• !

• "

#
$ % "
$

• &

'

• (

)* (
 + ,

# +

• - % . /
$
! .
0 $ #
.
$
(

• 1
$
$
2 # +
"
%
$
$ 1

• 3 $ 1 .
+

#
,
 4

• ( 5

. 6
1

$ $ .
#

• 0 7 $
,
$

! % % .
$ $

$
 1

Fraud Profile- Fraudsters’ Work and Results

Dr Haluk Ferden GURSEL

CPA,CGFM,CFE
President
Switzerland Chapter, ACFE

Objective

The purpose of this article is to present a model and an

understanding of the facts about fraud in a given country environment
as concerns the costs of fraud, methods, deterring, detecting and
preventing fraud, perpetrators, victims and post fraud reactions.

Country Fraud Profile

To start with the model, one needs to set the stage for a country
profile. It is a set of data which gives the values of relevant variables
to determine the structure of a given country in terms of fraud
indicators, such as overall cost to country, methods used by
perpetrators, the status of victims. In this article, a study prepared for
the United States will be reviewed as a case. The need to develop
such models for other countries by taking into consideration the
specific conditions and environment of a given country is the
challenge waiting for the researchers in the field of combating the
fraud.

www.cimejes.com
 2

Summary of Second Wells Report

Occupational fraud and abuse is a great problem, one that affects

practically every organization. In 1996, the Association of Certified
Fraud Examiners (ACFE) published its first Report on Fraud and
Abuse. Six years later, the ACFE released the 2002 Report to on
Occupational Fraud and Abuse (1). This survey updates the data in
the first report and also expands that study. It provides the most
detailed view yet of how occupational fraud affects organizations.

The report is based on 663 occupational fraud cases that were

reported by the CFEs who investigated them. In total, the cases in
this study caused over $7 billion in losses. This report focuses on five
areas:
· cost of occupational fraud and abuse,
· methodologies,
· perpetrators,
· victims,
· legal outcomes of fraud cases.

The Association’s founder and chairman, Joseph T. Wells, through

his work with the Association of Certified Fraud Examiners, has
provided main contribution to this study. In his honor, the first report
named The Wells Report. It follows, then, that 2002 report was the
Second Wells Report.

This new study covers, among others, the following points:

• 663 occupational fraud cases that caused over $7 billion in losses

were reported.

• Survey estimates that six percent of revenues will be lost in 2002 as

a result of occupational fraud and abuse. Applied to the U.S. Gross
Domestic Product (GDP), this translates to losses of approximately
$600 billion, or about $4,500 per employee.

www.cimejes.com
 3

• Cases from $100 to $5.4 billion reported. Over half of the frauds in
this study caused losses of at least $100,000 and nearly one in six
caused losses in excess of $1 million.

• All occupational frauds fall into one of three categories: asset

misappropriations, corruption, or fraudulent statements.

• Over 80% of occupational frauds involve asset misappropriations.

Cash is the targeted asset 90% of the time.

• Corruption schemes account for 13% of all occupational frauds and

they cause over $500,000 in losses, on average.

• Fraudulent statements are the most costly form of occupational

fraud with median losses of $4.25 million per scheme.

• The average scheme in this study lasted 18 months before it was

detected.

• The most common method for detecting occupational fraud is by a

tip from an employee, customer, vendor or anonymous source. The
second most common method is by accident.

• Organizations with fraud hotlines cut their fraud losses by

approximately 50% per scheme. Internal audits, external audits, and
background checks also significantly reduce fraud losses.

• The typical perpetrator is a first-time offender. Only seven percent of

occupational fraudsters in this study were known to have prior
convictions for fraud-related offenses.

• Small businesses are the most vulnerable to occupational fraud and

abuse. The average scheme in a small business causes $127,500 in
losses. The average scheme in the largest companies costs $97,000.

Participants of the survey averaged 19 years’ experience and were in

Government, business and public accounting.

www.cimejes.com
 4

Elements of the Country Risk Profile Model

While delimiting the survey environment, the ACFE study used the
term “occupational fraud” defined as “the use of one’s occupation for
personal enrichment through the deliberate misuse or misapplication
of the employing organization’s resources or assets”. The main
parameters shaping the model and their actual values as came out of
the survey are reviewed below.

Cost of fraud

First parameter of the model is the cost of fraud. Based on survey

participants’ estimates, 6% of revenues lost because of fraud. Applied
to US GDP, that means a 600 billion $ loss or $ 4 500 per
employee. As GDP has risen since 1996 3 trillion, the effect of rising
GDP causes additional $ 200 billion lost in fraud. When it comes to
the individual magnitudes, over 50% of cases caused losses of at
least $100,000 and one in six cases cost $1 million or more.

Methods used by fraudsters

The second parameter of the model is the methodology employed

by fraudsters. Three major categories of occupational fraud were
asset misappropriations, corruption and fraudulent statements.
According the survey, out of these, over 80% of cases were asset
misappropriations. Most costly ones, however, were fraudulent
statements.

Cash (stolen or misused) was targeted 90% of the time. Non-cash

schemes (inventory, equipment and property information) were less
common, but more costly, on average.

www.cimejes.com
 5

Classifying Cash Schemes are given in Exhibit I.

On the bases of this classification scheme, the results of the survey

indicated that fraudulent disbursements (false invoices, false
timecards) were most common and most costly in asset
misappropriations. Skimming (stolen before it is recorded) was far
more common than larceny (stolen after it is recorded).Fraudulent
billing schemes were most common and most costly, on average in
fraudulent disbursements. Three categories have six-figure median
losses (billing, payroll, check tampering).

Corruption was found mostly prevalent in the purchasing function.

Obviously, it is difficult to uncover bribes and kickbacks as illegal
transfer of funds occurs outside of company books. However, three
clues seems to be of help: existence of favoritism towards one
vendor, purchases at above-market price and purchasing agent
maintaining an excessive lifestyle.

Fraudulent financial statements are less common but most

expensive.
COSO study finds that majority of financial statements frauds involve
overstatement of sales and receivables. ACFE study finds that the
risk of financial statement fraud is inversely proportional to company
size, so small business is more likely to commit. Most convenient
instances for such occurrences are when they try to raise money and
when the statements are unaudited. Cost and frequency of the events
held relatively stable from 1996 to 2002.

Median length for all schemes was found as 18 months.

Approximately 2/3 of schemes ran for more than a year (1-10 years),
13.5% ran for five years or longer (+60 months). Only 3% were
detected within first month.

Deterring, detecting and preventing fraud

Tips (% 26.3) were seen the most common method of detection.

Second most common method was accident (% 18.8). Following
detection ways were internal (% 18.6) and external (% 11.5) audits. In

www.cimejes.com
 6

fact the last two were expected to be higher. Among anti-fraud

measures internal control viewed as most important one followed by
background checks. Third rated to prevent is ‘fraudits’, or auditing for
fraud. Workplace surveillance ranked last in importance.

Perpetrators

Another parameter in the model deals with the definition of the

perpetrators. Data shows that schemes committed by managers and
executives, on average, cause median losses of $250,000, which
was about 3.5 times as high as losses associated with frauds
committed by employees. It is an expected result as higher-level
employees have a greater degree of control over company assets.

Thirty-nine cases involved some form of collusion between

employees and managers. The effect of collusion on the size of fraud
also became apparent. The median loss was $500,000 in such
cases. This was over eight times the median loss caused by schemes
in which employees acted alone. Collusion, especially between
managers and employees, can be difficult for organizations to prevent
and detect because managers are typically counted upon as a key
part of the organizations’ control structures. They are expected to
identify fraud among employees and to deter fraud through their
oversight functions. When managers participate in fraud along with
their employees, this causes the disruption of a major internal control
component and creates a much higher level of vulnerability for the
victim organization by eliminating management’s function in control
structure.

Although the number of schemes committed by the two sexes was

roughly the same, losses from schemes committed by males were
more than three times as high as the losses caused by females. It
can be argued that the link between gender and loss is reflective of
the “glass ceiling” phenomenon. Losses are strongly related to the
perpetrator’s position, and in many organizations the vast majority of

www.cimejes.com
 7

managerial and executive positions are still predominantly held by

males.

There was a direct and linear correlation between age and median
loss. As perpetrators got older their schemes have become more
costly. Age is linked to position in organization as older tend to
occupy higher ranking positions. More senior is more costly because
they have greater access to revenues, assets, resources.

Median losses for the oldest employees (those older than 60) were
$500,000, which was 27 times higher than losses caused by
employees under 26 years of age. Although some studies have
suggested that younger employees are more likely to commit
occupational crimes, the data in this study did not support that
contention. Only six percent of the frauds in this study were
committed by individuals below the age of 26. Nearly half of schemes
are committed by perpetrators between 36 and 50 years of age.

Loss by education is linked to position in organization. In general,

those with higher levels of education tend to have higher positions in
an organization and greater access to assets. As with age and
gender, it would appear that the link between education and loss is
mainly a function of the employee’s position in the organization.
Losses caused by perpetrators with college degrees were about 3.5
times as high as losses caused by perpetrators with only high school
diplomas. However, the median loss for perpetrators with
postgraduate degrees was significantly less than the median loss for
those with only undergraduate degrees. So the losses are not
continuing to rise as the perpetrator’s education level increased.

While it was much more common for a fraud to be committed by a

single perpetrator (68% of cases), the median loss with multiple
perpetrators including with an outsider such as a vendor or a
customer was almost seven times or 700 % higher than the losses
caused by perpetrators who acted alone.

www.cimejes.com
 8

Only about seven percent of occupational fraud perpetrators were

known to have been convicted for a previous crime, and only another
three percent were known to have been previously charged for a
fraud-related offense. This is consistent with other studies that have
shown most people who commit fraud are first-time offenders.

Victims

The next parameter of a model determining the fraud profile relates to

the definition of victims. In the survey at hand, frauds were
distributed fairly evenly over these four sectors (government
agencies, publicly traded companies, privately held companies, and
not-for-profit organizations) Among them, non-profit companies were
smallest. The largest median losses occurred in public companies,
while the smallest took place in non-profits and governmental
agencies. Losses were highest in publicly traded companies.

The smallest organizations defined as with 100 employees or less are

the most vulnerable than largest ones (+ 10 000 employee).Two
factors have been observed for small corporations: First, they often
lack basic accounting controls. Evidence suggests that it is fairly
common for a small organization to have a single employee who
writes and signs checks, reconciles the bank statement, and keeps
the company’s books. In situations where control of an organization’s
finances is consolidated in a single individual, occupational fraud is
easy to commit and conceal. The second reason is that small
companies suffer large median losses is due to the level of trust that
tends to exist between colleagues. In an atmosphere where
employees and management know each other well on a personal
basis, as is often the case in small businesses, they can be less alert
to the possibility of dishonesty. In fact this is a trust misused.

Four measures namely, anonymous reporting mechanisms such as

hotlines, internal audit departments, background checks and
independent audits showed a significant impact on the size of fraud
losses. Hotlines cut fraud losses in half. The presence of an

www.cimejes.com
 9

anonymous reporting mechanism seemingly facilitates the reporting

of wrongdoing and appears to have a recognizable effect in limiting
fraud losses. Strong internal audit is also ‘deterrent’ and could cut the
fraud by half because of the existence of a greater perception of
likelihood to be caught. If internal audit is effective in detecting fraud,
then the presence of an internal audit department would be expected
to reduce the median loss of fraud schemes. That appeared to be the
case in this study. The organizations that lacked an internal audit
department suffered median losses of $153,000, as opposed to the
$87,500 median loss or roughly half in organizations that had an
internal audit department. In addition to its role in detecting fraud, the
presence of an internal audit department has a deterrent effect on
occupational fraud. Employees who know auditors are present and
looking for fraud are less likely to commit fraud because of a greater
perceived likelihood that they will be caught.

Participants to survey indicated that in about 86% of cases, the

frauds could have been prevented by standard controls, but these
controls were either absent or ignored.

Post fraud reactions

Another parameter pictures the behavior once fraud is discovered.

In over 25% of the cases, survey participants believed the victim
failed to take sufficient steps to prevent future frauds. So there was
no sufficient fraud awareness after the fraud. Whether a victim took
sufficient steps was not predicated on the size of the fraud; the size
was almost the same for those taking necessary measures after the
fraud and those who are not learning from the fact. Slightly over 60%
of victims in the survey carried insurance to protect them from fraud
losses (e.g. fidelity bonding). Out of them, 35% recovered 76-100% of
loss and 39% recovered nothing.

www.cimejes.com
 10

Case results

A different parameter is designed for the determination of how the

cases were dealt with. Approximately 75% of the cases were
referred to law enforcement authorities (median loss was $ 100 000
in such cases). 462 CFEs provided information about the outcome of
criminal referrals. Over 75% of cases resulted in convictions at trial or
by plea. Only five defendants were acquitted (1.1%). Civil suits were
much less common than criminal referrals.

Only 18% of cases led to civil suits. Civil suits tended to result from
high-dollar frauds. In the survey, 93 participants provided information
about the results of civil lawsuits. In cases that went to jury verdict,
there were 53 judgments for the victim, zero for the perpetrator. It
appears that perpetrators had no good record on that count.

Approximately one-third of cases settled (32%) among parties. The

majority of CFEs thought that the punishment received by the
perpetrator was not severe enough (56.4%). Less than one percent
thought the punishment was too severe.

When victims decided not to take legal action, the most commonly
cited reasons were fear of bad publicity, private settlement, and
victim’s desire for closure. Fear of counter-suit was 5.2%. All recovery
efforts (insurance, restitution, civil judgment, etc.) resulted that 34%
received 76-100% and nearly 50% only 0-25 % of their losses.

Conclusions

General conclusions can be derived from the study were as follows:

· Occupational fraud is a serious problem. Although the rate of

occupational fraud is difficult to measure, evidence suggests
that the problem is vastly underreported. In the cases presented

www.cimejes.com
 11

in this survey, over half caused losses of at least $100,000 and

one in six cases was in excess of $1 million. It is estimated that
organizations lose about six percent of their revenue to
occupational fraud and abuse.

· Small businesses were found especially vulnerable. The data in

this study reflects that the median cost of occupational fraud
and abuse is inversely proportional to company size. The
largest companies are generally at risk to multi-million dollar
financial statement manipulations. However, these offenses are
relatively rare. Small businesses suffer the greatest losses
because of a lack of basic internal control measures.

· Cash is usually targeted. Dishonest employees prefer cash

because it has a defined value, and it is easily transported and
converted. Proper oversight of the revenue and disbursement
cycles is therefore essential in controlling cash frauds.

· Most occupational frauds are ongoing .The data reflects that the
median length of occupational frauds from inception to
detection is about 18 months. Most employees who start
committing fraud will continue to do so until there is some
compelling reason to quit. Either their activities are discovered
or the employees believe that continuing the frauds will result in
their discovery. Therefore, organizations should allocate
adequate resources to deterring fraud.

· Beware the well-educated senior male executive. Frauds are

crimes of opportunity. The higher the rank of the employee, the
more assets he or she controls. As a corollary, expensive
frauds usually come from the boardroom, not the mailroom.
Rank in an organization is normally dependent on three factors:
age, sex, and education. Older employees tend to hold higher-
ranking positions than their younger counterparts. Males
generally hold more senior positions than females. College-

www.cimejes.com
 12

educated employees normally have higher positions than high

school graduates.

· Internal controls are a deterrent to occupational fraud (e.g. no

conflict of interest, separation of duties, direct receipt of bank
statements, and annual review of cash bank accounts by anti-
fraud professional). Larger organizations that have adequate
internal controls are less vulnerable to occupational fraud.
Small businesses often have a single employee responsible for
all cash-related functions: receiving and disbursing funds,
signing checks, and reconciling bank accounts. In such cases,
cash frauds are easy to commit.

· Workplace conditions affect fraud rates. It is expected to have

less fraud if the employees are well treated and receiving
adequate compensation. The attitudes that employees hold
toward their organizations is a considerable factor in whether or
not they will commit fraud. Employees who hold grudges
against their employers, whether justified or not, often turn to
occupational fraud and abuse for revenge.

· Most effective detection method is through tips and complaints;

others can be observed were violations of controls, poor ethical
standards, excessive personal spending. Hotlines or other
reporting mechanisms were found effective in reducing the
fraud. In addition, three other measures have been shown to
significantly reduce the cost of fraud: background checks,
internal audits, and external audits by independent auditors.
Organizations should consider each of these as a significant
part of a comprehensive fraud deterrence program.

· Regular and recurring employee education/ training are a key to

prevention. Employees who receive regular and recurring
training about the detrimental aspects of fraud are more likely to
aid in controlling it (2).

www.cimejes.com
 13

NOTES

(1) is published by the Association

of Certified Fraud Examiners (ACFE), 2002. For a full report go
to www.cfenet.com .
(2) Please address your comments and questions to
halukgursel@hotmail.com

Dr Haluk F. GURSEL

www.cimejes.com
 14

EXHIBIT I

CASH

LARCENY FRAUDULENT DISBURSEMENTS SKIMMING

Cash on Hand Billing Schemes Sales

From the Deposit Payroll Schemes Receivables

Other Expense Reimbursements Other

Check Tampering

Register Disbursements

www.cimejes.com