Employee fraud may not be the number one concern that keeps CFOs, CROs and CAEs awake at night, but it can be a significant drain on the bottom line and have a number of other negative impacts on an organization.

The most recent edition of The Association of Certified Fraud Examiners (ACFE) “Report to the Nations on Occupational Fraud and Abuse,” issued in 2012, states that the median loss of each instance of employee fraud in their study was $140,000. More than one-fifth of these cases caused losses of at least $1 million. Even in a large, multi-billion dollar organization, that amount is significant.

The financial impact aside, there is usually another negative impact, potentially even more serious, resulting from both internal and external awareness of repeated instances of fraud. Internally, this can lead to low morale and a “me-too, as everyone else is doing it” mindset. Externally, it can significantly damage an organization’s brand and reputation.

[contextly_sidebar id=”c97b3e446861e418ac24597e9ff52b39″]

Even in a generally well-run company, fraud still takes place. According to the 2012 ACFE report, an average organization loses 5% of its revenues to fraud — a staggering sum.

So what can senior management do about this problem, which is toxic, even if actual losses are far less than the ACFE statistics? Most organizations start by ensuring that there is an appropriate tone at the top, clearly defined ethical policies and well-designed controls. There seems to be a trend in many organizations, particularly those within the high-performance category, to assume that fraud only happens elsewhere. The reality is that people are fallible and there is always going to be at least one bad apple. Policies will be ignored, and controls are never perfectly effective.

According to the ACFE report, the majority of asset misappropriation occurs in the procurement, payment and expense areas. This is where most organizations start monitoring activities. In fact, by analyzing transactions in these areas (such as with continuous monitoring systems that are driven by data analysis), it is usually possible to test for a wide range of employee fraud schemes, as well as bribery and conflicts of interest.

Here are five areas in which employee fraud commonly occurs:

Potential fraud risks include (a) an employee initiating purchase orders (P.O.) for goods and services that are diverted for personal use and (b) an employee setting up a “phantom” vendor account, through which fraudulent invoices are processed and payments are made to the employee.

In these situations, fraud tests can detect if the same individual both enters and approves a P.O. or if an individual enters or approves multiple “split” P.O.’s, just under an authorized limit. Other evidence that can be discovered includes whether the delivery address for goods or services is the same as an employee’s, whether the goods being purchased are typically consumer items, or whether the vendor master file information (address, bank account, etc.) is the same as that of an employee.

Corporate Credit Cards
A common fraud risk is an employee using a corporate credit card for personal gain instead of legitimate corporate purchases or travel and entertainment expenses.

Fraud tests can detect purchasing cards (P-Cards) being used to acquire goods and services from vendors with suspect merchant codes (e.g., home supplies, personal entertainment, etc.) and corporate cards being used by employees on weekends or while the employee is on vacation. Additionally, tests can determine whether fuel is purchased in unusually large quantities, mileage charges are made in the same period as rental-car charges, and corporate-card transactions are approved by the card holder.

Payroll fraud can consist of (a) “phantom” employees being set up on payroll systems; (b) excessive overtime payments; and (c) employees remaining on the payroll after death or termination.

Tests can detect if there is more than one employee with the same bank account details or the same address. In addition, they can find invalid address information for employees, invalid social security numbers, unusually high overtime amounts, and payroll payments made to employees who were terminated or deceased according to HR records.

Sales and receivables
Some potential frauds include (a) employee collusion with vendors and (b) sales representatives inflating sales to achieve higher commissions and bonuses.

Fraud tests can detect customer accounts with exceptional credit terms; customer accounts that have unusually large or frequent credit memos; customers receiving unusually large discounts; customers returning goods without corresponding adjustments to sales representatives’ commissions; and sales shipment addresses that are the same as an employee’s address.

Information systems and critical data
This kind of fraud includes (a) employee theft of critical data and (b) employees providing corporate data to external individuals.

The right tests can discover databases accessed by individuals without appropriate authorities and reports  generated by individuals without appropriate authorization. Similarly, fraud tests can detect customer accounts with exceptional credit terms and network logs that indicate unauthorized copying and movement of data files. Tests can also help discover if email attachments include sensitive data.  

John Verver is vice president, product strategy and alliances, at ACL, an audit and risk management technology solutions firm.

, , , ,

21 responses to “The Top Five Areas to Monitor for Employee Fraud”

  1. This is all good information. However, one of the key elements of the ACFE’s 2012 report were the top controls company can implement in detecting and reducing fraud. Too bad a paragraph at least mentioning the top five controls was not included here.

  2. At the end of the day if there is top management override of controls, then whatever may be the scenario, it will be difficult to detect and report fraud

      • Whistle blower policies are no good and provide a false sense of security. People who blow the whistle on anything are more likely to suffer harm than those doing the wrongs. In today’s world, crime pays for those at the top.

        • Jaded response, at best. Policies, in general, are only as good as those enforcing them (management) and those testing them (audit).

  3. This is great. But I will like to contribute on other key areas which are not discussed in this write up.In banking business, there are cash suppression, collusion, diversion ,fictitious facilities and finally, the organization risk culture and top management style .

    Employee may use cash collected from customers for personal advantages,and two or more employees may collude to defraud the organization or her customers by hide vital information and records.Credit Facilities may also be given and disbursed to non existing customers accounts, and sometimes, customers may be misinformed in order to divert fund in their accounts due to personal interest of the employees .Any organization where to management frequently over ride the policies/controls is also exposed to fraudulent activities.

    • Great write up Ajibade,

      Just to add to your points stated, some relationship managers will deliberately not perfect the collaterals, hence, the credit is bad right from inception for their own financial gain.

      What of Management Fruad? From the top, that the resident control officer cannot do anything about it?. Well, we know that fraud cannot be completely eliminated, but it can be reduced to bearest minimum.

  4. Unfortunately, one of the difficulties is that so often top management is involved in the fraud. This is particularly true in small, closely held companies. I recall two instances as an employee and one as a consultant where I discovered fraud and each time an owner was involved. One of them involved inventory, and I have wondered how the CPA firm that audited the company missed it for 7 years in a row. Coming in as a consultant for just a brief time I detected it with a few simple tests. Of course, that has also raised the question as to whether the CPA firm was aware, especially since inventory observation is rather standard during an audit.

  5. Well , these are normally risks attached to any business activity. However, with closer monitoring by management, these are preventable/detected early. Top 5 controls on these must be debated. If good accounting manuals are implemented in every company based on need, occurrence or scope for any such possibilities can be minimized. Professional bodies regulating accounting profession must play greater role in guiding managements…..

  6. Frauds by employees have been well discussed. Independent auditors have a larger role to detect and identify frauds perpetuated by Managment. Such Frauds are more difficult to detect. Use of data mining techniques and comparable with peers would unearth sham transactions.

  7. The biggest frauds are committed by those at the top. Sure the little guy gets some, but let’s get real, big dollar fraud occurs at the top level so all these articles about employees have been said time and again. How about articles discussing the strategies of fraud committed by Boards and Top Management. Now that’s an article I want to read.

  8. Fraud in large publicly held companies usually will not sink the company. There are exceptions of course like Enron & World Com just to mention a few. But it’s fraud among non-profits and small to medium size businesses that can have a staggering impact on their ability to survive. It’s really shocking when you find out from the Report to the Nations that churches are so often victims. Fraud perpetrated by top management is very difficult to detect. However, there are plenty of frauds perpetrated by bookkeepers and accounting managers. One count point to the infamous case of the City of Dixon, Il. Need I say more?

  9. It’s all about establishing controls. Having the same person issue payments that approved the PO is maybe not a great idea. This is where an experienced accounting professional can be really useful to a small business owner – setting up the appropriate controls from the start so that the potential for fraud or abuse is minimized.


  10. Employees pose as assets and also as threat if they are not monitored properly. If you think that there is no need to monitor senior staff and only culprits are the lower band employees, than this mindset can result lead to employee thefts and crimes. Very nice article as it brings a crucial view across with statistics. There is a need for networking monitoring of all PCs in a company or organization so that employee’s activities, tasks, websites visited, file/folder changes and much more are remotely handled by an administrator. One such software that comes to mind is Net Orbit( http://www.net-orbit.com/ ) which is an application for small and big companies, schools and labs.

  11. Employee theft of retired computers is the most overlooked aspects of data security. Insiders (usually IT staff) take retired assets that supposed to be handed to a disposal vendor for proper processing.

    The value of the stolen hardware is not the issue. Consequential damage from a data breach is the issue. Even a small breach will cost more than $1 million dollars.

    Here is a simple challenge for any fraud professional…a very straight-forward test: account for every asset retired this year.

    In other words, compare an inventory of assets that your organization claims to have retired, to the corresponding inventory your organization’s disposal vendor claims to have received.

    Of course procurement is an area ripe for fraud. Organizations would be wise to adopt a process of reverse procurement™.

    If an organization purchased 100 servers and only received 99, procurement professionals would demand accountability. That same organization should demand at least the same level of accountability when it retires the 100 servers, particularly when protected data is involved.

    /Kyle Marks

  12. Or maybe you take another approach to retired computers. In our company we invite employees to take old computers home but before they leave the property they have to wipe the hard drives of all existing data. Not just erase – our IT team has some sort of software that overwrites the disc so it can’t be recovered.

    We are a small company and recognize this won’t work for everyone, but it works for us.

  13. On the topic addressed in this article on staying ahead of the game by monitoring specific areas for employee fraud, among the top 5 areas where employee fraud commonly occurs included purchase-to-pay, corporate credit cards, payroll, sales and receivables, and information systems and critical data. While it is essential to monitor in these areas to stay ahead of fraud, we find the action that follows monitoring is key to successfully fighting fraud and compliance efforts in general.

    First we have to validate the findings to avoid false accusations. For bona fide fraud we have to open a case and typically invoke other departments such as HR and legal. For relatively minor policy infractions (think abuse as opposed to fraud) an email to the transgressor and their manager will correct the behavior and let it be known that you’re watching. These transgressions should be tracked through time so that repeat offenders can be identified and stringently addressed.

    If you’re not acting you might as well not monitor either. Both activities must be done on an ongoing basis to be effective, as spot checks and samples will most likely miss fraud. To perform this at scale, leverage technology to make it efficient.

    – Patrick Taylor, CEO, http://www.oversightsystems.com

    • I completely agree with Patrick Taylor’s comment about the importance of the follow up process, once indicators of fraud and abuse are identified. One of the first steps is to determine whether the exception that has been identified is a “false positive” or likely to be fraudulent.
      Technology can also play a vital role in supporting the entire subsequent process to help ensure that appropriate follow up procedures are performed. This usually involves some form of pre-determined workflow, depending on the nature of the fraud indicators that are identified by the fraud monitoring system. For example, certain types and sizes of “exceptions” can be prioritized for immediate review by an appropriately senior individual. Once an exception is determined to have a high probability of being fraudulent, the issue can be automatically routed to the fraud investigation department, HR and legal – as needed. Overall dashboards can keep track of the status of all issues that have been identified and are being processed through the system.

      I also agree with earlier comments suggesting there could be more critical areas to monitor for potential fraud, including instances in which senior management is involved. The techniques of using data analysis to monitor transactions can be used in a wide range of different areas, all based on the premise that “the truth is in the transactions” – in other words, no matter what controls are meant to be in place it is by examining what has actually occurred that instances of fraud, error and abuse can very often be identified.
      Ideally, any fraud monitoring system should also operate in the context of an overall risk management system. This provides for the identification of those areas that are most likely to be high risk for fraud and helps to focus efforts on those areas of greatest concern, which may vary greatly depending on the industry. That said, there is often “low-hanging fruit” instances of fraud that can be rapidly addressed by implementing analytics in the more standard areas of procurement, payroll, T&E etc

  14. A pretty great post. I would like to say that employee monitoring is really needed to every workstation. Employers may try EaseMon. It is more effective than others.

  15. I own a small business and just found out an employee has been invoicing customers offering a cash discount, and keeping the money. Now he opened his own business and actually took one of my largest customers. BESIDES firing him, what else can I do?

Leave a Reply

Your email address will not be published. Required fields are marked *