Anti-Fraud Controls at the Victim Organization
                 Proactive fraud prevention and detection controls are a vital part in managing the risk of fraud, but are all anti-fraud
                 controls created equal? As part of our survey, we asked participants to identify which of 18 common anti-fraud
                 controls were present at the victim organization at the time the fraud occurred. The responses are reflected in Figure
                 26, which shows that external audits were the most common control enacted by the victim organizations, as they
                 were present in more than 80% of the cases reported to us. But as noted in Figure 11 on page 19, external audits
                 accounted for the detection of just 3% of the cases in our study. While external audits serve many important func-
                 tions, this suggests they should not be strongly relied upon as a fraud detection tool.
                 With more than 42% of frauds being detected by tips (see Figure 11), hotlines ought to play a critical role in organi-
                 zations’ anti-fraud programs. But of the organizations victimized by the frauds in our study, only 54% had a hotline
                 mechanism in place, and less than 11% provided rewards for whistleblowers. These rates indicate that many organi-
                 zations have room for improvement in encouraging the tips that so effectively help uncover fraudulent conduct.


                  Figure 26: Frequency of Anti-Fraud Controls


                                     External Audit of F/S                                        81.4%
                                       Code of Conduct                                          77.4%
                                  Internal Audit Department                                 70.6%
                              Management Certification of F/S                               70.0%
                                   External Audit of ICOFR                               65.2%
                                     Management Review                                 62.0%
                                                                                       62.6%
                               Independent Audit Committee
                   ANTI-FRAUD CONTROL  Fraud Training for Managers/Executives  47.8% 52.4%
                                             Hotline
                                                                                  54.1%
                                Employee Support Programs
                                Fraud Training for Employees
                                                                               47.8%
                                       Anti-Fraud Policy
                     Dedicated Fraud Department, Function or Team        38.6%  45.4%
                            Proactive Data Monitoring/Analysis         34.8%
                              Formal Fraud Risk Assessments           33.5%
                                        Surprise Audits               33.2%
                             Job Rotation/Mandatory Vacation  19.9%
                                Rewards for Whistleblowers  10.5%
                                                  0%   10%   20%   30%   40%  50%   60%   70%   80%   90%
                                                                      PERCENT OF CASES


                 the following key applies to Figures 26, 27, 37 and 38 (pages 31, 32 and 38):
                 External Audit of F/S = Independent external audits of the organization’s financial statements
                 External Audit of ICOFR = Independent audits of the organization’s internal controls over financial reporting
                 Management Certification of F/S = Management certification of the organization’s financial statements
















                                                                RepoRt to the NatioNs oN occupatioNal FRaud aNd abuse           31