This week is International Fraud Awareness Week.
Fastpath is committed to empowering organizations to take control of their security, compliance, and risk management. Part of that is educating organizations on the risks and impact associated with internal fraud. This subject is often overlooked as organizations focus their efforts on external cybersecurity threats. Fraud impacts businesses of all industries and sizes. In this blog, we will share some insights on the risks and impact of fraud and steps that organizations can take now to prevent the incidence of fraud.
Internal fraud (embezzlement, billing fraud, payroll fraud, check tampering, etc.) affects every business. While many companies are eager to secure their networks from external threats, some companies are slow to put controls in place to identify and prevent internal fraud, often because it is not tangible. Companies with tight budgets and more pressing needs find it hard to allocate money to a problem they cannot see and might not have experienced the impact yet.
However, the phrase "an ounce of prevention is worth a pound of cure" applies here. There are steps that companies can take now to minimize the incidence of fraud in their organization and to reduce the effect of fraud if it does occur.
According to the AFCE, four anti-fraud controls were associated with a 50% or greater reduction in both fraud losses and duration:
- An established, company-wide code of conduct
- An internal audit department
- Management certification of financial statements
- Regular management review of controls, processes, accounts, or transactions
What employers and employees can do now:
- Conduct fraud training. Employee training and awareness decreased fraud losses by 38%.
- Be vigilant. Be aware of red flags and trust your instincts.
- Report irregularities. Establish a hotline where employees and outside vendors can report suspicious activity anonymously.
The primary weaknesses that lead to more than two-thirds of occupational fraud are:
- Lack of internal controls (32%)
- Override of existing internal controls (18%)
- Lack of management review (18)
The AFCE analyzed 2,504 cases of occupational fraud from 125 countries that were investigated between January 2018 and September 2019. 895 of these cases came from the United States and Canada.
Below are some facts about occupational fraud taken from that report:
- The AFCE estimates that organizations lose 5% of revenue to fraud each year with an average loss of $1.5 million.
- Incidents of fraud was reported in relatively equal percentages in small, medium, and large organizations based on number of employees; however, smaller businesses are more likely to feel the impact of those losses than their larger counterparts.
- 43% of fraud schemes were detected by a tip (and half of those came from employees). A significant number of tips (more than a third) also came from outside parties, including vendors, customers, and competitors, indicating that anti-fraud reporting should solicit input from external as well as internal sources.
- Only 4% of the frauds in that study were uncovered through an external audit.
- Roughly half of all victim organizations in the US and Western Europe failed to recover any of their losses due to fraud. About another third only recovered a portion of their losses.
In addition to the findings in the ACFE report, the Gartner analyst group has stated, "Effective segregation of duties (SOD) controls can reduce the risk of internal fraud by up to 60% through early detection of internal process failures in key business systems."
Fastpath provides a suite of products to put controls in place to help identify segregation of duties conflicts and identify user access risks down to the securable object level. Fastpath can also facilitate regular access reviews and certifications, automate user provisioning, and other actions that can help reduce the chances of fraud in your organization.
Contact us to learn more about Fastpath products.