KPMG released its
2011 analysis of global fraud trends this past week. The audit, tax, and advisory services firm based its study on nearly 350 investigations it conducted in approximately 70 countries. Its findings in some cases are encouraging; in other cases they demonstrate organizations have a long way to go when it comes to detecting and preventing fraud.
One statistic stood out as particularly noteworthy—and troubling: instances of fraud that took advantage of poor internal controls rose to 74%, up from 49% in 2007. In other words, organizations are doing a poor job of shoring up their internal defenses against fraud. KPMG theorizes the bad economy and smaller budgets may be partly to blame. On the bright side, the value of whistleblower mechanisms held steady, accounting for close to a quarter of all cases in both 2007 and 2011. However, 14% of all cases this year were unearthed by customers, suppliers, or various other third parties while 13% were discovered by accident.
Rather than investing in the GRC practices needed to prevent fraud, many organizations appear to be hoping for happy accidents and the timely intervention of organizations with whom they do business—and as that old pearl of parental wisdom goes, hope is not a method.
An organization should be best able to identify its most at-risk employees. As KPMG’s study shows, they tend to fit fairly predictable patterns—typically a male senior manager with tenure who works in a finance role, age 35 to 46. Forearmed with such knowledge of the demographics, instituting the right GRC measures in the right places is not rocket science. Relying instead on an external partner or agency, or worse yet sheer chance, to finger the fraudsters is both lazy and dangerous, an unnecessary risk to an organization’s finances—to the tune of around $1 million per fraud incident on average. What’s more, the negative impact to an organization’s brand and reputation could take years to overcome.
Bad economy or not, good governance is an invaluable investment in combating fraud—and protecting an organization’s bottom line.