Many organizations consider their workforce as their most important asset, which is very good. Nonetheless, they also believe that those who have been working for the longest period of time have become totally reliable, and in some cases it is no longer necessary to control or supervise them.
According to the results of a recent survey by Ernest & Young, more than 85% of fraud incidents are committed by people from within the company, with more than 55% of the authors being professionals at the managerial level, which is to say, “old timers.” When an employee rises in the ranks, he acquires greater authority and autonomy, and with it, greater capacity to identify, understand and to avoid controls. A person with autonomy not only has better knowledge in order to commit fraud, but unfortunately, also a greater capacity to conceal it.
Second Myth: “It can’t happen to us”
“We are a stable organization,” is what some executives affirm. Many believe that since no fraud has happened yet, and since there are control mechanisms in place, a significant fraud incident cannot happen.
In interviews with high executives, it could be seen that 47% of the companies they work for had experienced some type of fraud in the last year. New markets and business forms bring their own challenges, since it can confront companies with new forms of corruption, robbery of intellectual property or asset laundering. The risk of fraud is everywhere.
Third myth: “We would know if it happened here”
The activities of protection are often not in line with the risks that are really important to reduce or to control. Many have an intuitive rather than analytical approach, centered on small petty cash irregularities, inventory, or the justification of expenses.
The above-mentioned survey found that 63% of the companies are worried about the embezzlement of assets, and more than 50% are concentrating on computer crimes. Only 21% worry about fraud in financial statements, and very few pay attention to the possibility that fraud is committed at managerial levels. This shows that management is usually concerned with the smallest and most apparent risks.
Fourth myth: “If it occurred, it would soon be discovered”
The truth is that internal control systems are based mainly on the people in charge of their creation and execution; companies completely trust their internal supervision. However, 38% of the companies have never trained their employees in fraud detection and prevention.
As a matter of fact, many investigations show that all too often the supposed warning signs are not recognized.
Fifth myth: “The damages would not be significant. We could handle it”
Some executives consider that an occurrence of fraud would not have a significant impact on their organizations. They think that an irregular act committed by a single individual cannot be significant. Some organizations even trust in insurance to cover the losses suffered from fraud.
Some global estimates are that between 5% and 6% of corporate income is lost to fraud each year, with fraud committed by a high executive being six times more than those committed by a manager, and 14 times more than those committed by an employee. According to the investigation, only about 20% is recovered back from those who committed the crime, and only 19% is recovered by means of insurance policies. Fraud incidents can rapidly and inevitably drive insurance premiums higher.
Measuring the impact of fraud in regard to prestige and reputation of a company is also a great challenge. Fraud, beyond the financial cost that it implies, can affect the internal climate of the organization, the productivity of the employees, the trust of clients, reduced sales and even the stock price. The corporate image is not covered by insurance.
Sixth myth: “We are sufficiently protected from fraud by fulfilling all the regulatory requirements”
Many regulated companies, for instance those who apply the Sarbanes-Oxley (SOX) norms, believe that it is unnecessary to do more by adopting additional measures of prevention. Fact is that most regulations refer to risks in financial reporting, putting aside other risks such as operational fraud or abuse of one’s position.
Lowering the Risk of Fraud
It is the task of upper management to evaluate the effectiveness of current measures for fraud detection and prevention within their organizations. Many companies do little in consolidating an anti-fraud program because they think there can only be sporadic occurrencess. Nonetheless, companies that do take measures on the matter know that the benefits of an anti-fraud program widely surpass time and resources invested in its implementation.