The Institute of Internal Auditors presents all things internal audit. In this episode, Mason Wilder, research director of the Association of Certified Fraud Examiners discusses the findings and implications of the occupational fraud 2024, A report to the nations. Welcome to the All Things Internal Audit podcast. I'm Robert Perez. In this episode, we are diving into the occupational fraud in 2024, A report to the nations from the Association of Certified Fraud Examiners, A CFE.
This publication produced every two years, provides an impressive look at fraud globally from its financial impacts to how perpetrators of fraud are most likely to operate. I am quite pleased to have with me today, Mason Wilder, the AFEs Research Director will help us dissect some of the more intriguing parts of the report. Mason, thank you so much for joining me. Thank you so much for having me.
Um, you know, I I appreciate the opportunity to talk about one of the most important things that we as an organization do, and that has been, you know, just such an important, uh, piece of work for us for, um, going on almost 20 years now. I think, Uh, according to the, uh, this year's, this year's occupational report, fraud losses topped 3 billion globally.
Look, one question is, is that figure, um, based on the survey responses that you've received, or is that extrapolated based on what we know about, uh, how often fraud occurs typically in an organization? Sure. So that figure, uh, was directly, uh, taken from the sum of the losses for all of the cases that we used in this year's report. So that was not, uh, there was no kind of guesswork or extrapolation involved in that figure.
Now, there is a figure that is probably the most quoted part of the report that is an extrapolation, and that is, you know, every, every survey we ask CFEs to estimate how much of their organization's revenue is lost to fraud on an annual basis. And so it's always, or, you know, it's regularly at 5%. And we, uh, take that and use a World Bank estimate for how much the global economy, uh, includes. And so, uh, which was 101 trillion, it was the figure that we use this this year.
And so that means, you know, we have this figure of an estimated $5 trillion lost globally to fraud each year. And, uh, that's probably the piece of this report that gets quoted the most in news articles. Uh, but we feel like that's just, you know, there's so much more value in this report than that number. And, you know, since it does involve some extrapolation, it's maybe not necessarily our favorite figure to highlight from this.
But, um, those are the differences between those two, two figures. But, but to your point, the, the report does include a lot more precise and sort of fascinating information. For example, one of the things I wanted to point out, that one of the data points that continues to grow is the number or the percentage of frauds detected by whistleblowers. Uh, indeed, this survey found that tips were three times more common and the next most common, uh, detection method.
Uh, tell me more about that and, and how the value maybe of hotlines or other anonymous reporting methods is growing when it comes to, uh, occupational fraud detection. Sure. So, uh, that, that figure, the fact that tips are the most common detection method, uh, for all the cases submitted, this is a pretty consistent finding from all of the re reports that we've done.
So, uh, and you know, in our opinion as an organization, uh, I think it's probably one of the most important highlights or takeaways from this report. It really illustrates that your an organization's employees are its most important fraud prevention asset, um, or the most important asset that you have at your disposal for preventing fraud. And so this hasn't necessarily grown, uh, in importance. It's always been the top detection method.
Um, one thing that has changed with it is the reporting mechanisms. Uh, for example, in this year's report, the most commonly used reporting mechanism or format for reporting, if you will, was, uh, online or web-based reporting mechanisms rather than, you know, the last report, I think it was, um, email, uh, was the most common. Uh, and prior to that it was always hotlines.
So, you know, I think what we hope that organizations take away from that is that it is critical to have, uh, not just a hotline or some kind of a reporting protocol in place at your organization, but, um, offering a couple different options to your employees so that you can kind of meet your employees where they are, uh, and what it suits them best.
You know, maybe for older employees, uh, they'd prefer to use a hotline, whereas younger Gen Z employees that you have might prefer to have web-based reporting or be more likely to use that. So, you know, and, uh, so we recommend having several options available. A hotline or reporting protocol, um, is a, a type of anti-fraud control that can be incredibly valuable to any organization in any industry of any size, in any jurisdiction.
I think this is, you know, probably the, like most universally applicable and therefore probably the most important anti-fraud control an organization can have. And, and to that point, what does this mean for, for internal, from an internal audit perspective? How can internal auditors leverage whistleblower tips?
Well, since, uh, that is the most common method of detection, I mean, I would encourage all auditors to, uh, if they are not directly involved in the hotline or reporting protocols at their organization, learn about them and, you know, understand how they work, the different options available to employees. Um, and I think it's also really important to not just have these in place, but, um, test and evaluate how they function.
Make sure that, uh, and this is something where auditors are going to be more likely to be involved than other personnel at the organization. I think, um, just, you know, testing and evaluating the reporting mechanisms, ensuring that all reports received are taken seriously and followed up on, and, you know, again, and not just doing that once in a while, I would recommend regularly testing that hotline because it is where the majority of your fraud cases are going to come from.
Great insights on that. Excellent. So another benefit of the report is that it builds some pretty robust profiles on typical frauds, fraudsters, methods, duration, and more. Tell, tell me a little bit more about that. Sure. So this is really, I think what, you know, could be considered the meat of the report or the real substance of the report.
And, you know, we really hope that the readers of this report, uh, use that information to, or translate that information into improvements for their anti-fraud programs.
So for example, you know, the, for typical frauds and characteristics of fraudsters, uh, especially within an industry, you know, we, we hope that readers are able to take that information and incorporated into their fraud risk assessments or their fraud risk management programs, uh, to make sure you're prioritizing, you know, uh, the most significant risks or the departments where fraud is more common or, you know, uh, things like that.
And for like methods that are used to commit fraud, we hope that, you know, organizations take that, or fraud examiners or anti-fraud professionals take that information into consideration, um, when they're developing their kind of investigation procedures or their controls, you know, to, to frame those controls so that they are designed to detect the more common methods of carrying out fraud.
Um, and for things like, you know, duration, I know you mentioned that that's, you know, not necessarily, we don't necessarily hope that you take that information and turn it into some kind of control or procedure, uh, that's maybe designed more to illustrate the importance or emphasize the importance of detecting frauds early, because every study has shown, of course, um, you know, the longer a fraud goes on, the higher the losses are.
And so, uh, another thing that's not really captured in the report, but I can say, you know, from working at the A CFE for a while now and having a lot of conversations with anti-fraud professionals, uh, that, you know, it's generally once fraudsters decide to commit fraud, they do not stop until they are caught. So, you know, it's incredibly rare that somebody just commits a one-off fraud.
So, you know, that's for, um, duration we're, when we present information related to the duration of frauds, uh, you know, we're really trying to emphasize the importance of catching them early. Excellent point. So an interesting twist or, or, or detail of this year's report is that for the first time it really reflects frauds that occurred during the global pandemic.
Uh, tell me why we're, we're only now seeing that and, uh, what the impact was As far as the impact of covid, what we've really focused on collecting, uh, in last year or last report, and this one is more, um, you know, coverage of the, the factors related to the pandemic that impacted the fraud, rather than trying to quantify how much the fraud was impacted by covid or those factors.
So according to our data in this year's report, more than half of the cases in the study had at least one pandemic related factor that contributed to the fraud.
Um, so, you know, it's really difficult to try and quantify that the, the impact on these frauds from covid, uh, apart from just kind of saying they were impacted, um, you know, there, there was a relatively significant increase in median losses in this report after, you know, four reports in a row, the median fraud losses were decreasing as were median durations of fraud. And then in this, uh, we reversed that trend for this report.
So it's, it's really difficult to say whether that in increase was directly correlated with the pandemic or not. Um, but it is notable, I think, and, um, you know, the, but certainly the pandemic caused organizational staffing changes, you know, shifts to remote or hybrid work, operational process changes, um, and you, you know, those three in particular, uh, can have a major impact on how controls are implemented or how effectively your existing controls are implemented.
And it might create more opportunities for people to circumvent those controls or commit fraud in ways that they wouldn't be able to if everybody was still in person in the office. And so, I mean, I think that's really the, the majority of the covid impact on fraud. But again, we just, you know, we're only kind of able to reliably track whether or not covid played a role in these fraud cases more so than how much of a role did it play.
So it, it's easy, it's easy to get caught up in all the fascinating details of, uh, the data points and how often or how big frauds can get, uh, but the real value, at least for me in the report, is that it can really teach us a lot about fraud detection and prevention. And you've already touched on that a little bit, but tell me a bit more about that.
One of the things that we did for the first time in this report to really drive home the point that you're, you're making is we included a bit of a, a guide, a kinda one page infographic that provides some ideas and instruction on how the audience can use the report to do things like inform fraud risk assessments, like I already kind of mentioned, or benchmark their anti-fraud program and see how it stacks up against other organizations and, you know, determine whether
or not they need to make any adjustments that can, you know, improve your fraud prevention and detection efforts, uh, and really use some of the information, especially with regard to losses, um, to sell fraud prevention or fraud risk management programs to management, you know, by being able to have a number that an average specific type of fraud, uh, can cost an organization to really illustrate that.
Like, if we don't do something to address these risks appropriately, we could find ourselves facing, you know, pretty significant losses. Um, a lot of times, you know, the, the cliche, an ounce of prevention is worth a pound of cure.
And, you know, we hope that people are able to use some of the statistics in this report to kind of make that point when they're talking to management or clients about fraud prevention, uh, and really, you know, identify the areas of, of risk that are, you know, the highest for their type of organization based on either size or industry.
Um, and, you know, there's a lot of different ways that you can take the information from this report and, um, use it to hopefully better protect your organization against fraud. Yeah, that, that, that's such a great point because it is about your individual organization and trying to find out how things operate that, that's one of the things that, uh, we talked that I was considering in terms of fraud detection and prevention is, is how the organization operates itself.
Tell me generally how different, well, how different is in culture differe and industry and maturity maybe, uh, and other factors can affect fraud. I think of the characteristics that you mentioned, the culture, industry maturity and other factors, I think industry is going to have the biggest impact on your particular fraud risk profile.
Uh, some organizations, uh, that are in certain industries like, you know, um, mining or something for example, or are going to have different risks than like a financial services company. Um, you know, the, so for that particular example, like a mining company is going to face a higher risk of, uh, inventory theft or, you know, um, physical asset misappropriation, then a financial institution or a financial services company.
And so, you know, we've got information in there that, that shows what the most common fraud types were for. I think it's like 19 or 20 different industries that we slotted each response into. And so that can be really useful because no, uh, two organizations are going to necessarily have the exact same fraud risk profile.
Um, you know, smaller organizations as far so like size of an organization can play a big role because smaller organizations generally are not gonna have the budget to, uh, implement the same type or amount of, uh, anti-fraud controls that a larger organization is. Um, and organizations that are newer, uh, you know, a lot of anti-fraud programs are iterative. You know, they've been improved over time and often in response to frauds that have occurred.
You know, a lot of times, uh, organizations only find out that they have a particular kind of fraud risk when a fraud occurs. Mm-Hmm. So, um, you know, we also captured some information in the report about, you know, what were the most common controls that were adjusted or updated after a fraud occurred. So you can look at some of that information to maybe try and accelerate your learning curve if you're at a, a younger organization.
So, you know, there's a a million different variables that, uh, go into an organization's, you know, fraud risk profile, and we try to capture as much information as we can in this report to kind of inform, uh, people about their specific organization's risk profile. Um, but you know, there's really an unlimited amount of variables, so you can't capture everything.
Yeah. But, but to your point, I mean, uh, the, the overarching benefit of all of this is becoming better educated, whether it's about your particular industry or better educated and able to, uh, be able to better inform management and, and sell them on the benefits of, of, uh, effective controls.
Uh, and, and clearly this is what is, is the great benefit of the report itself is that it's, uh, there to educate, uh, folks about, uh, the different aspects of it and the different, uh, ways that they can, uh, put in effective, uh, deterrence and, and, and, uh, prevention, uh, controls. So obviously we've covered lots of ground here, uh, but we're really just sort of scratching the surface, uh, on all the details in the report, uh, itself.
But is there anything you, you want to touch on that we haven't talked about that is important, do you think? Yeah, you know, there is one thing, and I think it really dovetails with what you were just saying really nicely. Um, this, this report is about education.
And, you know, especially if you're just for auditors that are, you know, now being maybe asked, there's more being asked from them with regards to detecting fraud, uh, and, you know, they're curious and want to be able to do more from like a fraud detection perspective. This is a really valuable, uh, resource for you to learn so much about how fraud is committed, how it's detected, um, and much, much more.
But also I think this can be a really great asset for something that we highlight for the first time in this report. We really, you know, dug deep into the value of fraud awareness training. And so this really fits. So we're not just trying to, um, we're not just trying to promote the education of people that might have some kind of anti-fraud responsibility or role, but we also tried to illustrate the value of educating all your employees about fraud.
And so there's a really cool infographic about fraud awareness training for your employees that I really encourage people to take a look at. Uh, and, you know, if you don't already have fraud awareness training at your organization, I would strongly suggest that you consider implementing it because we're able to capture some, some data that illustrates how effective it can be in limiting your fraud losses. This also ties into what we started this conversation out with, uh, talking about tips.
Uh, people that know more about fraud and have more fraud awareness are going to be much more likely to use that reporting mechanism or, or call that hotline and report something suspicious. And again, your employees, I think, are your more, most valuable asset in the fight against fraud. So, if I had one kind of closing piece of advice, it would, uh, be for our audience here today to check out that fraud awareness training infographic to really see how valuable that can be.
And if you don't have it at your organization, I strongly suggest, uh, implementing it. Well, that insight brings us very nicely back around to, to where we started, to your point. So again, I'd like to thank, uh, my guest, uh, Mason Wilder, a CFE research director for joining me today. It's been fascinating. Well, thank you for having me once again and, um, you know, you can feel free to make my contact information available to the audience.
Uh, happy to do anything I can to help people, uh, help people out, whether they're I I a members, A CFE members, or just members of the general public that are curious about fraud. Excellent. So indeed. So, if, if our listeners found this podcast topic as fascinating as I did, I encourage, uh, you to go to ffe.com where you can download occupational fraud in 2024, a report to the nations. I'd also encourage you to subscribe to, you know, things internal audit fraud podcast.
It's, uh, publishing collaboration with the Internal Auditor Magazine and the a FE. And finally, you can also find more information@the.org slash acfe fraud. Thanks for listening.