Page 522 - ACFE Fraud Reports 2009_2020
P. 522

Victim Organizations



                 Anti-Fraud Controls at the Victim Organization
                 While the presence of internal controls does not provide guaranteed protection against fraud, it can help to both
                 mitigate losses and deter some potential fraudsters by enhancing the perception of detection. Consequently, enacting
                 internal controls specifically designed to prevent and detect fraud is a vital part of a fraud risk management program.

                 Many organizations find it useful to benchmark their anti-fraud controls against their peers, both in terms of what
                 mechanisms are being employed and the effectiveness of those approaches. To help with this endeavor, we asked
                 respondents about the anti-fraud controls in place at the victim organization at the time the fraud occurred. As shown
                 in Figure 47, almost 82% of victim organizations underwent external audits of their financial statements by independent
                 audit firms. Despite being the most common anti-fraud control analyzed, such audits are not designed specifically to
                 find fraud and were responsible for detecting less than 4% of the frauds in our study (see Figure 21 on page 21). Con-
                 versely, hotlines were only present in 60.1% of the victim organizations, and yet we know that tips are consistently and
                 overwhelmingly the most common method by which frauds are detected.


                 Figure 47: Frequency of Anti-Fraud Controls


                                  External Audit of F/S                                            81.7%
                                    Code of Conduct                                               81.1%
                              Internal Audit Department                                   67.6% 71.9%
                                                                                              73.7%
                   ANTI-FRA UD CONTROL  Independent Audit Committee             51.6% 56.1% 60.1% 64.7%
                           Management Certification of F/S
                               External Audit of ICOFR
                                  Management Review
                                                                                       62.5%
                                          Hotline
                             Employee Support Programs
                             Fraud Training for Employees
                      Fraud Training for Managers/Executives
                                                                                51.3%
                                    Anti-Fraud Policy
                  Dedicated Fraud Department, Function, or Team           41.2%  49.6%
                            Formal Fraud Risk Assessments                39.3%
                                      Surprise Audits                   37.8%
                         Proactive Data Monitoring/Analysis            36.7%
                          Job Rotation/Mandatory Vacation   19.4%
                              Rewards for Whistleblowers  12.1%
                                               0%    10%   20%   30%   40%   50%   60%    70%   80%   90%
                                                                    PERCENT OF CASES
                 The following key applies to Figures 47 and 48:
                 External Audit of F/S = Independent External Audits of the Organization’s Financial Statements
                 Management Certification of F/S = Management Certification of the Organization’s Financial Statements
                 External Audit of ICOFR = Independent External Audits of the Organization’s Internal Controls Over Financial Reporting























     38           REPORT TO THE NATIONS ON OCCUPATIONAL FRAUD AND ABUSE
   517   518   519   520   521   522   523   524   525   526   527