The Association of Certified Fraud Examiners (“ACFE”) distributes its “Report(s) to the Nation on Occupational Fraud and Abuse” every two years.  Their studies have dissected thousands of fraud cases, provided multiple slices of the data, and a number of key findings.  Of specific relevance here are the following two charts, displaying a clear winner, but for a not-so-obvious, yet-entirely-logical reason.  My question is, are we seeing exploitation of the best source and its underlying reason for being so effective?…in my opinion…NOT:

Frauds initially discovered via: 2010
Tips 40.20%
Management Review 15.4
Internal Audit 13.9
By Accident 8.3
Account Reconciliation 6.1
Document Examination 5.2
External Audit 4.6
Surveillance/Monitoring 2.6
Law Enforcement & All Other 3.60%
Frauds initially discovered via: 2008 2006 2004 2002
Tips 46.20% 34.20% 39.60% 43%
By Accident 20 25.4 21.3 18.8
Internal Audit 19.4 20.2 23.8 18.6
Internal Controls 23.3 19.2 18.4 15.4
External Audit (all instances) 9.1 12 10.9 11.5
SEC clients (only) 4.1 4.5 6.1 N/A
Notified by Law Enforcement 3.20% 3.80% 0.90% 1.70%


The primary take-away here is not that “Tips” clearly represents the best source of uncovering fraud, but that we are not fully realizing the robust value of that BEST source (a tip from an employee, a customer, a vendor).  An even more important insight, however, is WHY that source is so powerful.

Let’s go at this from the bottom-up percentages, of each source’s proven propensity to uncover fraud, according to the studies’ results: Law Enforcement is not a comprehensively-reliable method for detecting fraud in companies, government, etc., because “they” don’t uncover it very often, about an average of one in thirty cases.  External Audit (public accounting firms) success is dismal…one in twenty times with SEC (read that as “larger”) clients, and one in ten with all clients…and so on up the listing.

The further up from the bottom you go, the higher the knowledge of the business processes, and therefore the greater the aptitude to catch fraud…not a difficult concept, right?

So, what I say is: Let’s ensure the best sources for detecting fraud (or ineffective business practices, or sloppy timeframes, or perplexing transactional data, or poor responses to service/information technology requests, or, you name a frustrating business process issue) get more attention, reward, and responsibility for doing what they obviously…do the best.