Public companies with SarbOx-style controls in place saw fraud-related losses drop between 70% and 96%, according to the Association of Certified Fraud Examiners.

The bad news: The more sophisticated fraudsters, ones who specialize in highly damaging financial statement scams, are more successful than ever. If anything, companies with effective SarbOx controls in place took it on the chin from scammers, worse than companies lacking such controls.

The hopeful news: There are three methods of discouraging fraud that are proving to be effective regardless of the specific target.

The best way to protect your company — and discourage fraud — is to implement surprise audits. Certified occupational fraud examiners who investigated 959 cases determined that companies that implemented random audits reduced median fraud loss to $70,000. Among companies that didn’t pull surprise audits, the median loss was a hefty $207,000.

So how many companies are employing the most-effective weapon against fraud? Experts estimate it’s only about 25%.

The second-most effective tactic in discouraging fraud is implementing job rotation and/or mandatory vacation.

Mandatory vacation? Ouch! This potentially costly strategy is mainly used in businesses where the risk — and the cost — of fraud is exceptionally high. Still, companies that ordered employees to take vacation and played musical chairs regularly saw a 61% decrease in the median fraud loss.

Finally, the third-most effective tool for reducing cases of fraud is perhaps the simplest and the least expensive: Offering a ”hotline” to report suspicions of fraud. Whistleblowing programs score especially well when it comes to nailing the higher-level execs. Hotlines achieve a 60% decrease in median loss.

There’s also one strong pre-emptive strategy: Better background checks on the people who are going to have access to vulnerable areas. Close background checks can yield inappropriate behavior in the past that may have eluded initial scrutiny of the would-be employee.

Now, she faces 10 years in prison.

There were two breakdowns that allowed this to occur:

• First, the client failed to do any due diligence. If it had done even basic research, it would’ve known that the collection agency wasn’t included in any of the appropriate databases in the country. The client also would’ve learned that the collection agency wasn’t registered with ACA International. These are two pretty obvious red flags.
• Second, even when the business relationship began to run off the rails, the client stayed along for the ride instead of stepping off. The company relocated to a new state, business dried up, and eventually, this client was the only one left. Then, payments from the agency began arriving late; finally, no payments were received. That’s when the client determined there might be a problem.

This client wasn’t the first business victimized by collection payment fraud, and certainly won’t be the last. But this also wasn’t a poorly-run business. The people in charge really should’ve known better.

The lesson here is that collection agencies deserve the same scrutiny you accord your vendors, because a lot is often at stake.

And don’t be too tough on collection agencies: An ACA International study shows that collection agencies recovered $40 billion in 2007.

Perhaps you could file this one in the “one bad apple” bin.

But the use of p-cards has also opened a new avenue into purchasing fraud. As part of implementing any sort of p-card system, businesses need to be thinking two steps ahead, to anticipate potential fraud and to cut it off at the pass.

Fortunately, the financial services wizards at JP Morgan have come up with effective strategies for putting the kibosh on would-be fraudsters.

Five tactics for preventing p-card fraud:

• The big cheese. Someone in higher management has to be in charge of overseeing anti-fraud efforts. This ensures the power to reach across departmental lines when necessary, and is the final word on p-card rules and uses.
• A level playing field. The regulations governing p-cards need to be consistent, across the board. Various departments can’t be allowed to “tweak” the rules — this usually leads to the creation of loopholes. More consistency, less confusion.
• First things first. Training is essential — before any p-cards are passed out. It’s easier to stick to the rules when you understand what those rules are and why they exist. It’s also a great opportunity to ask questions.
• Best defense is a good offense. Implement fail-safe measures that make it much easier for staffers who use p-cards to stick to the rules. These measures include spending limits per transaction; spending/use during specific time periods, and clearly designated “no man’s land” for p-card use.
• Easy does it. One of the best ways to monitor and regulate p-card usage is to maintain the type of environment where users feel free to step up and ask questions anytime there’s the slightest bit of confusion. Some users fear they’ve done something wrong and don’t want to get into trouble for it. If there truly is a concern, the sooner it’s raised, the sooner it can be remedied.

But on the flip side, there’s the possibility you could be opening the door to more than you bargained for — online fraud.  OK, one solution is to check many of the orders manually, to make sure no one’s trying to sneak one by you. But doesn’t manual order-checking defeat a lot of the labor-saving purpose of online ordering?

Fortunately, you’re not the only one facing this situation — which means there’s some guidance from your peers in how they handle the risk of online fraud. For other companies, what is the best safeguard?

CyberSource’s 2008 Online Fraud Report reveals just how many companies are using the best practice:

• 82% of companies that sell online manually review orders, and
• The manual review rate is 27% (up from 23% over the prior year), about one in every three online orders.

What fuels this level of interest? Research reveals that 1.3% of orders received online are fraudulent, and dip directly into your pocket. With this in mind, you need to devote some staff time to oversee the ordering process through your Web site. It’ll take a bite out of the convenience and time you gained with online ordering, but it’s still a necessary part of protecting yourself. Bottom line, you should still finish ahead.

Fast forward: You’ve received a fishy-looking order through your Web site. You need to check it out for accuracy — but the pressure is on to turn over orders quickly. What takes higher priority: Your need to verify the veracity of the order, or the perceived need to please the customer?

Making this is the kind of decision is a task you need to share with the higher-ups, whether it’s CFO, Sales, Finance VP, etc. Once you get the guidelines (hold the order for 3 days, for 7 days, etc.), you’ll have most of the guidance you need.

The average: two to three business days. Some companies will remain in a holding pattern for 10 days; other may charge ahead in one work day. 

Then you might want to check these stats. The annual percentage of annual revenue lost to fraud by U.S. companies:

• a. 1%
• b. 4%
• c. 6%
• d. 8%

If you guessed “c,” you’re on the money. An incredible 6% of annual revenue went down the fraud drain, according to the Association of Certified Fraud Examiners. The tab for all companies in the U.S.: $660 billion.

Then why don’t I hear more about this, you might be thinking. There’s a good reason: Many companies keep fraud losses under wraps because the reports can undermine confidence in the business, and might even encourage others to try the same.

Managers and execs are responsible for more than two-thirds of the frauds — and they come with a higher price tag. When non-management employees are nailed for fraud, it usually involves around $62,000, according to the Fraud Examiners. But the cost goes up as you climb the corporate totem pole: managers, execs and business owners generally make off with between $140,000 and $900,000.

What makes fraud so difficult to detect is that it’s a byproduct of business transactions that appear to be perfectly legitimate — on the surface. Then, under the most likely scenario, the company “insider” schemes with an outside vendor to inflate invoices, charge for goods or products never delivered, etc.

In Procurement, part of your job is to try to pick up signals of fraud before they can be carried out. That’s why it’s even more important to keep a close eye on new vendors, especially if they seem to develop a particularly close bond with one of your everyday staffers.

Another way to try to keep on top of the situation is to request random audits, done by people in A/P, Finance or elsewhere. With the element of surprise always looming in the wings, it’s difficult for fraudsters to quickly cover their tracks.

Finally, there has been one big shift in favor of your company: Sarbanes-Oxley reporting requirements. Much of your company’s money flow and transactions go under a powerful microscope and can be detected by the seasoned pro. Also, companies are required to encourage whistleblowers to anonymously report misdeeds and wrongdoing.