To define the three primary calculations required when reporting the impact of fraud.
REPORTING FRAUD IMPACT
Employees can only manipulate activity based on the processes and records of which they have access. It is important to understand the level of risk for fraud based on three factors (a) total exposure, (b) fraud amount, and (c) known loss.
Total Exposure is the complete exposure to the company should the employee commit fraud from the first day of employment and with every transaction. This represents the maximum risk for fraud based on the total activity of the employee during their entire tenure.
Many times fraudsters are in a position of trust where a common control weakness is a lack of proper supervision. The total exposure reflects the amount of money their direct supervisor is accountable for yet typically does not properly manage. A common misconception found in Microfinance is the notion that a loan officer distributes small amounts and those amounts are not germane to the financial statements. However, a loan officer has access to the distributions for every loan they ever made. Over the course of a long period of time, that amount can in aggregate become material to the organization.
Examples of total exposure calculations include:
- Loan Officer – The total exposure for a loan officer is equal to the distributions for their loans during their tenure. For example, if a loan officer worked in the company for five years, calculate their distributions from date of hire to either the termination date or the cutoff date for analysis.
- Chief Executive Officer or Chief Financial Officer – The total exposure for a CEO or CFO is equal to the total assets on the balance sheet. Both executives have access to all of the assets under their control. Take into consideration their operating area of responsibility. If they are at the international level, use the consolidated balance sheet at the global level. If the executive is at the subsidiary level, use the balance sheet for their country. Use the most current date relative to the timeframe in question. For example, if it is February now and there are known fraud amounts committed in October of last year and the fraudster was still in the company as of the first week of December, the balance sheet total assets figure should be as of the end of November.
Fraud Amount is the total amount of fraudulent transactions. Keep in mind that this is the sum of the absolute value of the transactions. For example:
- (one transaction for 12,345) + (one reversal of 6,789) = (fraud amount of 19,134)
In the above example, one transaction for 12,345 and one reversal of 6,789 calculates as a fraud amount of 19,134 because here the mathematical equation would be: |12,345| + |-6,789| = 19,134. It is the amount of the fraudulent transactions that is meaningful in classifying criminal charges. In some countries, the classification can be the difference between misdemeanors and felonies where there is a monetary element to the classification. The classification can also affect the determination between the amount of mandated prison terms (jail time) and the calculation of fines and penalties.
In understanding this concept, ask this question: If someone entered into the system a fraudulent transaction for 500 and then fraudulently reversed that entry, did fraud occur? Since the transactions were entered fraudulently, the answer is, “Yes.” In this example, the fraud amount is 1,000. In cases of financial statement fraud involving revenue recognition, the benefit lies in the shifting of the timing of the transactions. Recognizing revenue before it is earned in one month and then reversing it the next month is still fraud. This is a common scheme in shifting revenue from January to December to meet analyst projections at year end. This type of fraud affects management bonus and manipulates the stock price for public companies.
Another example is:
- (one transaction for 2,468) + (one transaction for -3,690) = (fraud amount of 6,158)
Where: |2,468| + |-3,690| = 6,158.
A further consideration for the fraud amount is that fraud can occur without a readily identifiable amount. In cases of a counterfeit document such as a fake resume, it is difficult to assign a number based on transactions. Therefore, you have to calculate the total salary and benefits received by the employee as the fraud amount. This is an income and associated benefits they would not have received without the fraud act.
Known Loss is the known amount of fraud based on evidence gathered during the course of the investigation. The loss is important in understanding for purposes of filing insurance claims to mitigate the impact of the loss (when available) as well as to submit during criminal proceedings to seek restitution from the fraudster. Total restitution includes the cost of the investigation, the cost of litigation, and the amount of fraud. In some cases, it can also include other factors which are to be calculated in order to make the company whole from the fraud act(s). Thus, the known loss is just one part of the total restitution calculation.
Another consideration of known loss is that it is the amount known at that time. It is important to understand that the investigation may not uncover all aspects of all of the fraudulent activity. Investigations are limited by the amount of resources (time, people, tools) allocated to them. Some schemes may remain hidden. Therefore, the verbiage includes the word “known” because that is the amount that is supported by evidence as of that point in the investigation.
There are three primary calculations that are to be considered when reporting the amount of fraud impact: (a) total exposure, (b) fraud amount, and (c) known fraud. They are separate and distinct from each other. Each one conveys meaningful information that should be communicated to the stakeholders of the relevant information.