Fraud Prevention and Detection Efforts Should Mirror Management’s Oversight Efforts to Drive Any Change in Awareness (and Action)
We know the best sources for uncovering fraud; those have been identified and proven via the bi-annual studies done by the Association of Certified Fraud Examiners. The best source is “TIPS” – from employees, customers, vendors and even “anonymous.” The worst source is “law enforcement,” with public accounting, internal controls, internal audit, and others in between.
| Frauds initially discovered via: | 2010 |
| Tips | 40.20% |
| Management Review | 15.4 |
| Internal Audit | 13.9 |
| By Accident | 8.3 |
| Account Reconciliation | 6.1 |
| Document Examination | 5.2 |
| External Audit | 4.6 |
| Surveillance/Monitoring | 2.6 |
| Law Enforcement & All Other | 3.60% |
| Frauds initially discovered via: | 2008 | 2006 | 2004 | 2002 |
| Tips | 46.20% | 34.20% | 39.60% | 43% |
| By Accident | 20 | 25.4 | 21.3 | 18.8 |
| Internal Audit | 19.4 | 20.2 | 23.8 | 18.6 |
| Internal Controls | 23.3 | 19.2 | 18.4 | 15.4 |
| External Audit (all instances) | 9.1 | 12 | 10.9 | 11.5 |
| SEC clients (only) | 4.1 | 4.5 | 6.1 | N/A |
| Notified by Law Enforcement | 3.20% | 3.80% | 0.90% | 1.70% |
However, how can you use this experiential data to do something about improving your company or institution’s odds of catching fraud early, or in preventing it? The first step is pretty simple; you need to do something proactive, like go looking for it! Following-on from that straightforward step, you then ought to exploit the sources that work best, and that should not be too hard, because we know what they are, we only need to activate and exploit them further.
So, let’s focus on TIPS for now.
Think about your organization…how do you pursue and execute, say, a new technology, a major initiative, a significant new program? Do you use Lean Principles, the PDCA (Deming) Cycle, “Plan to Act”, or have an internal or external team in charge of rolling out a new approach? It is a planned and monitored set of actions. The same approach should be utilized in constructing a proactive approach to monitoring, detecting and preventing fraud. The advantage management teams have, however, is the best source for uncovering fraud, the business process experts within the entity…the TIPS people. I suspect the great companies are accompanying risk assessment and audit efforts with side-by-side internal and external experts to analyze how to do things better…that continuous improvement mentality now applied to the more negative side of process review: looking for savings, efficiency, waste…and the likely places for fraud. I still say the great companies employ the internal experts, and make it part of a top-to-bottom, “this is the way we analyze our business.” You can also make these activities a part of variable compensation or award systems.
For multiple years now, we have utilized flowcharts, process flows, control(s) matrices and a variety of mapping tools to document how systems and processes operate. We have identified key controls, tested those key controls and documented results. Now, what if we could utilize many of those same tools but add the mentality of “that’s the process, now where could the process break down, be compromised, or most likely become sloppy”? Could the business process owners and experts be used to select the most likely vulnerable places? Could they also be tasked to go find them, then propose remediation fixes?
Are software tools now available or develop-able, or implementable (query systems, continuous monitoring, continuous auditing, etc.) to assist in an oversight role in the overall process upgrade? Could the internal experts be tasked to find not only poor practices, but also “low-hanging fruit” to assist in self-funding the effort? And where they find inefficiency, waste, there could likely be fraud too.
You’ve just got to go looking for it…it may be subject to that old adage: Pay now…or Pay later!