The Modern Approach to Fraud Prevention and Detection
- Published
- May 22, 2024
- Topics
- Share
Financial crises, increasing regulations, public health and natural disasters, blockchain, and artificial intelligence have greatly impacted the past two decades in one regard: they set the stage for fraudsters. Fraud remains a significant risk in our financial reporting and economic environment. Organizations, no matter the size or industry, fall victim to fraud from internal or external sources daily. Employees, business partners, and people with no connection to your business still seek out, or stumble into, opportunities to commit fraud.
The Association of Certified Fraud Examiners (“ACFE”) Occupational Fraud 2024: A Report to the Nations outlines the following:
- From 2016 to 2022, the median fraud loss declined from $150,000 to less than $120,000. In 2024, however, the median fraud loss increased notably to $145,000.
- From 2015 to 2022, the time to detection of fraud schemes declined from 18 months to less than 12 months. In 2024, the downward trend stopped, and the average time to detection remained at approximately 12 months.
- More 50% of the frauds analyzed by the Report had pandemic-related factors that contributed to the fraud scheme.
- Organizations have implemented anti-fraud measures—such as fraud training, hotlines, and anti-fraud policies—at a higher rate than in 2016.
All is not lost, however, as good governance usually prevails. And with automation of controls, machine learning, and increased processing power and data storage to allow timely access to transaction summaries and details, organizations have the tools to detect and prevent fraud sooner than ever before.
Foundational Anti-Fraud Methods
The basics of fraud detection and prevention have not changed drastically over the years but have evolved to address new threats and leverage technology. The time-tested methods to combat fraud include:
- Preventative controls, including segregation of duties, access controls, three-way matching, job rotation, user access controls, system workflow approvals, disbursement and expense policies, and reconciliations.
- Detective controls/procedures include internal audits (surprise or planned), data analytics, disbursement review, analysis of payable, and receivable aging reports.
- Management review controls (analysis of estimates, budget versus actual, and quarter-over-quarter variance analysis).
- Fraud training and a publicized (confidential) whistleblower hotline. Even with the rise of advanced tools and detective procedures, tips remain the leading method for detecting fraud and have been for many years, according to ACFE reports.
Using Technology to Combat Fraud
Many of the methods described above have been enhanced or the time to analyze reduced with the increase in technology capabilities. In addition to making the above procedures more powerful and timely, technology has also provided better tools to combat fraud.
Access to Real-Time Data Analytics
Historically, many businesses had to wait until monthly reporting was finalized to get summary-level data. Accessing the transaction-level data would then require another wait. Currently, many data analysis tools can provide near instantaneous access to underlying transactional- and summary-level data to the consumers of that data. Tools like Tableau and PowerBI give these consumers powerful sorting, filtering, and transactional detail right on their desktops without the need for any data technologists.
Artificial Intelligence (“AI”)
AI can analyze communications, transactions, and other large data sets to identify higher-risk transactions. Predictive analytics can look at very large data sets very quickly to then provide a subset of transactions for a human to further analyze.
Big Data
Access to large datasets can build models for predictive analytics and automated identification and analysis of anomalies or unusual transactions. The integration of big data into anti-fraud strategies has significantly enhanced the ability to safeguard assets and sensitive information.
Biometrics
Additional access controls based on biometric data reduce the risk of unauthorized access to systems or physical locations.
Blockchain
The advent of blockchain, including smart contracts, allows transparency and immutability of data within an organization or with external parties.
Social Media
This is more for awareness purposes to alert your employees, customers, and vendors of potential fraud and ways to protect oneself. Social media can also help detect and monitor for fraud. Platforms can monitor conversations (posts) and trends that could indicate fraud schemes in their infancy. For example, a sudden spike in posts complaining about unauthorized transactions or breaches can alert a company to potential security issues.
Responding to Possible Fraud
Despite all the controls and advances in technology, fraud is still a distinct risk for every industry and every size organization. How your organization responds to possible instances of fraud can also have a bearing upon how vulnerable you are going forward.
Best practices to follow when you suspect fraud in your organization
- Take every allegation seriously. It is important for organizations to have a documented and consistent process when evaluating fraud allegations. Someone independent of the business unit or function should be part of the reporting and evaluation process. For smaller organizations, independent board members or trusted advisors can be used to help evaluate the allegation.
- Bring the right people in to investigate the allegations. Independence is key for matters that might be reviewed by external parties such as external auditors, investors, and regulatory agencies.
- Monitor the progress of the investigation without influencing its findings. Investigations can be expensive if left unchecked, but you also don’t want to limit the scope of the investigator, which could be perceived as trying to hide something or protect someone.
- Maintain consistent discipline. Terminating a staff for improper T&E fraud but then slapping the wrist of an executive for the same offense will create a two-tiered system within your organization that will negatively impact morale and may foster further incidents.
- Learn from prior fraud events and share the stories with your organization. Let everyone know what worked and what didn’t and how the organization is changing procedures. Talking about the event and holding fraud training for employees bring the issue into the light and recruit all your employees to be on the watch for fraud, which is much less expensive than paying for an investigation.
- Conduct an annual fraud risk assessment (“FRA”). The first FRA can be a learning experience, but each successive FRA can be a meaningful process that can help to make your organization more fraud resilient.
Whether you are a global Fortune 500 company or a small nonprofit, your organization is a potential victim of fraud. In most cases, it’s a matter of when not if fraud will occur. Acknowledging that fact and talking about it with stakeholders can help address fraud threats. There are many methods to deter fraud in your organization. Reach out below if you need help to establish or upgrade your anti-fraud program.
What's on Your Mind?
Start a conversation with the team
Receive the latest business insights, analysis, and perspectives from EisnerAmper professionals.