Prevention is better than the cure...Follow @PwC_Midlands
Rarely does a day go by without another headline announcing the latest victim of fraud. The scale and variety of fraudulent activity seems unprecedented, as does its frequency. Our recent Global Economic Crime Survey found that 51% of UK respondents had fallen victim in the last 12 months.
The cost of fraud is also growing. As well as an increase in the total proportion of UK respondents suffering fraud (up from 43% in 2009 to 51% in 2011), since 2009 the number of respondents in our survey reporting direct losses of between US$100,000 and US$5million has risen by 11%. Similarly, the number reporting losses of over US$5million has gone up by 3%. To make matters worse, with a significant number of frauds likely to remain undetected, the true cost of fraud could well be significantly higher.
This lack of insight makes prevention more difficult. How do you know how much to invest in to prevention, if you don’t know the impact fraud could have on your organisation? In my experience, more organisations would benefit from undertaking an overall impact assessment to give a proportionate and informed balance between preventative investment versus the risk profile. This assessment should not only consider direct financial losses (both known and unknown), but also investigation costs, management time, reputational damage, staff morale, regulatory action etc.
Of course, not all fraud can be prevented. Once preventative measures are in place, effective fraud detection controls are required to help identify suspicious activity. We’re seeing more and more organisations employing automated systems to help bolster detection frameworks. This development is significant in light of economic difficulties and resultant cutbacks on central functions like internal audit. I believe this is a positive step forward in the fight against economic crime. However, controls alone aren’t a panacea to detection. The importance of organisation culture should not be underestimated; tip offs and whistle blowing accounted for almost one quarter of all detected frauds in our 2011 global survey.
When, unfortunately, incidents are detected, the ensuing investigation is of central importance in order to maximise the chances of success of; fully unearthing any wrongdoing, preventing further losses, facilitating punishment of the fraudster, aiding recovery and robust remediation.
All investigations are iterative processes which, in simplest form, follow a series of common steps:
Each of the above stages hides pitfalls, lying in wait for the unwary. At best, these pitfalls could result in a poorly planned and thus longer and more costly investigation. At worst, the organisation could be exposed to further losses, reputational damage and the personal exposure of senior overseeing management. Some important points to bear in mind include:
- One person should be nominated to lead the investigation;
- The investigation team should be independent and experienced;
- Goals should be clear and focus should not drift from the objectives;
- Secure evidence early, consider all data sources before gathering data;
- Consider legal requirements, privacy, evidence, data protection etc;
- Be prepared for new lines of enquiry to open up;
- Align the type, format and depth of data gathering and analysis work with goals and objectives;
- Maintain a log of actions, decisions taken and evidence gathered; and
- Don’t jump to conclusions.
Another common pitfall is that of not learning from past mistakes. The occurrence of a fraud often indicates that current preventative measures and/or detection framework could be improved. Identifying and remediating these gaps is essential to help prevent the repeat of similar frauds. Looking at the bigger picture, the nature, frequency or location of the incident detected may indicate that the risk landscape itself has changed. Therefore, rather than just fixing the control it may be wise to revisit the organisation’s underlying risk assessment, upon which its preventative and detective safeguards is built.
In these difficult times, it’s more essential than ever for organisations to proactively prevent losses. Certain steps, including striking the optimal balance of preventative measures, can help. When fraud does occur, past lessons can guide future investigations to minimise losses and maximise safeguards. Prevent where possible, but if not, react with wisdom.
We will shortly be releasing dates for our events in the Midlands focussing on fraud prevention and investigation.