8 Eye-popping Facts about Fraud You Should Know07, November 2018
Fraud is a multimillion-dollar problem for business, and can impact just about every kind of company, regardless of size and location. According to the 2018 Global Study on Occupational Fraud and Abuse from the Association of Certified Fraud Examiners, instances of corporate fraud costs business more than $7 billion globally in more than 125 countries and 23 industries.
Some other facts and statistics to consider about fraud:
-Corporate fraud is costing US companies $3.5 billion a year.
-22 percent of cases cause companies a loss of more than $1 million.
-Organizations worldwide lose about 5% of top line revenue to organizational fraud.
-3 out of 5 fraudsters are employees of the victim organization.
-Median loss due to manager/executive fraud is $703,000.
-Internal control weaknesses are responsible for nearly half of fraud cases.
-Active detection methods, such as controls or surveillance, are much more effective at finding fraud than passive methods, such as relying on police or routine reports.
-A majority of fraud victims never recover a penny of their loss.
If you haven’t given serious thought to your fraud mitigation strategy, now is the time. In an excellent interview on corporate fraud in Smart Business, Laurie A. Gatten, CPA, CFE, and a director at Barnes Wendling CPAs, notes businesses need to be doing more to prevent fraud.“It’s concerning when I begin initial discussions with owners or other key stakeholders regarding internal controls, and when I ask them how they identify risks of fraud and what measures are put into place to mitigate those risks, the answer returned is, ‘That’s why you’re here as our auditor,’” she said in the post.
But where do you start identifying your risk and allocating mitigation resources? One area to immediately examine is your enterprise resource planning (ERP) systems. As ERPs have become more complex and responsible for more business functions, so too has the potential for fraud due to employee access to ERP systems.
How ERP System Fraud Happens
Tackling the ERP issue requires understanding how a fraudster can do damage. One of the biggest risks is allowing employees to have access to areas of the system that they should not access. This unfettered access enables fraud in a number of ways, including allowing fraudsters to make unauthorized changes to payroll, manipulate inventory tallies, or process fake orders or invoices –all for their own financial gain.
Segregation of Duties is Key to Fraud Prevention
Within the ERP system, an important area to consider is the state of Segregation of Duties (SoD) controls. Often during ERP implementation, SoD vulnerabilities are overlooked, allowing for big gaps in security and access control. Only after an incident has taken place do many organizations realize they were even at risk for fraud in the first place.
Business and IT employees, often bogged down with many manual processes,understandably miss these gaps in security because they assume an advanced ERP system already has protection against SoD risks. Or they think governance, risk and compliance (GRC) tools will cover them. Unfortunately, they may also rely on auditors to analyze internal and external risks annually and assume due diligence has been done.
But this is a mistake. Ignoring SoD configuration and failing to critically evaluate it continuously leaves a business wide open for fraud. In fact, according to Gartner’s 2017 Market Guide, effective SoD controls can reduce the risk of internal fraud by up to 60 percent.
Vulnerabilities in internal controls for SoD are often hard to find unless you are using a solution that has automated analysis. The analysis should have the ability to determine if tasks are being performed by employees who should have authorized access and flag those who don’t so audit and IT leaders are alerted right away of potential vulnerabilities.
Some of the largest corporate fraud cases in history have been the result of a lack of effective SoD controls. Properly configured, SoD allows you to quickly spot the risks and even prevent fraud from occurring. Businesses need to be on top of SoD to avoid abuse of privileges among users. If you aren’t managing SoD in a way that provides instant insight and ongoing monitoring, address this deficiency in your holistic security strategy before a case of fraud or mishap related to over access negatively impacts your company.