Why You Can’t Afford to Ignore Insider Fraud Detection
01/27/2021 by Ken Matz Financial Crimes
Insider fraud, also called occupational fraud, is a costly problem for businesses. The Association of Certified Fraud Examiners (ACFE) defines occupation fraud as “the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the organization’s resources or assets.” Simply stated, this type of fraud occurs when an employee, manager, or executive commits fraud against his or her employer.
In the 2020 Report to the Nations, a comprehensive report created by the ACFE every two years on the breakdown of occupational fraud, 2,504 cases were analyzed from 125 countries. Those cases accounted for total losses in excess of $3.6 Billion. Certified fraud examiners (CFEs) estimate that a typical company loses about 5 percent of its annual revenue to fraudulent acts, with a median fraud duration of 14 months before detection. While the median loss in the global ACFE study was $125,000 per case, the average loss per case was over $1.5 million. Even worse, the ACFE reported that 54% of victim organizations did not recover any of the fraud losses.
Of the types of occupational fraud reported, asset misappropriation is the most common, accounting for 86% of the cases reported with a median loss of $100,000. Financial statement fraud is the least common but most costly form of fraud, making up 10% of all cases reported and having a median loss of $954,000.
Fraud prevention and detection are the key pieces of the puzzle to minimize the risk and impact of fraud to your organization by your own employees. Prevention involves activities that aid in stopping fraud before it occurs. These activities include:
As the above statistics highlight, fraud prevention mechanisms aren’t enough to eliminate fraud. The risk of fraud after applying preventive techniques, referred to as residual risk, requires an arsenal of tools to detect fraud that will inevitably be perpetrated.
The report cites several passive methods for initial detection including police notification, confession, and accidental detection. Detection methods that can be active or passive include external audit and tips from customer or employees. Active detection methods include document examination, management review, internal audit, account reconciliation, IT controls, and surveillance/monitoring.
43% of all cases in the report were initially detected via tip. Half of those tips came directly from employees. On the other end of the spectrum, only a total of 9% of all fraud cases in the report were initially detected by three of the more active methods including account reconciliation (4%), surveillance and monitoring (3%), and IT Controls (2%). This disparity does not jump out until you focus on how the initial detection method relates to fraud loss and duration.
Active methods cut down the median loss by 40% for account reconciliation and IT controls and 70% for surveillance/monitoring. In addition, all three active methods resulted in fraud being detected much sooner than those detected by tips.
In my experience working in the data and analytics space the past 24 years, the active methods for fraud detection cited above provide a huge opportunity to employ data analytic and automation methods – “digital” if you were waiting for the punch line from the section title – where none may have been employed previously.
The potential ROI from digitizing and leveraging analytics in your fraud detection include:
Let’s take a look at a chart breaking down asset misappropriation:
Of the many areas of asset misappropriation, fraudulent disbursements offer solid opportunities for digitized fraud detection. Specifically, expense reimbursement schemes and payroll schemes are two areas where a modest investment in data analytics and an increase in automated surveillance and monitoring of data can reap big rewards in fraud detection and prevention.
The key to employing data and analytic detection methods is quality data that is updated regularly and is ready to be used for automated execution of detection. All of the best laid plans to leverage data, analytics, and automation for fraud detection are only as good as the data available. As the old adage goes, “garbage in, garbage out”.
If you are ready to take the next step, you need to invest time in the planning for what comes next. Key steps in the planning process include:
If you need to hire a partner, make sure that you hire a partner who has an experienced track record working with data and analytics in your industry. They should be familiar with assembling data in the right format for analytic and automated fraud detection and monitoring. The partner should be knowledgeable on commercial software platforms as well as open source platforms.
Zencos has a wealth of experience in this area. Let us help you identify the areas in your organization where data and analytics can help to increase fraud detection rates. By starting small and working with the right partner, you will enhance your digital transformation efforts while expanding fraud coverage.