RSM South Africa

Fraud by the numbers

The risk of fraud in organisations has been the topic of several articles on this and other websites (read, for example Cybersecurity takes centre stage, Fraud on deceased estates and Your partner in (fighting) crime). The Association of Certified Fraud Examiners provides useful substance to these articles in its 2016 ACFE Report to the Nations on Occupational Fraud and Abuse.

The first report was published in 1996 and it now examines 2 410 cases of fraud that occurred in 114 countries throughout the world.  Besides contributing to the understanding of the cost, frequency and methodology of fraud the report also plays an important role in creating awareness about fraud risk.

Some interesting findings from the 2016 report are that:

  • A typical organisation loses about 5% of its revenues each year as a result of fraud.
  • The total loss caused by the cases reported in the study exceeded R90bn, and the average loss per case was nearly R40m.  23% of the cases examined cause losses of US$1m or more.
  • The most common form of fraud was asset misappropriation, which occurred in 83% of the cases examined.  However, the median loss due to asset misappropriation was only R1,8m, which is dwarfed by the median loss due to financial statement fraud of R14m.  (Financial statement fraud can be described as the intentional misrepresentation of financial statement results).
  • Interestingly enough, the median loss due to corruption was just under R3m and only accounted for 35% of cases reported.  Given the matters reported on in the media and elsewhere, one would expect this statistic to be slightly different in a South African context.
  • Perhaps unsurprisingly, the longer the period that a fraud continued, the greater the financial damage it caused.  The median fraud scheme continued for a period of 18 months, but the schemes that continued for more than a period of 5 years, caused a median loss of more than R12m.
  • The size of losses suffered by smaller organisations are similar to those suffered by the larger organisations, but the effects on a smaller organisation are so much greater.
  • The average fraudster appears to be a male (69% of cases), employee (45%), employed in the accounting department (17%), with a university degree (47%).  More tellingly, in nearly 90% of fraud cases background checks of perpetrators revealed no red flags, and 82% of perpetrators have never been punished for any previous transgressions!

One lesson from the above numbers, is that fraud does not necessarily occur where you would expect to find it.  The question arises as to how an organisation can protect itself and detect the occurrence of fraud sooner.

Fraud is almost always (in 95% of cases) designed to be concealed.  Perpetrators go to great lengths to hide their frauds, the most common methods involving altering or creating documents.  Obviously, this makes fraud very difficult to detect.  The research shows that a “tip-off” is the most common method of fraud, therefore, businesses with reporting hotlines have a noticeably higher potential of detecting fraud.  This finding has generally been a consistent finding in previous years’ reports.

As can be seen from the diagram below, the four most successful methods of fraud detection are all within the control of management.  The table is based on findings in smaller organisations (less than 100 employees), and shows that organisations that implemented basic anti-fraud measures, such as reporting hotlines, management reviews of results, and account reconciliations, had a drastically increased likelihood of detecting fraud.  With the addition of an internal audit function, which does not appear to be limited to large organisations only, you will have a fighting chance to detect fraud and limit losses!  

In fact, the more expensive interventions, indicated at the top of the chart, seem to offer a relatively low likelihood of detecting fraud and, although they are still valuable tools, should probably be implemented as a last line of defence as opposed to being implemented as the only protection, as it is so often seen to be done.

The full 2016 report can be downloaded from but please speak to one of our assurance, risk or other experts to find out where your risks are, and how you can protect your business.

Henk Heymans

Partner, Johannesburg

The Auditor's responsibility regarding fraud