4 Common Ways Companies Miss the Mark
Organizations of all sizes and industries continue to assume the risk of reputational damage, following the suspicion or revelation of fraud. The signals of fraud risks can be faint, but effectively sensing and acting on them is essential. Deloitte’s Satish Lalchand and Martin Biegelman outline patterns of behavior that should not be ignored in efforts to prevent and detect fraud.
with co-author Martin Biegelman
Many companies — no matter the size or industry — continue to find themselves in the spotlight, reacting to discovered fraud.
A key question to be addressed is why organizations don’t see it coming — especially in highly regulated industries or in companies that, on the surface, appear to have robust compliance programs.
The inability to sense, identify and possibly fend off fraud earlier could be a matter of missing the patterns that would give it away.
The signals can be faint, perhaps muffled by organizational and data silos. Yet sensing and acting on them is essential to uncovering emerging areas of risk.
Common behavioral indicators of potentially fraudulent activity include:
- Living beyond one’s means
- Financial difficulties
- Unusually close association with a vendor
- “Wheeler-dealer attitude” such that the rules don’t apply to them
- Control issues and unwillingness to share duties
Organizations that want to examine and monitor behavior patterns of employees and third parties as part of their fraud-fighting strategy can benefit from several insights that may assist in their efforts.
1. Companies often wait too long.
Organizations that do business without encountering problems may believe that they have adequate controls in place and, crucially, that they can trust their people. But an out-of-the-blue revelation of missing funds, a customer accusation of malfeasance or a sudden government investigation can blindside the organization and leave leaders scrambling to halt a fraud scheme and contain the damage.
2. Red flags are often missed.
An organization may understand fraud drivers but overlook faint indicators or “traces” that hint something out of line could be happening. For example, advanced data analysis conducted by an insurance company investigating possible sales fraud identified potential employee red flags, such as compliance violations, missed training, customer complaints and expense report issues. Individually, the transgressions were viewed as minor offenses that didn’t warrant further investigation.
3. Effective analytics rely on both technology and human dimensions.
Effective analysis involves more than summarizing and aggregating data, and success of these efforts hinges on whether the right indicators are being analyzed. A misdirected investigation can be of little use, yielding few insights and perhaps wasting limited resources in the pursuit of false positives.
4. Fraud analytics is science and art, not science fiction.
Data analytics are revolutionizing fraud investigation. Many organizations hesitate to leverage data analytics because they may believe such capabilities are not yet mature or they fear doing so could lead to privacy issues. False positives can still be a very real concern, especially when the latest generation of analytics tools give investigators the ability to analyze 100 percent of data sets rather than sample just a small portion, as in the past. Having the skills and experience to reduce false positives yet still derive meaningful insights from the data is an important requirement.
Again, sensing and acting on behavioral signals of fraudulent activity is essential to uncovering emerging areas of risk. Examining and monitoring behavior patterns of employees and third parties can be helpful in organizations’ fraud-fighting strategies.
Martin Biegelman is a Deloitte Risk and Financial Advisory Managing Director in forensic investigations, Deloitte Financial Advisory Services LLP. A Certified Fraud Examiner (CFE), as well as a Certified Compliance and Ethics Professional (CCEP), Biegelman has investigated and helped organizations prevent and detect fraud and corruption for four decades in leadership roles in law enforcement, consulting and the corporate sector. He can be reached at firstname.lastname@example.org.