Most of the clients I have worked with on fraud issues have engaged me only after they have become a victim of fraud, waste or abuse (FWA). Either someone tipped them off or they stumbled upon the FWA on their own, and needed help in investigating and remediating the situation. This is reactive, and I do not recommend it.
The Association of Certified Fraud Examiners estimates that, in a given year, the typical organization will lose 5% of its revenue to fraud. When you factor in the impacts of waste and abuse, that loss can climb as high as 11% of revenue. Think for a moment, what is 5% of annual revenue for your organization? Now, added to that the cost of investigation and remediation, which can vary from $37,000 to $188,000 per incident. For the average small business in the United States, you would be looking at $438,000 to respond and recover from a single FWA incident. This extraordinarily high cost is why your organization cannot afford to be reactive to FWA.
The alternative is a proactive approach which seeks to identify FWA as it occurs or before it occurs, and put measures in place to prevent and deter FWA before it has an economic impact on the organization. This can be done in two ways.
The first is a relatively inexpensive method that requires the organization to monitor its operations for indicators of FWA, such as trend data, anomaly detection, and tips from employees and customers. While this method is easy and cheap for organizations to DIY, it also creates a lot of false positives, which require a commitment of manpower to investigate and discern the legitimate signals of FWA from the background noise.
The second method is more methodical, and the approach that Hogan Forensics takes when working with clients. The goal is to identify the FWA risk exposure, and close gaps in the organization’s controls. A typical proactive FWA program lifecycle looks like this:
- We start by understanding the business, which includes the market, industry, and organization-specific factors that can influence FWA risk for the client.
- Based on this information, we identify the possible FWA exposures that the organization could experience, both internally and externally.
- We then determine the likelihood and significance of each exposure to prioritize the list of risks to the organization.
- Next we determine how to detect and prevent each FWA risk, working down the priority list until we satisfy the client’s risk appetite.
- Then we can implement controls and resources that allow the organization to manage its FWA risk while being mindful of operational and financial limitations.
Instituting programs like this allow organizations to dramatically reduce the opportunities for FWA to happen, and when FWA does occur, the organization is able to identify and remedy the issue before it has a significant impact on the organization.