Skip to content
Nov 10, 2015


Despite the increased fraud awareness in today’s corporate environment, many organization leaders still believe fraud will not happen to them. As a result, their organizations are not willing to spend the resources necessary to implement an effective fraud prevention program. It is not until the organization becomes a victim of fraud that the necessary resources are allocated to fraud prevention. In addition, many business owners believe that the services already being provided by CPAs such as financial statement and tax services include fraud detection.  

Fraud is one of the largest unmanaged costs to an organization. According to a 2014 study by the Association of Certified Fraud Examiners (the “ACFE”), fraud cost businesses $3.7 trillion in 2014 (which works out to approximately 5% of all worldwide revenues).

By instituting strong internal controls, an organization can minimize opportunities for fraud to be committed. In addition to strengthening controls, organizations need to set the tone and develop a climate that is hostile to fraud. An effective fraud prevention program in every business should contain the following elements:

  • Processes and procedures in place for prevention and early detection of fraud;
  • A high level of integrity set by leaders of the organization;
  • A fraud policy; and
  • A fraud hotline.

Types of Fraud

So what types of fraud are businesses most vulnerable to?  There are 3 major types of fraud: asset misappropriation, corruption, and financial statement fraud.  The fraud schemes we heard so much about in the news media such as Enron, WorldCom and Tyco have all been cases of financial statement fraud.  This type of fraud is the most costly per scheme, but it is the least common, occurring only 9% of the time according to the study by the ACFE.  The study further showed that the most common type of fraud is asset misappropriation occurring 85% of the time. 

Asset misappropriation is defined as the theft or misuse of an organization’s assets by management or an employee, which is most often the theft or embezzlement of cash. This can include skimming revenue before it is recorded on the books, stealing cash receipts, stealing inventory, defrauding payroll and making fraudulent disbursements. According to the study by the ACFE, fraudulent disbursements are the most common type of asset misappropriation. 

Why Do Employees Steal?

Most experts support a theory called the fraud triangle. This theory states that in order for fraud to occur, 3 elements must exist:

  1. Perceived need by the employee. This could be a financial need from living beyond one’s means, a vice (gambling problem, alcohol or drugs), or an unexpected crisis or event. 
  2. Perceived opportunity to commit fraud usually due to lack of internal controls within an organization.  
  3. Rationalization by the fraudster about committing the fraud such as believing that the funds are only being borrowed, or that the employee is underpaid therefore the embezzled funds represent part of the employee’s salary. 

Under this theory, the employees believe that they can successfully perpetrate the fraud without being discovered.

Types of Employees

Employees can be placed into 3 major categories. The first category is the “generally honest” employee who has no intention of stealing from your organization, but will if the opportunity arises and there is a need for financial resources. Typically, this individual is a first-time offender. The thought of getting caught and possibly going to jail is incomprehensible for these employees. For this reason, the mere perception that a fraud scheme may be detected can many times prevent fraud from occurring. 

The second category is the “professional” fraudster who enters your organization with the intent to commit fraud and is always looking for opportunities. The “professional” fraudster does not fit the fraud triangle model discussed earlier. This individual does not need to rationalize his/her actions. Professional fraudsters seek out organizations with weak controls. By implementing strong control policies, a company can deter these professionals from ever entering their organization. 

The last category is the “honest” employee who would never steal from the organization. 

Almost all victims of fraud make the mistake of believing that their employees, especially long-time employees, all fall into the last category of the “honest” employee and that it would never happen to them. The most likely person to commit fraud in your organization is the long-time trusted employee. The employee has been with the company long enough to develop relationships with vendors, gain the trust of the business owners and other co-workers, and understand the weaknesses in the company’s internal control structure. 

Fraud Prevention

By instituting strong internal controls in an organization, a business owner can minimize the opportunities to commit fraud.  This will not only prevent the “generally honest” employees from committing fraud, but can also deter “professional” fraudsters from targeting your organization.   In addition to strengthening internal controls, business owners need to set the tone within an organization and develop a climate that is hostile to fraud. 

In the ACFE study, it was found that the most common method for detecting fraud was through a tip from an employee, vendor, or customer. By setting up a fraud hotline, organizations can cut their fraud losses by approximately 50% per scheme. Other steps an organization can take to prevent and deter fraud and embezzlement include the following:

  • Perform proper screening of employees during the hiring process;
  • Set up policies regarding fraud that include a statement that dishonest acts will be punished;
  • Do not allowing employees to control all phases of a transaction cycle;
  • Require proper authorization on documents;
  • Scrutinize expense reports, credit card charges, telephone bills and employee overtime payments;
  • Safeguard bank statements, checks, and credit cards;
  • Set up independent checks through use of internal or external auditors; and
  • Implement strong computer security procedures.


Contact EisnerAmper

If you have any questions, we'd like to hear from you.

Receive the latest business insights, analysis, and perspectives from EisnerAmper professionals.