Prevention of High-Risk Fraud Situations

The Association of Certified Fraud Examiners has released its ninth annual global fraud study. The 2016 study continues to highlight the cost of fraud, waste, and abuse. The report indicates the median loss for financial statement fraud is $975,000, followed by corruption at $200,000, and asset misappropriation at $125,000. In addition, the higher ranked the employee, the greater the median loss. Employees’ median is $65,000, managers’ is $173,000, and owners/executives weigh in at a hefty $703,000. The report also highlights the importance of controls in reducing the loss. Organizations that lacked anti-fraud controls had median losses more than twice the amount of organizations with anti-fraud controls.

When we look at the fraud triangle, you will usually hear that businesses can only influence the opportunity corner to decrease opportunity. There is generally an emphasis on internal controls such as segregation of duties and management review. I contend that businesses can also influence the rationalization corner. How can an organization influence personal justification? They do it with fraud’s worst enemy.

Fraud’s worst enemy is a strong ethical environment fostered by an ethical tone at the top. If employees see upper management using company resources for personal use or accepting large gifts such as vacations in exchange for doing business with a vendor, what message does that send to their employees? This is a very blatant example of an unethical tone at the top. There are also organizations that have executive management with very high ethical standards. The issue is that they remain in their ivory tower, the employees do not know what is expected, and do not see first-hand the expected ethical behavior. This is a very common scenario. One can never assume that employees have the same ethical standards as the organization. Our eclectic organizations have employees with many different backgrounds, and definitions of right and wrong. So how does an organization go about influencing the rationalization process of their employees?

The answer is a strong Code of Ethical Business Conduct (Code) coupled with constant communication and training. Employees should see reminders of the expected ethical conduct on a regular basis. They should understand the consequences, and the very real potential for termination if they violate the Code. There should be open discussion regarding ethical dilemmas, how the company expects you to react, and the consequences if your actions are considered unethical by the organization.

So what went wrong when an organization has implemented their Code, and they still have fraud or unethical conduct? Often the answer is that the employees, for various reasons, did not get the intended message. This is where an evaluation of the organization’s ethical environment, and the implementation of the Code can be very beneficial. The issue is that you do not know what you do not know. Engaging an independent professional trained in interviewing techniques used to assess the ethical environment can provide you with new insights. They can highlight the strengths and weaknesses of your implementation of the Code, and assist you in improving the program to foster the desired ethical culture within the organization.

For questions or more information on Business Ethics Evaluations, contact Elaine Nissley, Principal, Internal Audit and Management Consulting,

Elaine Nissley, MBA, CISA, PMP, CCSA, CRISC

Elaine Nissley, MBA, CISA, PMP, CCSA, CRISC

Ms. Nissley (MBA, CISA, PMP, CCSA, CRISC, CRMA) is a Principal with McKonly & Asbury. Her primary responsibilities include management of the Internal Audit & Management Consulting Services group. Ms. Nissley has over twenty years of experience in risk management, internal audit, internal controls assessments, and project management. The group provides various internal audit and management consulting services based on proven methodologies including: Risk and internal control assessments; Internal Audit outsourcing/co-sourcing; Information Technology Audits; Business Ethics evaluations, Data analysis; and Sarbanes-Oxley Section 404 compliance implementation and testing.

If you have any questions or would like to speak to someone about our services, please email Elaine Nissley at

Elaine Nissley, MBA, CISA, PMP, CCSA, CRISC

Elaine Nissley, MBA, CISA, PMP, CCSA, CRISC

Latest posts by Elaine Nissley, MBA, CISA, PMP, CCSA, CRISC (see all)


You are about to leave the McKonly & Asbury, LLP website. Neither McKonly & Asbury, LLP nor PrimeGlobal are responsible for the content of the site you will be visiting. Click HERE to continue to