Responding to Fraud Risk: the CAE’s Role

Background: The Association of Certified Fraud Examiners (ACFE) conducts a bi-annual study on fraud investigations, the results of which get summarized in the ACFE Report to the Nation. The most recent report was issued in 2008 and revealed the following:

- U.S. organizations lose 7% of their annual revenues to fraud
- There is approximately $994 billion in fraud losses each year
- Fraud schemes typically last for at least 2 years before they are caught
- Corruption was the #1 scheme at 27% of all reported fraud cases
- False Billing was the #2 scheme at 24% of all reported fraud cases
- Frauds are most likely to be uncovered by a “tip” rather than any other method, including audit
- Roughly 38% of Frauds happened at small companies (>100 employees)
- Roughly 42% of Frauds happened at large companies (1,000+ employees)
- Roughly 39% of Frauds happened at Private Companies
- Roughly 28% of Frauds happened at Public Companies

What these statistics prove is while fraud may not happen at every company; no company is immune to fraud risk. As an inherent risk to business, fraud should be included in Enterprise Risk Management (ERM). Methods for managing and controlling the risk of fraud should include strategies for fraud prevention, fraud detection, and fraud deterrence.

The Chief Audit Executive (CAE) must be involved in the organizational anti-Fraud strategy. As with other business risks the CAE should be assessing Fraud Risk and evaluating the effectiveness of the anti-Fraud strategies. Here is a sample list of strategies:

Fraud Prevention

- Anti-Fraud Tone at the Top
- Strong Corporate Governance and Internal Control Environment
- Policies and Procedures to reflect mindset and actions
- Hire ethical employees (Background checks, signed forms, etc.)
- Code of Conduct – signed by every employee
- Conflict of Interest Statement (employees and business partners)

Fraud Detection

- Establish a Hotline
- Fraud Risk Assessment
- Fraud Penetration Study based on Schemes and Concealment Strategies
- Incorporate Fraud in every phase of an audit (SAS 99)
- Create/utilize a Red Flags Database
- Implement effective SOX Fraud Controls
- Data mine instead of sample testing
- Create a Toolkit including a resource roster of experts (Fraud expert, Investigator, Data mining, etc.)
- Continuously Monitor Transactions for possible Fraud

Fraud Deterrence

- Create an Internal Audit department
- Publicize Ethics Hotline
- Publicize Internal Fraud Cases and Punishment
- Publicize Continuous Monitoring Program

Vonya Global and the ACFE are not affiliated. Information in the opening paragraph is sourced from the ACFE 2008 Report to the Nation, which can be downloaded at the ACFE website.

Looking for Ghost Employees in a Retail Environment

Payroll Fraud, specifically “Ghost Employees” can create a significant financial burden on companies. How much? Well, according to Occupational Fraud and Abuse, by Joseph T. Wells, Obsidian Publishing Co. Inc., Ghost Employee Fraud has the highest median loss relative to all payroll fraud schemes at $275,000 per case. If it is happening at your company, it is hurting your company. Unfortunately for those of you in retail, you are one of the most susceptible.

What can be done?

A large retail organization, one of the Fortune 500 with well over 200,000 employees, has retained Vonya Global to search for Fraud in Payroll. Specifically we will be looking for Ghost Employees which (in our methodology) includes Fictitious Ghosts, No-Show Ghosts, Pre-employment Ghosts, Terminated Ghosts, Temporary Ghosts, Family/Friend Ghosts, and Temp Agency Ghosts.

Unlike an investigation, this project is a proactive approach to fraud detection. The company has no evidence or indication that payroll fraud is occurring, however they understand that based on their size and their industry they are susceptible. Our approach takes an inventory of all payroll data and files. Once we have all the information we will segregate it into groups with similar characteristics and through detailed data analysis we will identify anomalies. We are confident that we will identify Ghost Employees and as a result return hundreds of thousands of dollars to the company.

Contact us if you would like to find out more about this project or how we would help you identify fraud in your business.

Fraud Detection Workshop in Chicago October 27 - Afternoon Session Added

Due to popular demand an afternoon session has been added to this workshop. The session will begin at 2:30 pm and conclude by 5:00 pm. Admission is free but registration is required. Please confirm by October 20, 2009.

About the Workshop
Fraud schemes are not complex. Yet, fraud is rarely caught until it is too late. Why? Understanding the fraud scheme is not enough. Identifying the fraud concealment strategy and how it is portrayed in data is the only way to detect fraud. It is essential to learn how to detect fraud before it is too late.

Data mining is the key tool to locate and recognize fraudulent transactions. This workshop will demonstrate:

- How to build a fraud scenario approach
- How to map data fields to fraud scenarios
- How to interpret data for patterns and frequency of fictitious vendors
- How to build the fraud audit plan to include data mining

Please visit the Vonya Global website to register or request additional information.

FINAL REPORT: Strategic Plan for Fraud Prevention, Fraud Detection, and Fraud Deterrence

Vonya Global surveyed Executives and Internal Auditors from private, public, and not-for-profit organizations, spanning many industries to gather opinions on strategic planning for fraud prevention, fraud detection, and fraud deterrence.

"Companies should do more to deter and detect fraud. Costs go far beyond the simple dollars someone steals or gains through materially misstated financial statements. Loss to employees and stockholders can be substantial.”
- Internal Auditor Response


Historically, there have been several studies conducted about fraud and fraud statistics, but none that deal directly with the strategic plans to manage fraud risks. The timing of this study is appropriate due to the heightened sensitivity to fraud due to the economic conditions. It seems more groups, including regulatory bodies, investors, clients, and suppliers are increasingly concerned about the ability to demonstrate effective fraud prevention and fraud detection strategies.

One of the goals of this report is to help organizations begin to evaluate the investment in fraud prevention, fraud detection, and fraud deterrence to determine if there are more effective ways to manage fraud risk.

A copy of the full report can be downloaded by following this link: Fraud Prevention, Fraud Detection, & Fraud Deterrence Report