Companies of all kinds and within all industries, large and small, have to be on guard against theft, fraud and misuse of resources. It can be difficult to detect and prevent internal threats to companies' finances and other valuable assets, with workers successfully defrauding employers in large numbers every year. The impact of an unnoticed pattern of fraud and theft can be devastating, highlighting the value of improving asset protection in 2018 and beyond.
Internal actors have many ways to misuse their access to sensitive accounts and information. The exact nature of the schemes employed by criminals can differ widely, but the end effects are the same – losses for the companies they're stealing from. To deal with these crimes, companies should invest in wide-ranging and varied detection and prevention approaches. Failure to get ahead of a case of fraud could end up costing organizations hundreds of thousands of dollars in a typical company.
Insider crime by the numbers
According to the Association of Certified Fraud Examiners, the median loss from fraud over the past year is $130,000 per incident. In 2017, companies lost more than $7 billion, and 22 percent of fraud incidents cost the victim organizations $1 million or more in a single case. The median time for a scheme to last was 16 months, meaning many organizations suffered thieves in their midst for more than a year at a time. Some are doubtless dealing with internal bad actors right now, and they don't know it yet.
One of the worst scenarios a business can suffer is several thieves working together and colluding with one another. According to the ACFE data, a single fraudster causes median losses of $74,000. When a group of two strikes, losses rise to $150,000. The median damage for a fraud ring of three or more people is $339,000. Furthermore, long-tenured employees tend to steal more than those newly hired. People with five-plus years' tenure took a median of $200,000, while newer employees stole half that amount.
Small companies are just as susceptible to fraud, theft and employee misuse of resources as their larger counterparts. In fact, with their smaller overall budgets, these organizations may be significantly more vulnerable to the ongoing monetary losses. The Journal of Accountancy noted the lower overhead of small businesses leads to a twofold problem: These operations have less money to set aside for anti-fraud controls, but more risk of suffering debilitating losses if a crime takes place.
Examples of high-level theft cases
Some of the most recent public examples of fraud and corporate theft come from the Internal Revenue Service. Employees who misappropriate company funds often run afoul of tax authorities, leading to the detection of their schemes. The IRS's latest report shows the variety of ways people can defraud their employers and the vast amounts of money that can be lost this way. For instance, an HVAC contractor employee created a corporate entity solely for the purpose of skimming money from legitimate contracts paid to his employer. He stole $350,000 before he was caught.
In another example cited by the IRS, a manager in HBO's talent relations department managed to embezzle over $1 million from the television network. As with the previous example, the fraud involved creating a fraudulent company which supposedly provided makeup services to actors but actually just stored improperly billed money.
Potential protective measures
Just as there are many ways to steal money or valuable assets, companies have numerous methods of protecting themselves from the resulting losses. Whether they employ these approaches may determine their ability to detect theft in their midst.
- Start with a consultation: Sometimes, it's hard to tell where to start when looking for problems within a company. In these cases, a consultation may be an important first step. Trained investigators can turn their attention to a business's inner workings and determine whether there's cause to take a next step such as launching an investigation.
- Commission background checks: Companies can hire professionals to ensure employees don't have any red flags in their background. Many organizations lack the internal knowledge to conduct in-depth looks at individuals, but this doesn't mean they shouldn't employ these practices. Trained third-party services can provide the needed expertise in a manner that is compliant with U.S. and State laws.
- Conduct investigations: Potential signs of trouble can trigger investigations. An investigator integrated into a company's framework conducting focused interviews and seeking out harmful behaviors can determine whether a crime has occurred. These professionals may detect anything from solo employees stealing physical company assets or organized groups of criminals working together for larger thefts. And, qualified investigators have the added skills to make recommendations to increase business controls to help prevent similar malfeasance in the future.
- Have a plan in place: Organizations shouldn't only commit to investigations and third-party assistance when signs of trouble become obvious. They should plan ahead, before problems manifest themselves, to make sure they're not caught off-guard by fraud. Companies around the world, of any size, have unique security needs to address.
Avoiding devastating consequences
When business owners hear news about massive losses or study the amounts stolen in the past year, they may wonder if their organizations are next. Unless they have the appropriate frameworks in place to detect and remove internal fraudsters, they may end up suffering a fate like those they've read about. It's much harder to address corporate fraud after the fact, which means there's a significant amount of value in being proactive and thinking ahead.
Potential signs of trouble can be subtle, from an incorrect number coming up in an inventory check to a suspicious financial statement. Being able to tell the difference between innocuous events and threats that demand action is the sign of a company with its fraud prevention efforts under control.