July 18, 2024

Fraud Training Crucial for Businesses: 2024 Report Shows Reduction in Losses with Proper Controls

By Arlen Lasinsky, CPA, CFE, CFF, CVA, CTP, Director, Advisory Services

Valuation, Forensic & Litigation Services

As it has for hundreds of years, fraud remains a thorn in the business community. Perpetrators continue to infiltrate companies and compromise controls within their organizations to steal assets from those businesses.

The Occupational Fraud 2024: A Report to the Nations (“2024 Report”), published by the Association of Certified Fraud Examiners, documents that approximately $3.1 billion of losses occurred in 1,921 cases in 138 countries.¹ The 2024 Report further documents that any specific control or combination of controls does not guarantee that fraud will not occur.² This supports the adage that internal controls can prevent fraud from occurring but will not necessarily stop fraud from happening. The most common anti-fraud controls (“Controls”) are listed in the 2024 Report. The following table is a partial list (11 of 18) of the Controls and the percentage of victim organizations in the study that had the Controls incorporated in their company:³

Table 1

Anti-Fraud Control	Percentage
Code of conduct	85%
External audit of financial statements	84%
Internal audit department	80%
Management certification of financial statements	77%
Management review	72%
External audit of internal controls over financial reporting	72%
Hotline	71%
Independent audit committee	68%
Fraud training for employees	63%
Fraud training for managers/executives	62%
Anti-fraud policy	60%

Fraud training for employees and managers/directors is only present in 62% and 63% of the organizations, respectively. However, some of the Controls listed above with higher ranking percentages may not be available, applicable, or cost-effective to certain businesses in order to implement those Controls. The 2024 Report documents that the presence of certain Controls was associated with at least a 50% reduction in both the fraud loss and duration of the fraud when those Controls were present.⁴ Concerning fraud training for employees and fraud training for managers/executives, the median loss with the Control in place versus when the Control is not in place is as follows:

Table 2⁵

Anti-Fraud Control	Percentage	Control in Place	Control Not in Place	Percent Reduction
Fraud training for employees	63%	$100,000	$187,000	47%
Fraud training for managers/executives	62%	$100,000	$200,000	50%

The duration of the fraud was approximately 50% less for those victim companies with the Controls in place versus Controls not in place Table 3 documents the results of the 2024 Report:

Table 3⁶

Anti-Fraud Control	Percentage	Control in Place	Control Not in Place	Percent Reduction
Fraud training for employees	63%	12 Months	20 Months	40%
Fraud training for managers/executives	62%	12 Months	19 Months	37%

The 2024 Report also documents that over the years 2016 through 2024, organizations have increased fraud awareness training for employees from 52% to 63% and for managers/executives from 51% to 62%. Additionally, those organizations that did not provide fraud awareness training reported that they lost nearly two times more than those organizations that did provide fraud awareness training.⁷

The 2024 Report also bifurcates the results for companies with 100 or more employees and companies with less than 100 employees. Those companies with less than 100 employees are less likely to have Controls in place than their counterparts of companies with more than 100 employees. This makes smaller companies more vulnerable to fraud since there are fewer checks and balances and less segregation of duties. With respect to fraud training for employees and fraud training for managers/executives, smaller companies only had 28% training for employees and managers/executives, while larger companies had approximately 71% and 70%, respectively.⁸

What can organizations do to train their employees and managers/executives if they do not have any or very limited Control training?

First and foremost, the following is important and relevant information that should be communicated to employees:

The definition of misappropriation of assets and what it may constitute;
The costs associated with fraud occurring which include, but are not limited to, lost profits, bad publicity for the company, loss of jobs, decrease in employee attitude, morale, and productivity;
The processes an employee can take when they recognize a fraud and
Explaining the concept of “Tone at the Top” and does management follow “Tone at the Top.” There should also be an explanation of the procedures an employee should take if they observe management is not adhering to the concept of “Tone at the Top.”

Whether an organization has control training (or fraud awareness/prevention program) or needs to create one, the following includes but is not limited to, what an organization should include in its control training. Each company needs to design and train its employees to meet its needs. Consequently, many aspects of a training program are unique to each company.

Have a program in place to spot red flags via emails. This is relevant for phishing attempts and business email compromises. Perpetrators are notorious for using emails and text messaging (smishing, the counterpart of phishing) to infiltrate an organization.
Explain and convey the importance of segregation of duties and controls and ensure they are followed. No employee should be able to consummate the transaction, record the transaction, reconcile the transaction, and have custody of the asset. Any two of these functions can place the company in a vulnerable position.
Implement cash management and oversight of the treasury function, which are vital. For example, incorporate the process of having more than one person involved when transferring funds. One person should initiate the transfer, but another person has to release the transfer. An organization’s bank can assist companies by placing specific controls, such as payee positive pay.
Establish a confidential employee hotline. If the company does not have a hotline or some way to anonymously report fraud, a dedicated and independent email inbox should be established for such reporting.
Provide concrete and specific examples. Include actual frauds that have occurred in other companies and how the training can use those fraud cases to learn from the deception that had happened in those cases.
Data Analytics. Make sure employees are aware of data analytics and how that information can establish a pattern or red flag.
Don’t hesitate to criminally prosecute if your company is a victim of fraud. It will send a strong message and serve as a valuable deterrent to future fraud.

Employees are one of an organization’s most valuable assets and are often the first line of defense in fighting fraud, as they are the eyes and ears of management. Consequently, it is essential to properly train those employees so they can effectively identify when a red flag is present, or a fraud may have occurred. It is important for them not only to learn how to spot fraud but also to be trained to report it for further investigation. It is essential and imperative that the employee observing a fraud does not confront the fraudster on their own. This could lead to serious consequences, such as valuable evidence being destroyed or removed from the company.

The 2024 Report documents that more than $3 billion were lost due to occupational fraud. One of the ways to be better prepared to avoid being one of the victims is to have proper Control training for employees and managers/executives. The best way for an organization to not be a victim is for a company to stay ahead of the perpetrators who are constantly looking for an opening to misappropriate the organization’s assets. Training employees and managers/executives is one of the avenues that should be taken to strengthen internal controls.

If you would like more information or assistance on anti-fraud training, please get in touch with Arlen Lasinsky at [email protected].