Employee theft within an organization is not new, and many of the behaviors of individuals who steal or misuse an organization's assets remain consistent over time. According to the Association of Certified Fraud Examiners (ACFE)’s Occupational Fraud 2022: A Report to the Nations, the top four ‘behavioral red flags of fraud’ were employees:
- Living beyond their means or living a lifestyle not matching their income
- Encountering financial difficulties
- Having an unusually close association with a vendor or customer and
- Having control issues with an unwillingness to share duties
According to the ACFE’s report, nearly half of all frauds occurred within the operations, accounting, executive management, and sales divisions, and 86% involved asset misappropriation. Asset misappropriation fraud is defined as the theft or misuse of an organization’s assets by the individuals entrusted to manage the assets.
What steps can organizations take to mitigate the risk exposure presented by employee theft?
Robust internal controls ground the front line of defense for a company, starting with due diligence during the hiring process. The controls should also ensure monitoring and oversight of all employees, especially those within “sensitive areas” such as treasury, information technology, accounting, vendor management, and client relationship management. The ACFE’s report notes that anti-fraud controls are associated with lower fraud losses and quicker fraud detection but do not eliminate fraud. However, they are useful to benchmark your organization’s internal controls.
The two most common anti-fraud controls were external audits of financial statements and a formal code of conduct, for 82% of the organizations surveyed in the report. These internal controls were already in place at the time the fraud occurred. Other common controls in place for organizations at the time fraud occurred include:
- An internal audit department (77%).
- Management certification of financial statements (74%).
- An external (independent) audit of the internal controls over financial reporting (71%).
Implementing a solid internal control environment sets the foundation for any risk mitigation strategy. Communicating your company’s internal control environment is a benefit in how underwriters view your company’s risk exposure. Insurers consider many factors that impact an organization’s risk profile, including the size and nature of your business. Comprehensive insurance protection, including multi-faceted coverage grants for employee theft, social engineering, computer crime/funds transfer fraud, and loss of money or securities in transit or within a vault, can be achieved with a wide array of insurer partners in today’s market.
If you have any questions about coverage or are interested in obtaining coverage, contact your Aon broker.
Aon is not a law firm or accounting firm and does not provide legal, financial or tax advice. Any commentary provided is based solely on Aon’s experience as insurance practitioners. We recommend that you consult with your own legal, financial and/or tax advisors on any commentary provided by Aon. The information contained in this document and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity.