Modification of Controls                               Victim Organizations That Modified
           In response to the discovery of the fraud, more than 80% of   controls After discovery of Fraud
           the victim organizations in our study implemented or modi-
           fied internal controls. While this percentage is quite high, it        Did Not
                                                                                  Modify Controls
           indicates that nearly one out of five victims retained the same        19.4%
           control system — or lack thereof — that was ineffective in
           preventing the reported fraud schemes. Of those organiza-
           tions that did implement or modify their internal controls in     Did Modify Controls
           response to the fraud, more than 60% increased segregation        80.6%
           of duties, more than half added formal review of internal con-
           trols by management and 23% implemented surprise audits.



                            Internal controls Modified or Implemented in Response to Fraud   19

                          Increased Segregation of Duties                               61.2%
                                  Management Review                              50.6%
                                       Surprise Audits   14.8%  22.5%
                 Control Implemented/Modified 20  Job Rotation/Mandatory Vacation  7.9% 13.5%
                            Fraud Training for Employees
                                                          16.4%
                    Fraud Training for Managers/Executives

                            Internal Audit/FE Department
                                                       12.3%
                                      Anti-Fraud Policy
                                                       11.7%
                                      Code of Conduct
                                                      8.7%
                                   External Audit of F/S
                                                      8.7%
                                             Hotline
                                External Audit of ICOFR
                            Indpendent Audit Committee
                                                        6.0%
                          Management Certification of F/S
                             Rewards for Whistleblowers  7.8% 5.9%
                                                       4.0%
                            Employee Support Programs  1.8%
                                                   0%    10%    20%   30%    40%    50%   60%    70%    80%

                                                                       Percent of Cases

                   19 The sum of percentages in this chart exceeds 100% because many victim organizations modified more than one anti-fraud control in response to the fraud.
                   20 KeY:
                    •  External Audit of F/S = Independent external audits of the organization’s financial statements
                    •  Internal Audit / FE Department = Internal audit department or fraud examination department
                    •  External Audit of ICOFR = Independent audits of the organization’s internal controls over financial reporting
                    •  Management Certification of F/S = Management certification of the organization’s financial statements


                                                                2010 RepoRt to the NAtioNs ON OccuPATIONAl FRAUD ANd AbuSE  |  47