GRC Tuesdays: Duke University’s Fascinating Study Joins Business Experts in Confirming the Pervasiveness of Fraud

Have you had the time and the good fortune to run across The Dishonesty Project (an endeavor of behavioral scientist Dan Ariely at the Department of Psychology at Duke University) that’s studying the conditions and characteristics of lying, cheating and stealing? If not, I strongly recommend you check it out. An 85-minute film (which can be viewed on iTunes, Googleplay, Netflix or vimeo) detailing the activities of the project reveals fascinating research findings and includes many insightful testimonials from both (in)famous and everyday liars, cheats, and thieves.

The Invention of Lying

At a personal level, results from the Dishonesty Project show what is consistently born out in official data from other sources on the matter.

One of these sources, PwC’s 2016 global economic crime survey revealed that 36% of more than 6,000 respondents admit that their organizations are affected by economic crime. The five most frequent forms of economic crime include asset misappropriation, cybercrime, bribery and corruption, procurement fraud, and accounting fraud.

Another authoritative source is the biennial Report to the Nations on Occupational Fraud and Abuse, conducted by the Association of Certified Fraud Examiners (ACFE).

Based on thousands of cases reported by fraud examiners across the world, the ACFE’s detailed look into how fraud is perpetrated, detected, and combated in various industries and regions reflects the same conditions and motivations for bad behavior uncovered by The Dishonesty Project. Fundamentally, the more people believe that others participate in or condone fraudulent behavior, the more pervasive the actual activity.

And the further away someone is from actual cash (involved in the abstraction of number entry and number manipulation, for example), the less they initially feel responsible for any wrongdoing. Moreover, the presence of certain controls—including management reviews, monitoring, and confidential employee hotlines in the case of organizations—greatly reduces the damage and incidence of fraudulent activity.

What We Have Suspected All Along

Fortunately, the use of more effective controls on fraud in business is slowly on the rise in 2016. Unfortunately, fraud activity still has a significant negative impact on value. Fraud examiners participating in the most recent ACFE survey estimated that a typical organization loses about 5% of its revenue to fraud each year. Reported total losses caused by fraud were more than $6.3 billion—an average loss of $2.7 million per case. That average is supported by the 23.3% of cases with losses of $1 million or more. Median losses are $150,000 per incident.

The type of fraud most often reported is asset misappropriation, present in 83% of the cases. Interestingly, financial statement fraud is present in less than 10% of cases but causes the biggest median loss at $975,000.

Anti-fraud controls limit the amount of organizational damage. Fraud activity at organizations that implement anti-fraud controls continue for significantly less time and inflict much smaller losses. For example, at organizations that apply proactive data monitoring and analysis, fraud schemes last a median of 12 months, causing a median loss of $92,000.

At organizations without this capability, fraud schemes last an average of 24 months with a median loss of $200,000. A 54% reduction in median losses experienced by organizations with proactive data monitoring and analysis was the largest among the 18 types of controls tracked in the survey.  In addition to data monitoring, two other controls (management reviews and hotlines) reduce losses by 50% compared with those in organizations without those controls.

Less than Six Degrees of Separation

Overall, organizations appear increasingly to understand that anti-fraud controls limit the duration of and damage caused by fraud schemes. The percentage of organizations using hotlines, for example, was just over 60% in 2016, up nine percentage points since the 2010 study. Organizations are increasing their use of fraud training for employees (at 52% in the 2016 survey, up from 44%), anti-fraud policy (50%, up from 43%), and codes of conduct (81%, up from 75%).

Small organizations remain most at risk from the consequences of fraud. Organizations with fewer than 100 employees are the most likely to suffer from fraud, representing about 30% of all cases reported in the 2016 study. The median loss suffered by small firms was $150,000, the same level as those suffered by large organizations (those with 10,000 or more employees) and more than organizations with between 1,000 and 10,000 employees.

Small organizations are the most vulnerable to the damage caused by fraud because they have fewer resources to withstand losses. Small organizations are much less likely to have anti-fraud controls in place than larger organizations, as well. For example, while nearly three-quarters of organizations with 100 or more employees have hotlines, only about a quarter of small organizations do.

Fortunately, for our customers, SAP provides one of the world’s most agile and effective anti-fraud controls on data in the form of SAP Fraud Management. To learn more about how SAP Fraud Management, powered by SAP HANA, helps save customers from the blight of economic crime, please examine the evidence.