Employee fraud may not be the number one concern that keeps CFOs, CROs and CAEs awake at night, but it can be a significant drain on the bottom line and have a number of other negative impacts on an organization.
The most recent edition of The Association of Certified Fraud Examiners (ACFE) “Report to the Nations on Occupational Fraud and Abuse,” issued in 2012, states that the median loss of each instance of employee fraud in their study was $140,000. More than one-fifth of these cases caused losses of at least $1 million. Even in a large, multi-billion dollar organization, that amount is significant.
The financial impact aside, there is usually another negative impact, potentially even more serious, resulting from both internal and external awareness of repeated instances of fraud. Internally, this can lead to low morale and a “me-too, as everyone else is doing it” mindset. Externally, it can significantly damage an organization’s brand and reputation.
Even in a generally well-run company, fraud still takes place. According to the 2012 ACFE report, an average organization loses 5% of its revenues to fraud — a staggering sum.
So what can senior management do about this problem, which is toxic, even if actual losses are far less than the ACFE statistics? Most organizations start by ensuring that there is an appropriate tone at the top, clearly defined ethical policies and well-designed controls. There seems to be a trend in many organizations, particularly those within the high-performance category, to assume that fraud only happens elsewhere. The reality is that people are fallible and there is always going to be at least one bad apple. Policies will be ignored, and controls are never perfectly effective.
According to the ACFE report, the majority of asset misappropriation occurs in the procurement, payment and expense areas. This is where most organizations start monitoring activities. In fact, by analyzing transactions in these areas (such as with continuous monitoring systems that are driven by data analysis), it is usually possible to test for a wide range of employee fraud schemes, as well as bribery and conflicts of interest.
Here are five areas in which employee fraud commonly occurs:
Potential fraud risks include (a) an employee initiating purchase orders (P.O.) for goods and services that are diverted for personal use and (b) an employee setting up a “phantom” vendor account, through which fraudulent invoices are processed and payments are made to the employee.
In these situations, fraud tests can detect if the same individual both enters and approves a P.O. or if an individual enters or approves multiple “split” P.O.’s, just under an authorized limit. Other evidence that can be discovered includes whether the delivery address for goods or services is the same as an employee’s, whether the goods being purchased are typically consumer items, or whether the vendor master file information (address, bank account, etc.) is the same as that of an employee.
Corporate Credit Cards
A common fraud risk is an employee using a corporate credit card for personal gain instead of legitimate corporate purchases or travel and entertainment expenses.
Fraud tests can detect purchasing cards (P-Cards) being used to acquire goods and services from vendors with suspect merchant codes (e.g., home supplies, personal entertainment, etc.) and corporate cards being used by employees on weekends or while the employee is on vacation. Additionally, tests can determine whether fuel is purchased in unusually large quantities, mileage charges are made in the same period as rental-car charges, and corporate-card transactions are approved by the card holder.
Payroll fraud can consist of (a) “phantom” employees being set up on payroll systems; (b) excessive overtime payments; and (c) employees remaining on the payroll after death or termination.
Tests can detect if there is more than one employee with the same bank account details or the same address. In addition, they can find invalid address information for employees, invalid social security numbers, unusually high overtime amounts, and payroll payments made to employees who were terminated or deceased according to HR records.
Sales and receivables
Some potential frauds include (a) employee collusion with vendors and (b) sales representatives inflating sales to achieve higher commissions and bonuses.
Fraud tests can detect customer accounts with exceptional credit terms; customer accounts that have unusually large or frequent credit memos; customers receiving unusually large discounts; customers returning goods without corresponding adjustments to sales representatives’ commissions; and sales shipment addresses that are the same as an employee’s address.
Information systems and critical data
This kind of fraud includes (a) employee theft of critical data and (b) employees providing corporate data to external individuals.
The right tests can discover databases accessed by individuals without appropriate authorities and reports generated by individuals without appropriate authorization. Similarly, fraud tests can detect customer accounts with exceptional credit terms and network logs that indicate unauthorized copying and movement of data files. Tests can also help discover if email attachments include sensitive data.
John Verver is vice president, product strategy and alliances, at ACL, an audit and risk management technology solutions firm.