Clark Keeler, Director of Forensic Investigations, Corporate Governance, and Risk Management Practices, is a financial executive with broad experience in leading both finance and operations teams. He has proven his leadership capabilities in directing complex projects in diverse industries and organizational environments. His expertise is focused on identifying, mitigating and managing organizational and fraud risk, while improving existing infrastructure, systems and internal controls. He is a skilled strategist with a long track record of successfully helping clients assess risk, identify and implement cost and process improvements, and create new business opportunities.



Mr. Keeler’s practice emphasizes risk management through the integration of fraud prevention, strong internal controls with process improvements or design, and the optimization of internal financial systems.































Pages

Wednesday, April 14, 2010

For more than thirty years I’ve been investigating fraud: figuring out how it happened, tabulating the costs, repairing the failed internal control systems and consoling the victims. Although the case studies vary, there is one constant: it is always a surprise! Even worse, Management’s response is invariably the same: “We never saw it happening. We never thought he/she could do something like that.”

The economic losses are often significant. The emotional and organizational impacts are always worse.

That’s the way it is with fraud. It is an act of betrayal by your own employee, and, unlike other losses, you can never fully shrug it off as “just part of the cost of doing business.” It is far too personal.

Yet in most of these cases, the company’s leaders had never implemented serious fraud prevention measures. They had addressed their other business risks, routinely scrutinizing business operations from a cost/benefit perspective and making control decisions accordingly. They bought property, liability and D&O insurance, even though they did not anticipate losses. But when it came to fraud protection, their standard evaluation methods were somehow forgotten, and they blithely plunged ahead without noticeable concern.

Why Does it Matter?
It matters because fraud risk is a constant in the marketplace. It matters because fraud’s impact on American business is staggering. It matters because I’ve seen the impact of these cases on my clients. It matters because Management can make an impact.

The statistics are sobering, if not downright scary. The Association of Certified Fraud Examiners (ACFE) estimates that U.S. organizations lose 7% of their annual revenues each year to fraud. That is approximately $994 billion, based on the ACFE’s estimates. In nonprofits, fraud accounts for $40 billion in losses each year—roughly 13% of all philanthropic giving! The median fraud loss is $175,000.That equates to over 5.7 million fraud incidents a year (228,000 in nonprofits alone)!

Who is at Risk?
Everyone. The median losses are approximately the same in all businesses: large corporations, small companies, governments and nonprofits. Of course, the impact of that $170,000 loss is much greater to the small company or nonprofit. In fact, if you are a small business with less than 100 employees, the news gets worse, as the median loss due to fraud is closer to $200,000 (look for check tampering and fraudulent billing schemes).

Who has Been Wreaking This Havoc?
The greatest losses are perpetrated by managers or officers who have been with the firm for more than five years. They are usually working alone and have no prior history of illegal activities. Accounting departments commit 29% of all fraud, executives another 18%. When the executives are involved, expect the median loss to exceed $850,000! If that isn’t bad enough, the average fraud usually covers an 18 to 30 month period before discovery, so the perpetrator may already be working his craft at your expense.

Why tell you this? Because your external auditors won’t find it for you. The police won’t find it for you. In fact, you’re as likely to discover fraud by accident as you are to discover it through internal audit. You can’t make it go away. If you haven’t taken action, tips are your best, and maybe only, hope.

Ways to Mitigate Risk
The sad truth is that no one has figured out how to eradicate fraud. As defined in Cressey’s “Fraud Triangle ,“ there are three elements that have to exist for fraud to be committed: Need, Opportunity, and Rationalization. So, how do you address these elements? As a manager, you have little control over a potential fraudster’s perceived need. You have some control over the rationalization process, but not a lot (it is harder to justify stealing from someone you like and respect than from someone you don’t). However, you do have a significant ability to control opportunity.

So if you want to reduce the risk of fraud loss, there are a couple of routes open to you. You can passively invest in dishonesty types of insurance policies and/or bond your employees. Or, you can actively spend a little bit of time improving your internal controls and internal auditing capabilities. Both solutions can reduce your financial risk. However, only the improvement in internal controls will reduce the likelihood of the fraud occurring at all, or at least allow you to detect it earlier.

Common Anti-Fraud Controls
In the fraud cases studied by the ACFE, lack of adequate internal controls was most commonly cited as the factor that allowed fraud to occur. In 78% of those cases, the victim organizations modified their anti-fraud controls after discovering that they had been defrauded.

There are fifteen common fraud-related controls that have proven effective at reducing the cost of fraud losses. Implementing job rotations and mandatory vacations, for example, reduced the median cost of fraud loss from $164,000 to only $64,000 which is a 61.0% decrease. You can review all of these in the ACFE's 2008 Report to the Nation.

Put some of these in place and it will make a difference. However, don’t confuse anti-fraud controls with SOX-related internal controls! Sarbanes-Oxley was passed in response to several large financial statement fraud schemes and is targeted toward preventing and detecting financial statement manipulation. Although those frauds are by far the most expensive, they are not the most prevalent. In fact, seven other categories of fraud (corruption, billing, skimming, non-cash, check tampering, expense reimbursements and cash on hand) are more frequent. If your goal is the reduction of all types of fraud, then the controls above will benefit you the most.

The Choice is Yours
You can buy insurance policies that will reduce the financial risk of a potential fraud. You pay a premium, take out a deductible and hope you are lucky. Or, you can invest some time (the labor premium) to strengthen your internal controls, and reduce both the likelihood of occurrence as well as the financial risk. Maybe if you do a little of both, you’ll rest easier and be better protected.

Prevention, deterrence and detection are the basis of risk management…and the basis of good business strategy. Don’t let fraud be the one risk you ignored.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)