can give him or her the power to engage in fraudulent activities.
For example, all activities related to financial record-keeping, authorization, reconciliations, and reviews should be divided among different employees. This separation of tasks will ensure that a single person cannot retain custody of a transaction and manipulate any resulting assets. Segregation reduces the risk of inappropriate actions.
Internal Audits
Solid internal audit procedures limit the risk of fraud. Along with management reviews, internal audits are critical to assess existing anti-fraud controls and assure they remain effective and up-to-date. Internal auditors can also search for fraud and mitigate potential damages. These auditors must know how to assess fraud risk.
To ensure that the internal audit system is working well, executive management should:
- Evaluate the organization’s fraud response plan, including its key processes and investigation methodologies;
- Decide who will carry out fraud investigations;
- Clarify how internal audits will investigate fraud and assess any failures of existing controls;
- Check if internal auditors have the required skills to carry out fraud investigations.
External Audits
While robust internal audits are crucial to prevent fraud, working with external auditors is also critical. An independent external auditor can bring objectivity and impartiality to the controls audit process. External audits can also deter employees from indulging in fraudulent behaviors, who will know there’s an additional mechanism to get caught.
External auditors typically work with internal auditors to analyze current anti-fraud controls, recommend appropriate changes to policies and procedures, and help with implementation.
Up-to-Date Documentation
Accounting records and other kinds of documentation can help reduce fraud because they increase visibility and make it easier to audit different types of transactions and activities. It’s imperative to document financial transactions to ensure that no one is “cooking the books” or doing anything that may affect the quality and accuracy of financial reporting.
For instance, all sales receipts and bank account deposit preparations should be documented. This will allow authorized personnel to perform bank reconciliations and verify that the receipts were deposited into the bank, which reduces asset misappropriation or other types of fraud.
Some other ways to prevent fraud with documentation are:
- Use “for deposit only” stamps on all incoming checks;
- Avoid using a signature stamp;
- Require two or more signatures on checks above a specified amount;
- List all checks on a log before handing them to an authorized person for depositing receipts;
- Require supervisors to approve employees timesheets before payroll is processed;
- Examine all canceled checks to ensure that third parties are recognized and legitimate.
Along with the six controls explained here, you can also hire trustworthy experts like Certified Fraud Examiners (CFE) and Certified Public Accountants (CPA) to help establish anti-fraud policies and controls.
Leverage ZenGRC to Mitigate Fraud Risk in Your Organization
ZenGRC can improve visibility into your risk environment. ZenGRC streamlines your anti-fraud and fraud risk management program by documenting internal controls, regulatory requirements, and audit records.
It is a single source of truth that ensures your organization is always audit-ready. Policies and procedures are revision-controlled and easy to find in the document repository. Workflow management features offer easy tracking, automated reminders, and audit trails. Insightful reporting and dashboards provide visibility to gaps and high-risk areas.
Schedule a free demo to see how ZenGRC can seamlessly fit into your risk management and anti-fraud program.