One of the big concerns about the rapidly deteriorating economy as a result of the Coronavirus Crisis is the potential for fraud and abuse to rear its ugly head.
Major downturns often bring to light frauds that either have been ongoing and are now exposed, or it prompts new frauds by those who prey on adverse circumstances or come under intense pressure. And then there are the more systemic frauds that can crop up. In a corporate setting the lines can become blurred between doing everything possible to keep the company afloat in difficult times and committing fraud to make it appear that the company is surviving.
Companies have good reason to be concerned. A new fraud report finds that even before the crisis, fraud was a major problem in corporate America. According to the latest survey from the Association of Certified Fraud Examiners (ACFE), organizations lose 5 percent of their revenues each year to fraud. In the ACFE’s 2020 Report to the Nations, a study of 2,504 cases of occupational fraud investigated by CFEs in 125 countries, the typical fraud lasted 14 months before it was detected and caused a median loss of $8,300 a month.
The cost of just the cases the ACFE report analyzed amount to $3.6 billion, and that’s just scratching the surface, say the authors of the study. “This is a tiny fraction of the number of frauds committed each year against millions of businesses, government organizations, and nonprofits throughout the world,” the report states. “Yet this study represents the most comprehensive examination available of the costs, methods, victims, and perpetrators of occupational fraud.”
The fraud report serves as a reminder to internal auditors to ensure strong controls that both detect financial wrongdoing or deter them from happening. Indeed, an encouraging trend identified by the survey has been the increase in anti-fraud controls. The implementation rates of both hotlines and established anti-fraud policies have gone up 13 percent over the past decade. Targeted anti-fraud training for employees and company leadership has also increased.
“We see more recognition of fraud risks in many organizations than we saw 10 years ago,” said John Warren, vice president and general counsel of the ACFE and one of the co-authors of the report. Tips remain the most common way for fraud to be detected, accounting for 43 percent of cases, but the ways in which whistleblowers report their concerns is shifting. Tips are increasingly coming in through web-based forms (32 percent) and email (33 percent), while the use of telephone hotlines has dropped from 40 percent to 33 percent since 2016.
Fraud on the Rise?
The reports finding are timely. The level of fraud and wrongdoing almost always increases during times of economic hardship. Indeed, a report by PwC, “Fraud in a Downturn,” conducted just after the financial collapse of 2008, finds an elevated risk for several types of fraud at organizations during a period of economic decline.
“When economic survival is threatened (either for the organization or for the individual) the line separating acceptable and unacceptable behavior can, for some, become blurred. In addition, fraud and other economic crime have become a focus of criminal activity over the past five years; criminal organizations that profit from fraud view the current economic conditions as an opportunity, not a threat,” PwC states in the report.
The PwC report also finds that the speed of change in the economic climate is a catalyst for wrongdoing. “The speed of change is such that opportunities to commit fraud will be prevalent. More people will feel real pressure to ‘cross the line’ or to look the other way while others do so. In addition, the falling economic tide will expose more frauds that have been ongoing whilst economic conditions were good. Although there are many competing priorities for those charged with governance to consider, in our view boards of directors would be wise to reflect carefully on the changing landscape of fraud and other integrity risks,” the reports authors write.
Types of Fraud
ACFE has identified three broad categories of occupational fraud: asset misappropriation, corruption, and financial statement fraud. Asset misappropriation, which involves an employee stealing or misusing the organization’s resources, is by far the most common type of fraud, occurring in 86 percent of fraud cases. Misappropriation, which includes skimming, petty theft, billing and payroll schemes, and check and payment tampering, also causes the lowest losses, with a median loss of $100,000.
Corruption, which includes bribery, kickbacks, extortion, and conflict of interest schemes, are the next most common, occurring in 43 percent of fraud cases. They are also the second most expensive types of fraud: The median loss from instances of corruption by employees is $200,000. The third type of fraud, financial statement fraud, is the least common, but most expensive. Financial statement fraud is only present in 10 percent of fraud cases, but it accounts for median losses of $954,000.
Instances of fraud are often not confined to one type. In one-third of the cases ACFE analyzed, the fraudster committed more than one of the three primary categories of occupational fraud. About one-fourth of fraudsters undertook both asset misappropriation and corruption schemes, 3 percent misappropriated assets and committed financial statement fraud, and 1 percent engaged in both corruption and financial statement fraud. In 5 percent of the cases ACFE examined, the fraud involved all three categories.
How Fraud Is Detected
Internal audit still plays a major role in detecting fraud. In fact, it is the second most common way that frauds are detected, with 15 percent of wrongdoing coming to light during an audit or internal audit investigation, far behind tipsters, who bring to light 43 percent of frauds. Other prominent ways that frauds are discovered include: management review (12 percent), by accident (5 percent), and account reconciliation (4 percent).
During the pandemic, some are emphasizing that internal audit and other facets of the organization need to be more vigilant about the potential for fraud. “The pandemic is creating conditions where occupational fraud can thrive. Anyone with the slightest understanding of fraud is familiar with the concept of the fraud triangle, which identifies pressure, opportunity, and rationalization as the key ingredients,” wrote Richard Chambers, president of the Institute of Internal Auditors in a recent blog post. “The pandemic is fueling the first — pressure — in myriad ways, as its impact on economies threatens the financial well-being of millions of organizations and billions of workers globally.”
Anti-Fraud Controls
Internal audit also plays an important part as an anti-fraud control. At 74 percent, it is the third most common anti-fraud control, behind external audit of financial statements (83 percent) and code of conduct (81 percent). Other common fraud controls include: management review (65 percent), hotline (64 percent), fraud training (55 percent), and formal fraud risk assessments (41 percent).
Internal audit was also found to be among the most effective anti-fraud controls in terms of its ability to deter fraud and to keep losses at a minimum. Where organizations had an internal audit department, (74 percent of cases studies), the median loss was $100,000, compared to a $200,000 median loss when internal audit was not in place. A good internal audit function was also able to shorten the typical length of a fraud from 24 months to 12 months.
“The COVID-19 pandemic has shined a bright light on how organizations respond to significant crisis, and all evidence suggests that internal audit is playing a significant, relevant, and valuable role. We must continue to do our very best work as we move forward. What’s more, we must be vigilant and counsel against short-sighted efforts to save costs by eliminating or weakening effective and proven controls,” writes IIA’s Chambers. 
Joseph McCafferty is Editor & Publisher of Internal Audit 360.