Posted by Steve Wilcox on Wed, Aug 05, 2009 @ 10:04 AM
Question: What is the #1 reason why people cheat?
Answer: Money.
So it looks like David Ortiz and Manny Ramirez are on "The List" of players who used performance-enhancing drugs (PEDS) in 2003. Big, BIG news here in Red Sox Nation as it kinda taints the 2004 and 2007 World Series Championships.
Or does it?
Every power hitter from 1988 (and probably earlier) likely used steroids. Ortiz' career highs in HRs and RBIs were in 2003 after very average stats in his earlier years with Minnesota. Is it really that surprising that Big Papi started "juicing" before he became "good?"
The Ortiz story is a bummer but I am not naïve. Afterall, what sport is clean? I believe that most professional athletes dope. It's the only way to survive as a pro. If you do not dope, you will probably be out of a job sooner rather than later. The sad truth is that there is an undeniable economic attraction to steroids in professional sports (see Economics of Steroids). The more homeruns you hit, the more you get paid! Duh.
I am not shocked that cheating happens in pro sports where livelihoods and millions and millions of $$$ are on the line. Here is what I am shocked about -- cheating happens in youth sports too. I thought youth sports were different ... until this past week.
I am not necessarily talking about PEDs being used by middle school teens (which would be truly shocking) but cheating by coaches in particular. Let me explain.
At camps and youth leagues, most of the scoring and time-keeping is done by biased parties such as parents and/or coaches. It's an honor system. For example, at a basketball camp I recently attended, games were managed by one coach keeping track of the clock while the opposing coach kept track of the score. Since it is a summer camp, you just assume the other coach is trustworthy.
So here's the quick story - in a close game where I had the clock and the other coach had the score, the other coach blatantly cheated by not counting our baskets. We are talking not just 1 or 2 points but 10 POINTS! Yup, we scored 10 points that he didn't record. All the kids knew it. This coach wanted to win a summer camp basketball game so badly that he cheated. I was stunned. What was this coach thinking??? Did he think nobody would notice? The really sad part (for him) is that, from now on, whenever I (or the kids on my team) see him, the first thought that will go through my mind is "that guy is a cheater."
This story is a classic case of a conflict of interests where responsibilities should be segregated. The person keeping the score shouldn't be one of the coaches! But the situation was unavoidable because everyone is busy and there are just not enough extra non-biased folks to keep the score and time.
This lack of resources leading to conflicts of interest is a common situation in AP.
In AP, there are many conflicting duties which should always be segregated:
-
the person entering the invoice should not approve the invoice
-
the person who sets up a vendor should not enter the invoice into the ERP system
-
the person who approves the invoice should not audit that same invoice
-
etc.
There are many AP examples where duties should be segregated. The problem is that most finance departments constantly have pressure to do more with less. But to follow segregation of duties to the letter, you need enough staff which isn't always a luxury - especially in these economic conditions.
As I wrote in a previous blog post, here is where AP automation can help:
"With workflow software, you should have complete visibility into the AP process as the invoice transitions from one step to the next ... the AP system should track all changes maintaining a comprehensive audit trail of what was performed and by whom for all prior steps.
With workflow, limited headcount can still allow for segregated duties since segregation can be enforced at the transaction level instead of the job role level. Employees can still be cross trained and allowed to perform multiple functions as long as they don't perform conflicting duties on the same transaction. For example, an AP Specialist could both enter invoices and also setup suppliers as long as there is no conflict on each and every transaction.
This transaction-level segregation can be enforced by the workflow software which allows you to move away from restrictive job role controls ... rather than limiting what functions employees can carry out as part of their jobs, this approach allows enterprises to boost productivity while mitigating the business risks."
With fraud rising (see Managing Risk blog entry), transaction-level segregation is a great way to catch cheaters. In fact, it is probably THE best way to prevent cheating in AP that could cost the company significant money.
-Rakesh Shukla
@rakesh170
Related White Papers
Related Blog Posts
Posted by Steve Wilcox on Wed, Jun 24, 2009 @ 08:43 AM
I had a very enjoyable Father's Day ... unlike 2 years ago. You see, in 2007, instead of enjoying a relaxing brunch with my family like most normal fathers do, I wanted more thrills and excitement, so I entered a bike race!
On the very final sprint in the last 200 meters, I crashed ... very badly.
The unspoken truth in the cycling community is that racing is very dangerous. Riding at very high speeds in a tight shoulder-to-shoulder pack gives you very little reaction time if something goes wrong. You must be alert as possible to the sudden movements of other riders, road conditions, upcoming turns, etc. You have to constantly manage and assess the risks ... and especially be aware of riders who might do something stupid and then play it safe and avoid them ... even if it means losing the race.
To make a long story short, I did not manage risk very well on Father's Day 2007 and ended up paying dearly. During the final sprint, a reckless 20-something kid swerved up beside me outside the yellow line (you are not supposed to cross the yellow divider line on the road for obvious safety reasons). I knew this kid was dangerous because he had been riding erratically the whole race. The prudent thing to do would have been to hit the brakes, give up any chance of winning and let him go past me. But noooo, I stubbornly held my position because I felt strong enough to win the sprint.
That is the last thing I remember.
I woke up in the ambulance with a concussion, some very serious lung contusions, a broken shoulder blade and some very nasty road rash all over my body. To this day, I still have absolutely zero memory of what happened but witnesses said that as my front wheel was clipped (i.e. I was cut off), I did a spectacular flip in the air and landed on my head and shoulder ... at close to 40mph. Apparently, it was a bad pile up -- another guy in the ambulance had lost all four front teeth!!!
Lying in the hospital bed, my 7 year-old daughter's reaction to my injuries struck a deep chord -- I realized how lucky I was to still be alive and not be paralyzed ... things could have been a lot worse.
My Father's Day bike crash is a story about poorly managing risks and paying the costs. The economic crash is also a story about poorly managing risks (see blog entry here). After most crashes, regardless of the type of crash, risk management becomes a priority. So, in today's tough economic climate, it's no surprise that managing risk has become a top priority; especially for CFOs:
My
In the business world, risk is managed with strong internal controls. In fact, strong internal controls optimize business performance. Here's another way to think about it -- controls are like brakes. Brakes allow you to go faster. If a bike didn't have brakes, how fast could it really go? Of course, you also have to be willing to use the brakes! Strong internal controls, like brakes, allows a business to put the foot on the accelerator and aggressively reduce costs without increasing risk.
With the unemployment rate at its highest level in over three decades, it is clear that companies are simply trying to survive by cutting expenses and laying off workers. Individuals whose homes are declining in value and whose retirement assets have been wiped out are also trying to survive. Many are becoming desperate. It is not surprising that occupational fraud is increasing. It's a vicious cycle where losing valuable assets to fraud may push a struggling company perilously close to insolvency which, in turn, increases the risk of fraud.
And fraud is on the uptick.
In a recent Special report on Occupational Fraud by the Association of Certified Fraud Examiners (ACFE), more than half of the Certified Fraud Examiners (CFE) surveyed said the frequency and dollar amount of fraud is increasing:
"The message to Corporate America is simple: Desperate people do desperate things," said ACFE President James D. Ratley, CFE. "Loyal employees have bills to pay and families to feed. In a good economy, they would never think of committing fraud against their employers. But especially now, organizations must be vigilant during these turbulent times by ensuring proper fraud prevention procedures are in place."
From the 2008 Fraud Report to the Nation, we already know that over half of all fraud incidents are AP related. This leads to some serious implications for AP:
- Layoffs are affecting AP's internal control systems... Most in-house fraud examiners reported that because of layoffs, some internal controls procedures were eliminated.
- Fraud levels will keep rising... Almost 90% of fraud examiners expect fraud to continue to increase during the next 12 months.
But the recession is affecting more than just increased fraud risk. AP staff cuts that are not coupled with process improvements will inevitably lead to more mistakes and errors.
How is risk being mitigated in your AP processes? Is a fraud or accounting crash lurking around the next corner?
AP Automation can reduce risk because it simplifies and centralizes processes and most good solutions have preventative controls that are automated.
Here are some of the specific ways in which AP Automation strengthens controls to manage risk and prevent fraud and errors:
- Robust Approval Framework
- Segregation of Duties
- Automatically enforced at the transaction level
- Automated Enforcement of Policies and Procedures
- Properly Maintained Transaction Backup
- Internal and External Audit Support
-Rakesh Shukla
@rakesh170
Related White Papers
Related Blog Posts
Posted by Steve Wilcox on Fri, Mar 06, 2009 @ 10:59 AM
Yup, that's an outhouse.
What if you used Google Maps to view a vendor address and it turned out to be an outhouse?!? Alarm bells would probably go off in your head that an unscrupulous "vendor" was trying to swindle your company.
Nat Goodman used this outhouse example in this past week's webcast on preventing AP fraud. As we discussed in the last blog entry and according to Nat:
"Every addition or change to the vendor master should be verified to approved documents [such as updated W9s, contract amendments, verified correspondence, etc]. That means approval and support before keying AS WELL AS verification to file changes AFTER processing. In order to avoid duplicate vendors on file, be particularly careful about how the vendor name is keyed with consistent naming and keying conventions."
Vendor addresses should be treated particularly carefully. Again, according to Nat:
"We need to guard against false addresses that can be used to embezzle funds. However, we are not only concerned with phony vendors but we want to confirm that the vendor appears to be a business person with legitimate qualifications to perform the work or provide the goods. Switchboard.com and Yellowpage.com have business and residential listings. Mapquest.com is great way to view a property. Many consultants/service providers work out of their home. Here is an opportunity to view their home. If they have an outhouse on the property you may think twice. If a goods producer lists an address on a vacant lot, a red flag goes up and you may want to check further."
Bottomline ... all new vendor addresses or changes should be carefully verified. With Google Maps or a similar tool, it's easy to check a vendor's office or location.
-Rakesh Shukla
Related White Papers
Related Blog Posts
Posted by Steve Wilcox on Tue, Feb 24, 2009 @ 12:15 PM
For the past month, my blog entries have been focusing on AP Fraud. It's a fascinating subject and I just scratched the surface. If you want a true expert's take on AP fraud, Nat Goodman, President of Goodman and Associates, focuses on how to prevent procure-to-pay fraud through practical advice on how to tighten internal controls, prevent malfeasance, stop theft, detect red flags, and safeguard company assets for 5 vulnerable P2P processes:
- risk-mitigating tips for maintaining the master vendor file
- susceptible areas for p-card purchasing
- solid techniques for properly accounting for airline flights
- challenges and solutions for recording/accruing of expenses
- hard lessons learned for payment execution
Without stealing Nat's thunder, let me give you a preview of the first bullet point about master vendor files. How vulnerable is your vendor master file?
Be honest.
Nobody enjoys maintaining a clean master vendor file. It is tedious work that is often overlooked. And yet poor internal controls for vendor files can lead to massive AP frauds.
A very recent case in point is the $2.5M billing fraud in Utah where the bank account information for a legitimate vendor (an insurer) was changed (to a fraudulent bank account) ... without any verification. Fraudulent invoices were then submitted and paid to the fraudulent back account. The thieves stole $2.5M before getting caught.
According to Jon Casher, another AP industry expert:
"It's a very simple process to change the bank routing number and account number for payments being made via ACH. In the Utah case, the change was probably made without verifying that the new account number belonged to the insurance company. To prevent such problems from happening, all changes to the vendor master file should be reviewed and verified.
-Rakesh Shukla
Related White Papers
Related Blog Posts
Posted by Steve Wilcox on Wed, Feb 18, 2009 @ 03:05 PM
Today, I will present some more very interesting case studies of AP Fraud that highlight the risks of poor Travel & Expense (T&E) controls.
Fudging travel and entertainment facts on expense reports is so pandemic that practically everyone in the business world has heard tales of abuse:
-
the manager who turns in all his reports religiously - once a year;
-
the executives entertaining a client who each submit the total bill for reimbursement;
-
the advice of an old hand who counsels, "Subtract the cash you come home with from what you left with and call it ‘cabs.'"
A few years ago, T&E fraud made above-the-fold news when the head of Yale University's International Institute of Corporate Governance, the once-heralded, now-disgraced Florencio López-de-Silanes, was asked to step down when it was discovered that he double-billed the university to the tune of $150,000 for one year's travel expenses. Perhaps the most bizarre aspect of this story is that López-de-Silanes, a tenured finance and economics professor also employed by the World Bank as a governance consultant, submitted an entire year's worth of reports at one time. It's hard to determine what is more appalling: that a crusader for better corporate governance would try to fleece his employer, or that a distinguished professor of the Yale School of Management was not aware that withholding material liabilities was a red flag in any accounting era, much less the high-alert atmosphere of SOX compliance we live in today.
As the case of the globetrotting López-de-Silanes illustrates, the high cost of international airfares makes them a prime target for T&E finaglers. Consider the case of Open Traders, as related by Nathaniel Goodman of Goodman and Associates, a leading authority in AP best practices. Open Traders, headquartered in Minneapolis, was a consulting firm specializing in international trade. Among their far-flung client base was The Moon Group, based in Singapore. The cost of business-class airfare - one of the perks of the trade - from Minneapolis to Singapore ran to about $4,000, compared to a considerably slimmer $1,500 fare for the same route in economy class.
Each consultant was responsible for arranging his own travel with the airlines, billing the charges to a corporate American Express card. One day, as Goodman tells it, a Mr. Jim Krebs made a last-minute change to his plans to visit The Moon Group, bumping up his departure date by a day, with the result that the airline couldn't honor his business-class seat for the earlier flight. Accordingly, the airline issued a $2,500 refund directly to Krebs. The original credit card receipt still read $4,000, and this is what Krebs submitted with his expenses. The Moon Group, in turn, was likewise billed for the full fare. The $2,500 fit snugly into the pocket of Krebs, who not only rationalized his actions - why shouldn't such a highly paid professional be able to choose how he spends his travel "allowance?" - he proselytized, encouraging others in his firm to bilk their clients along with him.
Krebs' craftiness came to light because his own sense of self-justification led him to broadcast his skimming tactic rather than submerge it. Without his self-incrimination, and assuming no change in internal procedures or auditing practices, it's doubtful Krebs' personal bonus program would ever have been detected. Such shenanigans couldn't hide from a system that could permanently attach all travel back-up documentation, including electronic scans of boarding passes, to their respective expense reports. Such a system makes it possible for whoever approves reports to easily view all back-up prior to approval, and without waiting for the cumbersome retrieval and transmission of a hard copy. Mr. Krebs would have a challenging time explaining why the company was billed $4,000 for seat 48H.
-Rakesh Shukla
@rakesh170
Related White Papers
Related Blog Posts
Posted by Steve Wilcox on Tue, Feb 10, 2009 @ 03:17 PM
In my last blog entry, I explored the importance of segregating AP duties.
Today, I will present a fascinating case study of AP Fraud that highlights the risks of poor AP internal controls.
This is a true story.
Our tale concerns a husband-wife team who colluded with an outside vendor to fleece their company of at least $2 million over a seven-year period. The target of this sustained fraud was the well-respected newspaper, The Charlotte Observer, where poor internal controls contributed mightily to the scandal they were, to their considerable embarrassment, obliged to report in their own pages.
The Profile of an AP Fraudster
The mastermind of the scheme was a Mr. Johnson, a white male and 22-year employee of the newspaper with an unblemished record. Believe it or not, this is the typical profile of an AP Fraudster.
It was Mr. Johnson's good fortune to serve as a purchasing manager who also had authority to both receive goods and services and approve invoices for the same. The invoices would naturally flow through the AP department, where Mr. Johnson's wife happened to work. All the Johnsons needed to complete a seamless scam was a cooperative and unscrupulous vendor. Mr. Johnson cultivated a friendship with a favorite supplier until they became close enough that he could propose his ploy: for every two shipments you send me, invoice The Observer for three, and we'll split the payment for the phantom shipment!
Too Many Hats for One Head
The breakdowns in internal controls that allowed this arrangement to prosper over a 7-year period are manifold. Consolidating so many responsibilities in the hands of even the most trusted of employees is the first bright-red flag. A married couple with entangled duties connected with AP is another red flare. Significant budget variances, on the order of $50,000 of bogus charges per month per department, were overlooked as boom times created a lax atmosphere that tolerated such large discrepancies. Poor inventory controls allowed non-existent shipments to be processed and paid for. To top it all off, nobody involved was bonded and the company wasn't insured against such a loss.
NASCAR Insider?!? Where was the Common Sense?
While there is no question that better systems and procedures might have excised this cancerous scheme, simply bringing common sense to bear would have at least curtailed the loss. During the seven years that the Johnsons were siphoning off a substantial chunk of The Observer's revenue, their lifestyle took a dramatic turn for the better. They sold their old home, moved into a new lakefront mansion in an exclusive neighborhood, added a swanky boat, traveled like pashas and stockpiled fancy automobiles. Indeed, not only did Johnson flaunt his new-found wealth, he abandoned discretion entirely by incessantly insinuating himself into the picture - literally - in the very high profile world of NASCAR. Every week, it seemed, he would be photographed bear-hugging the winner at the victory celebration, an awesome display of insider status in the region's most revered sport.
Meanwhile, his demeanor around the office was quite the opposite. Formerly out-going and hands-on, Johnson retreated into his office where he spent most of each day behind a closed door and drawn blinds.
How could anyone, indeed everyone, have failed to notice? The answer is that of course people noticed, but they didn't trust their intuition enough to call Johnson's bluff. All Johnson had to do to deflect curiosity over the course of the better part of a decade was claim an aunt died and left him an inheritance. Naturally, once the fraud was unmasked, the aunt was discovered to be as imaginary as the stream of phantom shipments Johnson authorized and his wife paid for.
AP Internal Control Breakdowns
Clearly, a woeful failure to segregate duties was at the heart of this calamity. Had Johnson not had the power to approve his own actions, this fraud might have been prevented altogether. Improved transparency and more disciplined approval framework would also, at the very least, make a fraud such as Johnson's more difficult to launch and impossible to sustain.
While Mr. and Mrs. Johnson eventually received their comeuppance - curiously, The Observer did not take immediate legal action upon their exposure - the newspaper nonetheless took a substantial hit, both in terms of financial loss and tarnished reputation. Nor were the perps the only people to suffer: managers who presided over the slipshod operations were sacked, steering lives and careers off track. The real tragedy of this tale is that if today's AP automation software and associated best business practices had been in place at The Observer, this entire fraud, and all the damage that ensued, would never have happened in the first place.
-Rakesh Shukla
@rakesh170
Related White Papers
Related Blog Posts
Posted by Steve Wilcox on Fri, Feb 06, 2009 @ 03:27 PM
Question: What do the following situations all have in common?
- A policeman ticketing a Dunkin' Donuts truck driver ...
- A doctor prescribing medicine from a pharmaceutical company in which he owns stock ...
- A politician accepting contributions from a special interest group ...
- A procurement manager being wined and dined by vendors ...
- A hungry wolf guarding the chicken coop ...
- A judge sentencing a family member ...
- Coaching your own son or daughter on a travel team ...
Answer: In each situation, there is a conflict of interest.
A conflict of interest is a situation where someone (such as a doctor,politician, procurement specialist, police officer, judge, coach, wolf etc.) has a personal interest or motivation that might compromise the reliability and integrity of bigger obligations.
In many cases - especially where money is involved - a conflict of interest may tempt someone to break the law. Nowhere is this truer than in Accounts Payable.
In AP, there are a lot of conflicting duties which should always be segregated. Segregating AP duties is one of the most important internal controls in finance. For example, the person entering the invoice should not approve the invoice for obvious reasons. Similarly, the person who sets up a vendor should not enter the invoice into the ERP system. There are many examples in AP where duties should be segregated. The problem is that most finance departments constantly have pressure to do more with less. But to follow segregation of duties to the letter, you need enough staff which isn't always a luxury - especially in these economic conditions.
But wait!
Haven't ERP systems addressed segregated duties through a security framework which governs the acceptable use for each authorized user?
Aren't roles and responsibilities managed so that, for example, an entry-level accounts payable clerk can access modules only related to her specific job function while the CFO can access any module in the system?
Well ... yes ... but the problem of trying to maintain segregated duties using this classification approach is that these configurations are expensive to design and deploy. As employees are promoted, reassigned, or terminated, organizations must continually update their ERP systems with everyone's correct authorization level including consultants, contractors and business partners. Supporting and maintaining the classifications and configurations is a resource intensive job.
Furthermore, most organizations struggle with their initial ERP setup -- millions are spent in projects that can take up to 3 or more years. Unfortunately, the setup of these segregated classifications is often the last phase of the project and does not receive the attention it requires especially if the project is over budget or behind schedule - which is more common than not.
With AP automation that includes a robust workflow engine, you should have complete end-to-end AP process visibility as the invoice transitions from one step to the next ... the AP system should track all changes maintaining a comprehensive audit trail of what was performed and by whom for all prior steps so potential conflicts can automatically be caught at the transaction-level.
Using this approach, limited headcount can still allow for segregated duties since segregation can be enforced at the transaction level instead of the job role level. Employees can still be cross trained and allowed to perform multiple functions as long as they don't perform conflicting duties on the same transaction. For example, an AP Specialist could both enter invoices and also setup suppliers as long as there is no conflict on each and every transaction.
This transaction-level segregation can be enforced by the workflow software which allows you to move away from restrictive job role controls ... rather than limiting what functions employees can carry out as part of their jobs, this approach allows enterprises to boost productivity while mitigating the business risks.
One last point here ... this approach requires less overhead since segregation rules are defined once at the process level as opposed to the constant overhead of ERP administration.
-Rakesh Shukla
@rakesh170
Related White Papers
Related Blog Posts
Posted by Steve Wilcox on Fri, Jan 30, 2009 @ 02:13 PM
The classic finance dilemma is choosing between reducing costs or strengthening internal controls. Typically, these are opposing goals. Achieving one goal usually means sacrificing the other. For example, strengthening internal controls usually means increasing processing costs. Nowhere is this more true than with Accounts Payable.
The bottom line is that strengthening internal controls remains purely a cost burden... for most companies. The Hackett Group studies show that on average, compliance costs have added $200,000 per US$billion of revenue to the cost of finance since the start of SOX in 2003.
However ...world-class finance costs are about 50% below the average company's costs and continue to decline as a percentage of revenue.
So what are these world class companies doing to strengthen controls while keeping a lid on control costs? 4 things:
- Centralizing and simplifying processes
- Leveraging technology
- Automating controls
- Using more preventative controls
Let's quickly talk about each of these points.
Process Centralization and Simplification
Shared services is the best way to centralize processes and reduce costs. In fact, here is a very compelling data point -- 20% of companies that have implemented financial shared services have achieved savings of over 40%!
Leading companies also have simpler processes ... 20% fewer key controls per billion dollars in revenue.
Technology Leverage
Leading companies have consolidated technology platforms resulting in fewer ERP systems and minimal duplication of data. The best companies have only 1 ERP vs 2 ERPs for everyone else.
Shared databases for purchasing and payables allow companies to have a single vendor master file and a single chart of accounts (which is easy if you have a single ERP system) ... the big benefit here is a single source of the truth which is critical for financial data.
Control automation
The average companies also perform a LOT more manual control activities than leading companies which means they are operating with an unnecessary level of risk. Peer companies perform manual control activities 2.4 times more than leading companies. All this manual activity increases the risk of control failure which is perilous in today's regulatory and legislative environment.
Greater Use of Preventative Controls
Finally, leading companies have more preventative controls. Of course an environment where deficiencies are prevented in the first place is more desirable and much less expensive than having to detect problems after the fact.
The number of preventative controls are 11% higher for leading companies.
So there you have it. To solve the classic financial executive dilemma of reducing costs while, at the same time, strengthening controls, you must centralize and simply processes, leverage technology appropriately and automate controls with more preventative controls.
-Rakesh Shukla
@rakesh170
Related White Papers
Related Blog Posts
Posted by Steve Wilcox on Wed, Jan 21, 2009 @ 08:30 AM
My 8-year old daughter is a cookie thief. You see, I caught her with her hand in the cookie jar the other day.
"How long have you been taking cookies without asking?"
"Uhhhh ... just today, Dad!"
Yeah right. I gave her a stern look even though I was a master cookie thief myself in my youth.
"Really Dad, I swear. This is my first time."
Of course, this wasn't her first cookie theft -- but it was the first time she was caught. Later that day, I was wondering how many cookies have been "stolen" in households throughout the U.S.? The answer is that it's impossible to know for certain because of the unknown number of cookie raids that have never been detected!
It's actually not that different from estimating fraud losses. In the 2008 Association of Certified Fraud Examiners' (ACFE) report, it states that the typical organization loses 7% of its annual revenues to fraud. Based on US GDP of just over $14 trillion, this translates into a staggering $990 billion in annual losses. But here is the caveat from the ACFE report:
Fraud, by its very nature, does not lend itself to being scientifically observed or measured in an accurate manner. One of the primary characteristics of fraud is that it is clandestine, or hidden; almost all fraud involves the attempted concealment of the crime.
Consequently, many instances of occupational fraud may go completely undetected. Further, even for those cases that do come to light, the full amount stolen may not be ascertainable, or the victim organization may decide not to report the theft to the authorities or the general public. As a result, determining the true breadth and depth of this form of crime is nearly impossible.
2008 ACFE Report to the Nation
On Occupational Fraud and Abuse
In the report, each fraud type was classified using the Uniform Occupational Fraud Classification System (commonly known as the Fraud Tree) into one of three major categories:
- Corruption
- Asset Misappropriation
- Fraudulent Statements
Fraudulent Disbursements (the set of yellow boxes at the bottom), a type of asset misappropriation, represented 2/3rds of all cases. And within this Fraudulent Disbursement branch, in terms of frequency, the top 3 frauds were AP related:
- Billing Schemes
- Check Tampering
- Expense Reimbursement
There is no question that fraud and specifically, AP Fraud, continues to be a real problem.
Now here is where it gets interesting ... How were the frauds detected? Here are the ACFE Fraud survey results:
I find it just remarkable that Internal Controls ranked a distant second ... and barely ahead of By Accident - in terms of detection! Sure, it's an improvement over the 2006 survey where Internal Controls ranked fourth but it's still terrible! Clearly, more effective internal controls are needed.
In my next blog entry, I'll talk about the 4 best practices that are critical to strengthening internal controls to manage risk while keeping a lid on costs.
-Rakesh Shukla
@rakesh170
Related White Papers
Related Blog Posts
Posted by Steve Wilcox on Thu, Jan 08, 2009 @ 08:07 AM
About the time of my last blog post, the sensational Madoff scandal was hitting the newswires. I have been fascinated by not only Madoff's Ponzi scheme but also the utter failure of the SEC to detect a fraud which reportedly swindled $50B ... F - I - F - T - Y BILLION!!!
A Ponzi scheme is named after Charles Ponzi (see 1910 mugshot above). It's a fraudulent operation that pays returns to older investors from newer investors until the whole house-of-cards collapses. It's a classic pyramid scheme.
What makes this fraud even more fascinating is that the SEC had been receiving tips about the Madoff fraud for over a decade. In particular, a money manager named Harry Markopolos made it his personal mission to expose Madoff. Unfortunately, he couldn't persuade the SEC to investigate despite detailed report after detailed report on how it was virtually impossible for Madoff's strategy to work.
It's frustrating and even sickening how the SEC ignored these tips, especially when Markopolos gift-wrapped them for the SEC. Clearly, the SEC doesn't understand the first rule about detecting frauds. According to the Association of Certified Fraud Examiners (ACFE), the #1 way in which fraud is discovered is ...
... by a tip or complaint.
Yup, nearly half of the fraud cases in the ACFE's 2008 study were uncovered by a tip or complaint from an employee, customer, vendor, or other source.
Since over half of all fraud cases are AP-related, the lessons for AP are clear ... tips and complaints need to be encouraged. The best way to do this is through anonymous hotlines.
Both employees and third parties should be encouraged to report illegal or suspicious behavior. Whistleblowers should be assured that all and any reports are confidential and that there will be no retaliation by the organization whatsoever.
Whistleblowers should also be reassured that unlike the manner in which the SEC handled tips and complaints about Madoff, when a tip is received, it will be properly investigated.
In my next blog entry, I'll explore something else that is disturbing about the ACFE chart above. Can you guess what it is?
-Rakesh Shukla
@rakesh170
Related White Papers
Related Blog Posts