- Home
- Risk Watch
- Shine a Light on Fraud
Shine a Light on Fraud
- By Shirley Liew
- Published 10/02/2010
- Risk Watch
- Unrated
Identifying fraud has always been an important goal for organisations across the globe. Fraud is often difficult to detect and even more difficult to investigate. Poor internal systems allow fraud to flourish. The biggest motivation is greed. The current economic turmoil is pushing fraud detection higher on everyone’s priority list.
The impact of fraud
From employee embezzlement to intentionally misleading financial statements, occupational fraud and abuse can often have serious consequences to an organisation. The Association of Certified Fraud Examiners estimates that the typical organisation loses 7% of its annual revenues to occupational fraud. In addition to direct dollar costs, fraud can damage a company’s reputation, contribute to a loss of public trust, decrease share price, increase in legal fines, and cause low employee moral.
The Australian Institute of Criminology estimated that fraud costs approximately $8.5 billion each year, with only 6% of the misappropriated monies recovered.
Recently, here in Australia we’ve seen a Payroll Manager at Clive Peeters confess to a $20M dollar theft. The high profile financial statement fraud and demise of HIH Insurance is considered to be the largest corporate collapse in Australian history, estimated at a loss of $5.3 billion. In the UK a former audit firm director, was sentenced for fraudulently claiming half a million dollars in expenses. The Enron scandal in the US, demonstrated how quickly fraud can cause the collapse of a fortune 500 company and dissolution of a top five accounting firm. While these are examples of high profile cases, there are many more reported and unreported. The impact of fraud is high for any organisation.
Detecting fraud and misconduct
Fraud is often undetected nor reported to the police. It is usually dealt with internally or not investigated.
Traditionally a company relies most on its internal control activities, the internal auditor, and external auditors to detect and uncover fraud. However, according to the 2008 Report to the Nation from the Association of Certified Fraud Examiners, over 50 percent of fraud was detected through tips or by accident. Of the fraudulent activities detected by tips, a full 31 percent came through hotline calls. Internal control is a distant second in detecting fraud (after tip-off and accidental detection). Hence, there is room for improvement.
Inherent limitations of traditional audit methods
External and internal audit reviews are not designed nor intended to detect all weaknesses in control procedures, as it is not performed continuously through the period and the tests performed are on a sample basis. Auditors typically spend one to two weeks on periodic audits to gain assurance. The reviews are designed to check for material net errors, and whether controls are designed appropriately and operating effectively. The reviews are not performed looking specifically for instances of fraud, but rather the potential for fraud.
Limitations of sample testing for fraud detection purposes:
The impact of fraud
From employee embezzlement to intentionally misleading financial statements, occupational fraud and abuse can often have serious consequences to an organisation. The Association of Certified Fraud Examiners estimates that the typical organisation loses 7% of its annual revenues to occupational fraud. In addition to direct dollar costs, fraud can damage a company’s reputation, contribute to a loss of public trust, decrease share price, increase in legal fines, and cause low employee moral.
The Australian Institute of Criminology estimated that fraud costs approximately $8.5 billion each year, with only 6% of the misappropriated monies recovered.
Recently, here in Australia we’ve seen a Payroll Manager at Clive Peeters confess to a $20M dollar theft. The high profile financial statement fraud and demise of HIH Insurance is considered to be the largest corporate collapse in Australian history, estimated at a loss of $5.3 billion. In the UK a former audit firm director, was sentenced for fraudulently claiming half a million dollars in expenses. The Enron scandal in the US, demonstrated how quickly fraud can cause the collapse of a fortune 500 company and dissolution of a top five accounting firm. While these are examples of high profile cases, there are many more reported and unreported. The impact of fraud is high for any organisation.
Detecting fraud and misconduct
Fraud is often undetected nor reported to the police. It is usually dealt with internally or not investigated.
Traditionally a company relies most on its internal control activities, the internal auditor, and external auditors to detect and uncover fraud. However, according to the 2008 Report to the Nation from the Association of Certified Fraud Examiners, over 50 percent of fraud was detected through tips or by accident. Of the fraudulent activities detected by tips, a full 31 percent came through hotline calls. Internal control is a distant second in detecting fraud (after tip-off and accidental detection). Hence, there is room for improvement.
Source: 2008 Report to the Nation on Occupational Fraud & Abuse, Association of Certified Forensic Examiners
Inherent limitations of traditional audit methods
External and internal audit reviews are not designed nor intended to detect all weaknesses in control procedures, as it is not performed continuously through the period and the tests performed are on a sample basis. Auditors typically spend one to two weeks on periodic audits to gain assurance. The reviews are designed to check for material net errors, and whether controls are designed appropriately and operating effectively. The reviews are not performed looking specifically for instances of fraud, but rather the potential for fraud.
Limitations of sample testing for fraud detection purposes:
- Sampling is not able to fully quantify the impact of control failures, it is only able to estimate errors within a population.
- Sampling may miss many smaller anomalies that could point to weaknesses that may be exploited later causing a material breach.
- Fraud is not representative in a sample.
- To effectively test and monitor internal controls, organisations need to look at all the transactions that roll through them and test transactions against established parameters, across applications, across systems, from dissimilar applications and data sources. A lot of internal control systems can’t handle this.
- It is timely and costly to manually investigate even a small sample.