What to do if your business is defrauded

Occupational fraud isn’t just a financial threat. It can potentially change a business’s reputation, culture and relationships. But before dealing with any larger ramifications of fraud, defrauded companies must first “clean up” the mess. This may include potentially terminating the perpetrator, taking civil action or referring the perpetrator to the police. Whatever a business chooses to do in the aftermath of a fraud incident, swift action is paramount and internal controls must be addressed.

How do victims react?

In its Occupational Fraud 2024: A Report to the Nations, the Association of Certified Fraud Examiners (ACFE) reveals that when organizations uncover fraud, 67% choose to terminate the individuals involved. In 57% of cases, companies refer fraud perpetrators to law enforcement. Of those, 45% result in the perpetrator pleading guilty or no contest, while 27% are convicted at trial. In 14% of referred cases, law enforcement declines to prosecute.

When fraud comes to light, the role of legal counsel is critical. If your organization discovers fraud, be sure to notify your attorney before launching any investigation. Attorneys can provide guidance on how to handle potential suspects, including whether to suspend or terminate them from work, how to notify them of your decision and what to communicate with other workers.

Also consider engaging a forensic accountant. This fraud expert can help analyze records and data, identify suspects, interview witnesses, recover financial losses and collect evidence that will hold up in court (if applicable). Keep in mind that you may want to let your attorney hire the forensic accountant.

Whether your company or a fraud expert conducts the investigation, it typically will involve several steps. These include gathering and reviewing relevant documents (including digital files), interviewing possible perpetrators and their coworkers, and preparing a comprehensive investigative report. Your business also must — with legal input — decide whether it plans to pursue criminal or civil charges against those involved.

How can you mitigate losses?

Note that recovering financial losses from fraud isn’t necessarily straightforward. The ACFE found that 57% of organizations recovered nothing, 30% made a partial recovery and only 13% recovered all losses related to fraud.

Such figures only highlight the need for robust internal controls to mitigate losses in the first place. For example, the ACFE reports that if surprise audits aren’t used by an organization, the median loss if fraud occurs is $200,000. But if surprise audits are used and a business suffers a fraud incident, its median loss is only $75,000 — a 63% reduction. Obviously, following this approach to risk reduction acknowledges that internal controls aren’t always foolproof. However, when controls are deployed — particularly if your company has several layers of protection — they can reduce median losses significantly and possibly prevent fraud altogether.

In addition to surprise audits, these controls are associated with faster detection of schemes and at least a 50% reduction in financial losses:

  • Management review,
  • Routine financial statement audits,
  • Availability of an anonymous fraud tip line,
  • Fraud training for managers,
  • A written anti-fraud policy, and
  • Proactive data monitoring.

In 32% of fraud incidents, the most common factor is a lack of internal controls. In an additional 19% of cases, managers and others override existing controls. So controls must not only exist, they also must be rigorously followed.

How should you address risk?

If an employee commits fraud, what your company decides to do will depend on the extent of the fraud, the available evidence and many other factors. So that you’ll hopefully never have to make such difficult decisions, take steps now to ensure your internal controls address your organization’s risks.

(This is Blog Post #1583)