According to the 2024 Occupational Fraud Report by the Association of Certified Fraud Examiners (ACFE), organizations lose 5% of revenue to fraud each year. Fortunately, the presence of anti-fraud controls is associated with both quicker fraud detection and lower fraud losses.
Fraud schemes can take many different forms depending on the access and opportunities a perpetrator has within the victim organization. Strategically addressing fraud risk by individual function can help organizations implement the necessary controls to prevent a wide variety of common fraud schemes.
Fraud Risks by Function
Cash
Theft of petty cash is one of the most obvious ways that fraud can occur. Installing surveillance cameras in areas where cash is stored can be an effective way to prevent this. Skimming is another common type of cash fraud. Skimming involves pocketing cash before it’s recorded in the books. Common controls to prevent skimming include separating the billing and collection function, comparing revenue to inventory values and including outstanding balance reconciliation on invoices to repeat customers.
Payroll
Commonly, payroll schemes include falsifying earnings by overstating hours worked, claiming unearned overtime or increasing wage and salary rates within the payroll system. Detailed reviews of payroll registers and payroll system audit logs can help spot these errors quickly. Creating ghost employees within the payroll system is another type of payroll fraud. To help prevent this, periodically distribute physical payroll checks and regularly review employee data for duplicates. Employees may also commit payroll fraud by falsifying commissions and overstating sales made. Ratio analysis for receivables and bad debt may help uncover this.
Disbursements
The accounts payable (AP) function is very broad and cash disbursement fraud schemes pose a persistent threat to organizations of all sizes. These may involve billing, check tampering, wire transfer and electronic payments, and kickback schemes. The best protection against fraudulent disbursements is segregation of duties across purchasing, receiving and payment functions for any type of disbursement so that no single individual can complete all steps.
Expense Reimbursements
Expense reimbursement schemes fall under the category of fraudulent disbursements but deserve special focus because of the frequency at which they occur. Employees may submit invoices or receipts for reimbursement of personal, extravagant or otherwise inappropriate expenses, overstate expenses, create fictitious expenses or submit duplicate requests for reimbursement. All of these can be prevented by establishing thorough policies and procedures for approving, incurring and substantiating the purpose and timing of business expenses.
Inventory
Company funds aren’t the only asset at risk of fraud. Theft of inventory may be concealed by falsified inventory counts, phantom inventory or claiming spoilage or loss. To help prevent fraud in inventory, ensure that responsibilities for inventory management, receiving, recording and reconciliation are divided among different employees.
Financial Reporting
Financial statement fraud is the least common type of fraud scheme, but also the costliest. Financial reporting fraud involves misrepresentation of the financial condition of an organization through the intentional misstatement or omission of amounts and/or disclosures in the financial statements to deceive financial statement users. Establishing strong internal controls, following appropriate accounting standards, conducting external audit or financial statement reviews and establishing an audit committee within your organization can all help prevent financial statement fraud.
Cybersecurity
While cyber breaches are usually perpetrated by external actors, they often occur with cooperation from the inside—your people or your weak controls. Common controls include user access management; segregation of duties, change management and audit logs; whistleblower mechanisms and incident response plans; training and awareness; and SOC certifications.
Other Fraud Protection Tips
Identifying risks, assigning responsibility for mitigation, designing controls and evaluating effectiveness can’t be done overnight or in every functional area simultaneously. In the meantime, the following tips can help you mitigate fraud within your organization.
Create and communicate a path for reporting anonymous tips
43% of the frauds reported by the ACFE last year came to light because of tips. Proactively creating a phone hotline service, dedicated email address or web form can all help organizations identify fraudulent activities. Whatever method you choose, just make sure it protects the identity and safety of the reporter.
Establish an Internal Audit Function
The second most common method of detecting fraud is through internal audits. Whether an individual, department of external provider conducts the audit, ensure they are up to date on the new Global Internal Audit Standards—effective January 9, 2025—and that they stay independent of management.
Examine Procedures Around Documentation and Reconciliation
Older organizations often let their procedures around documentation and reconciliation become outdated. When bringing them up to date, make sure that you have adequate segregation of duties and clear responsibilities outlined within them. Once issued, create a system for keeping them updated and accessible.
Document and Enforce Regular Management Review
Whenever your policies and procedures documents call for management review, make sure that specific steps for that review are outlined. Also, be sure your policies and procedures hold managers accountable for completing each step of their review responsibilities
Develop and Communicate an Anti-Fraud Policy Through Anti-Fraud Training
An anti-fraud policy is exactly what it sounds like—a document that identifies the stakeholders in your organization, their responsibilities to prevent, detect and report fraud, and describes the controls in place that uphold the security of information and safe custody of resources. Once published, an anti-fraud policy should be communicated to and acknowledged by employees at least annually. This can be done via live or recorded anti-fraud training.
Leverage Your Human Resources Function to Identify and Reduce Risk Factors
More than 80% of the time, fraudsters exhibit behavioral red flags that are risk factors for fraud. The most common of these are living beyond means, personal financial difficulties and close relationships with vendors, especially for personnel in operations, sales and accounting. Offering an Employee Assistance Program (EAP) can double as a fraud control, giving would-be perpetrators an avenue to pursue confidential help before they turn to plundering company resources.
Review These Components Annually at the Board/Executive Level
Appropriate governance includes the consideration of risk to the organization. If your Board of Directors or finance committee has never had a comprehensive discussion about fraud risk, now is the time. Consider including it as an agenda item at your next meeting.
While this list is far from comprehensive, preventive actions like these can help your organization guard against fraud and send a message that fraud, waste and abuse will not be tolerated.
About the Author
Brian Lafountain is a Partner at The Bonadio Group. He leads Transportation Advisory Services (TAS), one of The Bonadio Group’s consulting businesses. TAS is the nation’s largest dedicated student transportation consulting operation, with over 550 clients in 22 states. Brian is also a partner in the firm’s Fraud and Forensic Accounting services to public and private clients. He has spent over 20 years in public accounting and internal audit services, helping safeguard his clients from fraud and abuse. A court-recognized expert, Brian also provides expert witness testimony and litigation support services in an advisory capacity. Brian can be reached at [email protected] and at our company website www.bonadio.com.
