Hardly a day goes by where we don't see news reports about employee theft, fraud or embezzlement, whether in a public or private company, government agency or local municipality. Often the illegal acts go unnoticed for months or even years. And if small- and mid-size employers believe they're only isolated incidents in large public companies, think again.
According to a 2014 survey conducted by the Association of Certified Fraud Examiners among investigated cases between 2012 and December 2013, organizations around the world lose an estimated 5 percent of their annual revenue to occupational fraud totaling more than $3.5 trillion. The median loss to a business was $145,000. Businesses with fewer than 1,000 employees account for more than 52 percent of the total number of reported cases.
Mueller & Co., LLP, a CPA and management consulting firm specializing in serving private and public companies, nonprofits and local governments, has seen firsthand the financial damage and reputational harm fraud can cause. Our close relationships with our clients provides deep insights into the operations, culture and environment of small and middle market companies, which uniquely positions us to understand our clients' needs when pursuing these "fraudsters."
Whether it is commercial corruption, embezzlement, or financial misappropriation, there is a fundamental need for the fraudster to conceal abnormal transactions or else face being caught. Their concealment efforts leave important indicators within the organization's accounting information system, but those indicators often are missed due to the fraudsters' ability to mask their activities, or because the organization's staffing levels are insufficient or incapable to properly monitor the organization's operations.
Given the constraints small and middle market companies face, an ability to deploy an active reporting system, as opposed to traditional passive reporting processes, may alert management to potential issues more timely and provide for more dynamic monitoring systems that will assist in outing the fraudster.
The ACFE reports that 43 percent of all of the identified detection methods rely on the use of business records in one form or another. The median length of detection is 18 months with the size of the fraud increasing with the duration of the fraud. Through the implementation of a Continuous Auditing and Monitoring solution, businesses can design an active reporting system where individual transactions, patterns of transactions, or other conditional elements could trigger alerts and other notifications to help spur analysis and action.
Inexpensive Technology Tools to Prevent Fraud Are Readily Available
While technology exists to support continuous auditing and monitoring, many of those solutions cost in the tens or hundreds of thousands of dollars in hardware, software, and implementation costs, which are not practical for many companies. Using widely available and inexpensive data processing software such as Excel, Access, IDEA or ACL for the small to medium databases, and SQL Server on the larger systems, companies can efficiently and accurately analyze data from many sources while providing easy to learn programming and scripting tools for sustainable transaction testing procedures. Combined with a "dashboard" and active reporting options, these solutions can be installed on standard servers, desktops, and laptops with little to no advanced configuration required.
Continuous monitoring and auditing processes increase the speed of information availability and alerts responsible parties closer to the occurrence of a potential fraud, which allows employers to take action to determine if a fraud has occurred, preserve assets and evidence, and minimize its exposure and loss. By using these widely available, inexpensive technologies, companies can internally develop an effective monitoring and reporting capability while increasing their ROI on their accounting and management information systems.
Keys to Success: Combining Strong Audit, Data Transfer and Analysis Expertise
In developing oversight and monitoring teams within companies, we have found that finding the right people who can develop and manage resources and tools are key to fighting fraud. They must be versed on audit methodologies and have the operational expertise to be able to understand the flow of data from the initial trigger to the escalation of a fraudulent event to senior management. In addition, companies will need to develop processes for transferring data from live production systems to database warehouses.
The end game for businesses in keeping the cost-benefit ratio in balance in the fight against fraud comes down to the same fundamentals that make any business great: gain insight and respond quickly to risks and opportunities while creating a culture and system of excellence.
About the Authors
Michael Manning is director of the Risk and Controls Services Group and Brian Sullivan is partner for Mueller & Co. LLP, a certified public accounting and management consulting firm and one of Chicago's top 20 CPA firms. Mueller specializes in serving private and public companies, not-for-profits and local governments. For more information visit www.muellercpa.com.