Fighting fraud: 4 benchmarks you need

The best offense is a good defense – that’s how many companies approach fraud prevention.

With the proper controls and policies in place, hopefully you’ve done much to minimize your company’s exposure, from both internal and external threats.

But how do your actions compare against your peers’?

Some new benchmarks can help you see where you stand.

Those come courtesy of the PricewaterhouseCoopers 2014 Global Economic Crime Survey.

There’s good reason to check: 46% of U.S. companies were hit by “economic crime” in the past two years. And the price tag is a high one: More than half (54%) of companies that experienced fraud said it cost them more than $100,000.

Take a look at the ways your peers are working to prevent fraud on the front end … and how they’re handling it when they do discover some financial funny business.

Benchmark #1: How often they evaluate their risks

Of course, the risks for fraud can be an ever-changing mark. Each time new vendors are added, new employees go on the payroll, new markets are entered, etc., there can be shifts in your exposures.

So how often should you step back to determine where the greatest risks lie?  Here’s what the PWC survey found, in order of popularity:

• Annually: 44%
• Don’t know: 17%
• Once: 15%
• Never: 15%
• Quarterly : 7%
• Every six months: 1%, and
• More often: 1%.

Even if you’re currently embracing the most common strategy – an annual review – you might consider one tweak to your policy. Any time there’s a major shift in your business (as in expansion into a more vulnerable industry or geographic region), consider conducting a new fraud risk assessment.

Those moves may require you add new controls or policies to protect yourself. And think how much damage could be done in a year if you wait for the next annual review to come up.

Benchmark #2: Tapping your whistleblower mechanisms

Hopefully by now your company has a system that allows employees to speak up (probably anonymously) if they suspect something fishy’s going on. The vast majority (86%) of organizations do now.

But are they being used? Compare your experience in the past 24 months with what your peers are reporting:

• 1-10 times: 24%
• 11-100 times: 21%
• More than 100 times: 12%
• 0 times: 9%, and
• Don’t know: 34%.

The fact that “don’t know” is the most popular response should send up warning bells. That means that some companies aren’t monitoring this mission-critical tool as closely as they should.

Besides tracking number of tips coming in, it’s a good idea to track the types of tips and where they’re coming from. That could expose potential vulnerabilities in your exiting controls.

• More than 100 times: 12%• 11-100 times: 21%

Benchmark #3: Actions taken against internal perpetrators

Even with the best controls, fraud can still find its way in. So how do you handle it when it does?

That was another topic tackled by PWC in its recent survey. And the results were quite different depending on whether or not it was “an inside job” or the hit came from an outside source.

Take a look at what your peers do when an employee commits the fraud (many of which can be done simultaneously):

• Dismissal: 95%
• Authorities notified: 66%
• Civil action taken, including recoveries: 37%
• Notified relevant regulatory authorities: 21%
• Issues a warning or reprimand: 16%
• Don’t know: 5%.

Benchmark #4: Actions taken against external perpetrators

The story’s a bit different when it’s an external source to blame. See how you’ve handled similar situations with what your peers say they’ve done:

• Informed law enforcement: 87%
• Civil action taken, including recoveries: 52%
• Ceased business relationship: 48%
• Notified relevant regulatory authorities: 35%
• Did nothing: 4%.

It’s never an easy situation to have to handle. But hopefully this will help you see whether your course of action is on track.

Info: To download the full PWC survey, click: