The Association of Certified Fraud Examiners issues its Report to the Nations every two years; the 2020 edition is the 11th study of the impact occupational fraud has on organizations across the globe. Per the ACFE, occupational fraud is fraud committed by individuals against the organizations they are employed by, and is one of the costliest forms of financial crime.

The 2020 study reviewed 2,504 cases from 125 countries that were investigated between January 2018 and September 2019. These cases resulted in a total loss of $3.6 billion dollars, and the study estimates that organizations lose 5% of their revenues to fraud each year.

Fraud Categories

There are three primary categories of occupational fraud, which are asset misappropriation, corruption, and financial statement fraud. Frequently, fraud cases will see more than one type of occupational fraud occurring at the same time. Asset misappropriation involves an employee stealing tangible resources from an employer, like cash or inventory, and occurs in most of the cases reviewed by the study, at 86% of total cases. Asset misappropriations can involve billing schemes, check tampering, skimming, and payroll schemes, among others. Corruption cases are the second most likely type of fraud scheme to occur, at 43% -- corruption includes bribery, conflicts of interest, and extortion. Financial statement fraud, which occurred in 10% of the reviewed cases, occurs when a fraudster causes the intentional misstatement or omission from an organization’s financial statements.

Although financial statement fraud occurs the least frequently, the damage caused by financial statement fraud is the largest, resulting in median losses of $954,000. Median losses were $200,000 in corruption cases and $100,000 in asset misappropriation cases.

The Perpetrators

As individuals move up in an organization, their ability to commit fraud on a larger scale also increases. Owners and executives accounted for 20% of frauds in the study, but median losses associated with these individuals were $600,000, whereas frauds committed by staff-level employees accounted for 41% of cases, but only resulted in median losses of $60,000. Owners and executives have more of an opportunity to override controls and manipulate financial statements, thus resulting in larger median losses in the cases reviewed.

Similarly, the longer an employee was with a company, the more damage the fraud scheme caused; this is likely because the employee has more experience with the company and can identify internal control weaknesses. Fraudsters that had been with their place of employment for at least ten years caused a median loss of $200,000, which was twice as much as losses caused by those employed for one to five years.

Additionally, 72% of the perpetrators in the study were men, causing median losses of $150,000, compared to losses caused by women of $85,000. The study noted that 53% of frauds were committed by employees in the age range of 31 to 45 years old, however median losses were greatest among the age group of 60 and over at $575,000; this statistic is unsurprising, as owner/executive level employees tend to be older.

The Victims

Victim organizations were primarily for-profit companies, with 44% of the victims being private companies and 26% being public companies; both private and public companies suffered median losses of $150,000. Fraud cases reviewed for the study were spread out pretty evenly when it comes to the size of the organization, essentially at 25% each for companies with less than 100 employees, 100 – 999 employees, 1,000 – 9,999 employees, and 10,000+ employees. The most common industries reported as victim organizations for the study were banking and financial services, government and public administration, and manufacturing.

The study noted that while non-profit organizations represented only 9% of victim organizations in the reviewed cases and suffered the smallest median losses at $75,000, these organizations have limited resources, and thus any fraud losses can seriously impact non-profit organizations.

Many of the victim organizations did have anti-fraud controls in place; while these controls clearly do not ensure complete prevention of fraud, it is important for management to show commitment and investment in fraud prevention and detection measures. The most common anti-fraud controls identified in the study were external audits of financial statements, with 83% of victim organizations having this control in place. Other common anti-fraud controls are codes of conduct, internal audit departments, and management’s certification of financial statements. The study found that organizations with a code of conduct and an anti-fraud policy in place reduced fraud losses by 51%.

Detection

Most occupational frauds are detected by tips, with more than 40% of frauds being uncovered in this manner, which is nearly three times higher than the next most common detection method, internal audit. Employee tips accounted for 50% of the fraud tips, with customer tips accounting for 22% of fraud tips.

The most common reporting mechanisms for whistleblowers were telephone hotlines, e-mail, and web-based/online forms, and the top three parties that whistleblowers reported fraud to were direct supervisors, fraud investigation teams, and internal audit teams.

Notably, the study found that organizations with hotlines detected frauds more quickly than those without hotlines, and that median losses were nearly doubled at organizations without hotlines.

COVID-19 Benchmarking Report

The ACFE also conducted a survey from late July 2020 to mid-August 2020 to measure how COVID-19 was affecting businesses from a fraud perspective. The results from the survey showed that 77% of respondents observed an increase in the overall level of fraud, with 33% indicating that the increase has been significant. Further, 92% of survey respondents expect to see a further increase in fraud over the next year as a result of COVID-19. As many companies have now shifted to a virtual workspace, cyberfraud is the most heightened risk area for organizations, with 83% of respondents already noting an increase in cyber related frauds.

Respondents also noted that fraud prevention is now more difficult in the current environment; some of the challenges identified included the inability to travel, challenges in conducting remote interviews, lack of access to evidence, and canceled or postponed engagements or investigations.

It is more important than ever to protect your organization from occupational fraud. Risk assessments should be updated, and internal controls need to be reviewed and strengthened, and potentially revised to meet the new demands of the virtual workspace. COVID-19 has already negatively impacted many businesses, and it is important to remain vigilant in protecting your business from potential fraud that may arise due to the disruptions caused by the pandemic.