Forensics Journal - Stevenson University 2015 | Página 13
FORENSICS JOURNAL
Proactive Data Analysis to Prevent
and Detect Fraud in Small Businesses
Robert E. Bates
Large public companies are accountable not only to shareholders
but to lenders and government regulators. Leaders of large public
companies have a fiduciary duty to protect the assets of the company
from fraud. In the most recent Report to the Nation on Fraud, the
Association of Certified Fraud Examiners (“ACFE”) found that “a
typical organization loses 5% of revenues each year to fraud” (ACFE,
2014a, p. 4). A critical concept in preventing fraud is to build and
maintain a strong internal control environment. One important
control is proactive data analysis.
investigator, and CPA. For the purposes of this paper,
they will be referred to inclusively as “fraud examiners.”
Proactive data analysis is accomplished with the use of sophisticated
software applications that comb through massive volumes of data
to determine weak spots in the control system. By analyzing data
in this manner, large companies can prevent fraud from happening
or detect an ongoing fraud scheme. The ACFE study revealed that
“of the anti-fraud controls analyzed, proactive data monitoring and
analysis appears to be the most effective at limiting the duration
and cost of fraud schemes” (ACFE, 2014a, p. 38). By performing
proactive data analysis, fraud schemes were detected sooner, limiting
the total potential loss. Data analysis is not a new concept, but with
the increasing number of electronic transactions due to advances
in technology, analyzing large volumes of data has become more
complex and costly to implement and manage.
ANTI-FRAUD INTERNAL CONTROLS
In light of this situation where small businesses experience a
disproportionate share of fraud losses when compared to large
companies, this paper will explore the proactive data analysis tools
available and how they can be implemented as internal control, to
prevent and detect fraud. The starting point is to understand what
anti-fraud internal controls are available and effective.
There are three types of controls that should be part of any
internal control system: preventative controls,