What to Make of the Cal Poly Blackface Incident
Artificial Intelligence (AI) Changing the Way Audits Are Conducted

Fraud in Organizations

ACFE 2018 Study Published

Fraud can be defined as a deliberate misrepresentation to gain an advantage over another party. Fraud comes in many different forms, including fraud in financial statements, the misappropriation of assets (theft) and subsequent cover-up, and disclosure fraud. In this blog I examine the results of a study recently published by the Association of Fraud Examiners (ACFE).

2018 Global Study on Occupational Fraud and Abuse: Report to the Nations.

The 2018 ACFE survey is a follow-up to three prior biennial surveys. The 2018 survey reports on 2,690 cases of occupational fraud in 125 different countries that were reported by Certified Fraud Examiners. The total cost of occupational fraud exceeded $7.1 billion.

Corruption represents one of the most significant fraud risks for organizations (38%), causing a median loss of $250,000. This includes conflicts of interest, bribery, illegal gratuities, and economic extortion.

Asset misappropriation was the most common type of occupational fraud. Asset misappropriation schemes include when an employee steals or misuses resources, such as charging personal expenses to the company while traveling on business trips. Corruption schemes include misusing one’s position or influence in an organization for personal gain.

Examples of cost and relative frequency of such schemes include: check and payment tampering (150,000; 12%); billing ($100,000; 20%); noncash ($98,000; 21%); cash larceny ($75,000; 11%); payroll ($63,000; 7%); skimming ($50,000; 11%); expense reimbursements ($31,000; 14%); register disbursements ($29,000; 3%); and cash on hand ($20,000; 15%).

The ACFE report focuses on occupational fraud schemes in which an employee abuses the trust placed in her by an employer for personal gain. The ACFE defines occupational fraud as “the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets.” A brief summary of key findings follows:

  • Survey participants estimated that the typical organization loses 5 percent of its revenues to fraud each year. 
  • The mean, or average, loss due to the frauds was $2.75 million.
  • The frauds reported lasted a median of 16 months before being detected.
  • Asset misappropriation schemes were the most common type of occupational fraud, comprising 89 percent of the reported cases, but causing the smallest median loss of $114,000.
  • Financial statement fraud schemes made up less than 10 percent of the cases but causing a median loss of $800,000.
  • Occupational fraud is more likely to be detected by a tip (40%).
  • Only 12 percent of organizations provided rewards for whistleblowers.
  • Whistleblowers were most likely to report fraud to their direct supervisors (32% of cases), company executives (15%), a fraud investigation team (13%), a coworker (12%), or internal audit (10%).
  • 80% of organizations reporting had a code of conduct in place at the time the fraud occurred.
  • External audits of financial statements were the most commonly implemented anti-fraud control with 80% of the organizations undergoing independent audits.
  • The most prominent organizational weaknesses that contributed to the frauds was a lack of internal controls (30% of cases), followed by an override of existing controls (19%), lack of management review (18%), and poor tone at the top (10%).
  • The perpetrators level of authority was strongly correlated with the size of the fraud. The median loss in a scheme committed by an owner/executive was $1 million for executives with six years or more of service but only $672,000 for those with five years or less. This is compared to managers ($200,000 for six years or more and $125,000 for five years or less) and employees ($100,000 for six years or more and $35,000 for five years or less).
  • Fraudsters who had been with their company longer stole twice as much: $200,000 (more than 5 years’ tenure) versus $100,000 (less than 5 years’ tenure).

How Occupational Fraud Is Detected

The most common method of detection was a "tip," with 40 percent reporting. Additionally, 14 percent of tips came from an anonymous source, demonstrating that a significant portion of those who reported fraud did not want their identities known. In organizations with hotlines, 46 percent come from a tip but declines to 30 percent in organizations with no hotline. Internal audit was next with 15 percent followed by management review with 13 percent. Taken together these results indicate the need for strong internal controls to help prevent and detect fraud. More effective internal audits serve to strengthen internal controls, a goal of Section 404 of Sarbanes-Oxley. The exhibit below shows the frequency of detection methods as reported by survey respondents.

Initial Detection of Occupational Frauds from the ACFE 2018 Global Study on Occupational Fraud and Abuse

Detection Method

Percentage Reported

Median Loss




Internal Audit



Management Review



By Accident






Account Reconciliation



Document Examination



External Audit






Notified by Law Enforcement



IT Controls






Frequency of Anti-Fraud Controls

The survey points out that while the presence of internal controls does not guarantee protection against fraud, it can help to both mitigate losses and deter some potential fraudsters by enhancing the perception of detection. Consequently, enacting internal controls specifically designed to prevent and detect fraud is a necessary part of a fraud risk management program; proactive fraud prevention and detection controls are a vital part in managing the risk of fraud. 

With 40 percent of frauds being detected by tips, hotlines should play an essential role in organizations’ anti-fraud programs. However, only 63 percent had a hotline mechanism in place and 12 percent provided rewards for whistleblowers. The most common control is the external audit. However, the study indicates that only four percent of frauds are detected through the external audit. Internal audits are more attuned to making those determinations, with a 73 percent detection rate

Red-Flag Warnings of Fraud  Know your Role sign with clouds and sky background

Individuals who are engaged in occupational fraud schemes often exhibit certain behavioral traits or warning signs associated with their illegal activities. These are described below. Of particular note is living beyond one’s means (41%) and financial difficulties (29%). The question is how can the anti-fraud controls identify these issues? These behavioral red flags might show up through work absences and poor performance. There may be warnings signs such as erratic behavior in the workplace.

Behavioral Red Flags Displayed by Perpetrators: 2018 ACFE Global Fraud Survey

Behavioral Indicators of Fraud

Percentage Reported

Living Beyond Means


Financial Difficulties


Unusually Close Association with Vendor/Customer


Control Issues, Unwillingness to Share Duties


No Behavioral Red Flags 


Divorce/Family Problems


"Wheeler-Dealer" Attitude


Irritability, Suspiciousness, or Defensiveness


Addiction Problems


Complained about Inadequate Pay


Excessive Pressure from Within the Organization


Refusal to Take Vacations


Past Employment Related Problems



The results of the survey clearly indicate that internal auditors should have their “eyes wide open” with respect to whether managers have close relationships with outsiders that create conflicts of interest, one of the signs of ethical collapse. The results indicate that tip, internal audit and management review accounted for 68% of frauds. That's not bad but organizations should be able to do better by strengthening their audit committee and ensuring an independent board of directors. Similarly, the internal auditors need to be aware of financial and/or personal problems of employees that might create pressures to misappropriate cash and/or create fictitious entries to cover up occupational fraud. 

Blog posted by Steven Mintz, aka Ethics Sage, on April 24, 2018. Visit my website and sign up for my newsletter.

The original photo was published by Dopkins & Company, LLP in its article titled: Fraud Prevention:  What is a Not-for-Profit Board Member’s Duty of Care?