In some ways, detecting fraud is like pulling people out of the river AFTER they have fallen off the broken bridge. So here’s a thought: why not concentrate on fraud prevention? Or, to carry on with the analogy, “why not just fix the bridge?” Before we get too far along, I know that no matter what an organization does, there will always be those who perpetrate fraud and that stopping it all from happening isn’t even remotely realistic. Just like there will always be someone who finds a way to fall off the bridge! I know there is a lot we can do to help people walk a straighter line.
It is generally believed that fraudsters commit their acts because they do not think that they will be caught. Adding new rules or encouraging whistleblowers will not, in my opinion, cause fraudsters to change their ways. What can influence the outcome more effectively is putting detective measures in place, letting everyone know that they are on 24/7 and creating an environment where the risk of getting caught outweighs the possible gain of committing fraud to begin with. By detective measures, I am referring to leveraging data analysis technology to seek out indicators of fraud in an organization’s transactional data. When these measures are applied on a continuous basis (continuous auditing or monitoring) — and everyone is aware of their existence — detective measures become preventative in nature.
This idea isn’t new, as it is often cited in reports, articles, and in the Fraud Prevention Checklist contained in the ACFE’s 2010 Report to the Nations on Occupational Fraud and Abuse (p.80, item #3). “Is continuous auditing software used to detect fraud and, if so, has the use of such software been made known throughout the organization?” Yet according to the same ACFE report, the lion’s share of initial fraud detection is done by tip (46.2%).