Global Profiles Of The Fraudsters: Technology Enables And Weak Controls Fuel The Fraud by KPMG
- Anti-fraud controls (such as internal audit, suspicious managers and co-workers, and antifraud processes) are not strong enough, and the problem is growing. KPMG’s survey of 750 fraudsters worldwide found that weak internal controls were a contributing factor in no less than three quarters of them. There was a sizeable jump in the proportion of fraudsters who saw an opportunity that presented itself due to weak controls, compared with the previous survey in 2013.
- Even if controls are strong, fraudsters evade them or override them. Different forms of detection come into play (such as whistle blowers, other kinds of tip-off mechanisms, and suspicious customers and vendors), especially to check executives with too much power.
- Fraud is almost twice as likely to be perpetrated in groups as in solitude. This is partly because fraudsters need to collude to circumvent controls. So collusion is especially threatening for a company. Larger groups (say, five or more people) tend to do more harm financially than single fraudsters or small groups.
- Male fraudsters tend to collude more than women do. They outnumber women almost five to one in the survey, though the proportion of women has risen since 2010. Male fraudsters also tend to be more senior than women in the organization.
- Groups of fraudsters very often comprise people both inside and outside the company. Sixty-one percent of colluders are either not employees of the company, or are employees who work with people who aren’t. Some of them are former employees. This highlights the need for better third-party due diligence of such persons as vendors and customers.
- Technology helps both the fraudster and the company combatting fraud. Almost a quarter of fraudsters rely on technology. Companies, by contrast, could do a great deal more to use technology as a tool to prevent, detect and respond to wrongdoing. The key antifraud technology is data analytics, a tool that can sift through millions of transactions, looking for suspicious items. But only 3 percent used pro-active anti-fraud data analytics in detection of the fraudsters surveyed.
- Cyber fraud, an important form of technology-based fraud, is emerging as a growing threat and many companies are aware of the issue but seem to be doing little about it.
- Fraud threats are constantly changing and companies need to conduct regular risk assessments, altering the way they prevent and detect fraud, as needed.
The Profile Of Fraudsters
Based on a worldwide survey of KPMG professionals who investigated 750 fraudsters between March 2013 and August 2015, the typical fraudster has similar characteristics when compared to the KPMG surveys completed in 2013 and 2010. Consistently across the KPMG surveys, the perpetrator of fraud tends to be male between the ages of 36 and 55, working with the victim organization for more than six years, and holding an executive position in operations, finance or general management. Additional key characteristics of the fraudster revealed in the 2015 survey are as follows:
Gender and Age
- 79 percent of fraudsters are men; the proportion of women has risen to 17 percent from 13 percent in 2010.
- 68 percent of perpetrators (male and female) are between the ages of 36 and 55, almost exactly the same as in the previous survey, published in 2013. Forty-five percent of women fraudsters, the largest cohort, fall in the 36-to-45 age group.
- 14 percent of fraudsters are in the 26-to-35 age group, up from 12 percent in 2010. The proportion of women in this age group declined from 24 percent in 2010 to 19 percent in 2015. The proportion for their male counterparts increased from 9 percent to 13 percent over the same period.
Insiders, Outsiders and Collusion
- 65 percent of fraudsters are employed by the victim organization and a further 21 percent are former employees. Among fraudsters who were employees, 38 percent worked at the organization for more than six years. These proportions did not change from the survey results in 2013.
- In 62 percent of frauds, the perpetrator colluded with others. According to the 2013 survey, 70 percent of fraudsters colluded.
- Women were less likely to collude: only 45 percent of the females colluded with others compared to 66 percent of males.
- Collusion involving more than five people increased from 9 percent in 2010 to 20 percent in 2015.
- Collusion is highest in Latin America and the Caribbean at 76 percent, and Africa and the Middle East at 74 percent. Oceania (Australia and New Zealand) and North America (the U.S. and Canada) have the highest percentage of fraudsters acting alone, at 65 percent and 58 percent, respectively.
- 34 percent of fraudsters are executives or non-executive directors; 32 percent are managers and 20 percent are staff members. (In 2013, the respective ratios were 32 percent, 25 percent and 16 percent.)
- 42 percent of female perpetrators are staff members (down from 46 percent in 2010), 38 percent are managers (up from 28 percent in 2010) and 13 percent are executives. Their male counterparts accounted for only 15 percent of fraudsters at the staff level and 32 percent at the managerial level.
- 52 percent of the fraudsters in the Oceania region were at the staff level, in Africa and the Middle East 47 percent were at the managerial level (compared to 33 percent at this same level in North America), and in Europe 39 percent of the fraudsters were at the director level.
- 38 percent of fraudsters are perceived to be well respected and 10 percent are of low repute.
- Their sense of superiority is stronger than their sense of fear or anger.
Circumvention of Controls
- Weak internal controls were a contributing factor for 61 percent of fraudsters, compared with 54 percent in 2013. The study indicated that in Europe, 72 percent of the fraudsters said that weak internal controls presented an opportunity for the fraud. Similarly, 59 percent of the respondents in North America and Oceania pointed to this opportunity.
- 44 percent of perpetrators have unlimited authority in their company and are able to override controls.
Characteristics of Fraud
- Technology was a significant enabler for 24 percent of the fraudsters and for the first time our survey includes 31 cyber fraudsters investigated by KPMG
- The most-prevalent fraud surveyed is the misappropriation of assets (47 percent), which is mainly embezzlement and procurement fraud. The second most-prevalent is fraudulent financial reporting (22 percent).
- 24 percent of the frauds in Africa and the Middle East are in the energy and natural resources sector, while 26 percent in Oceania are in the public sector.
- 66 percent of frauds were perpetrated over one to five years (72 percent in 2013) and 27 percent cost the company US$1 million or more, little changed from 2013.
- 44 percent of fraudsters were detected as a result of a tip, complaint, or formal whistle blowing hotline; a further 22 percent were detected as a result of a management review.
Weak Controls Are A Large And Growing Problem
Corporate fraud is a persistent, global challenge for executives and board members. Managing the risk of fraud has grown more complex as companies face an escalating threat of cyber fraud and no let-up in the more traditional forms of wrongdoing, such as the falsification of books and records. In response, many companies have set up strong internal controls to prevent, detect and respond to fraud. But this is far from universal, as our survey shows that weak internal controls were a factor for 61 percent of fraudsters (72 percent in Europe).
This highlights not only the scale of the management challenge for many companies, but also the potential benefits derived from tightening antifraud controls, including the avoidance of financial loss and reputational costs of fraud. Simply put, fraud is less likely to occur in companies where there are robust internal controls and monitoring. “Internal controls are weak when they are poorly designed and are not followed by employees. A thorough fraud risk assessment is likely to show where the gaps are,” says Lem Chin Kok, Head of KPMG Forensic, KPMG in Singapore.
This point is reflected in the fact that a significant number of fraudsters (14 percent) were detected by accident rather than by internal controls and monitoring. In 61 percent of the fraudsters surveyed, weak internal controls were a contributing factor in allowing the fraud to occur and go undetected. There are certain controls and processes that are particularly effective in combatting fraud and we will explain what they are in the recommendations section.
Weak controls are a significant issue for companies victimized by fraud and the problem is growing. Compared with 2013, there was a big jump, from 18 percent to 27 percent, in the number of fraudsters who committed (or who appeared to commit) their acts because an opportunity presented itself due to weak controls or a lack thereof. “We have noted instances of fraud where the fraudster’s colleagues were aware that something untoward was going on, yet they simply looked the other way. In other cases, colleagues facilitated the crime without knowing it by ‘helping out’ a fellow employee in a way that actually circumvented the internal controls,” says Shelley Hayes, Forensic Service Line Leader, KPMG in Mexico.
Internal controls are weak when they are poorly designed and are not followed by employees. A thorough fraud risk assessment is likely to show where the gaps are.
See full survey below.