Organisations lose at least 5% of their annual revenue to fraud, amounting to over US$4.7 trillion globally each year, according to recent figures from the Association of Certified Fraud Examiners (ACFE).
Fraud is becoming both faster and more difficult to detect, said ACFE research director Mason Wilder, speaking at a recent ACCA webinar. He likens the current fraud landscape to ‘a cat-and-mouse game’ that requires constant adaptation. ‘You may feel prepared today, but six months from now could be a different story entirely,’ he warned.
It is not just the pace that is changing; the lines between internal and external threats are increasingly blurred. ‘Criminals don’t care about regulations. Organisations can’t rely on legislation alone; they need robust, proactive fraud risk programmes,’ said Wilder.
‘Fraud must be treated as a strategic objective – not just a compliance cost’
The cost of inaction is steep. Fraud, if unaddressed, has the potential not just to undermine financial health but to irreparably damage reputations, break customer trust and result in regulatory censure.
Beyond finance
‘Fraud is no longer a finance issue – it’s a problem for everyone,’ said Ashu Sharma, chair of the Association of Corporate Investigators and group investigations manager at Anglo American. ‘Fraud must be treated as a strategic objective – not just a compliance cost.’
This message also urgently needs to be communicated to boards and management leadership. As ACCA’s special interest group on combatting fraud has emphasised during recent roundtable discussions with members informing our research, ‘Boards often view fraud as a technical issue, but it’s vital we help them see it as a strategic risk – and act accordingly.’
Tone from the top is not just a catchphrase; it is a determinant of success
Board-level buy-in is vital for for effective fraud prevention. Tone from the top is not just a catchphrase; it is a determinant of success.
Evolving fast
Fraud is faster, smarter and more tech-driven than ever. ‘It’s not just about forged documents anymore; now, it’s phishing, deepfakes and malware,’ said webinar panellist Maheswari Kanniah, group chief regulatory and compliance officer at Kenanga Investment Bank, and member of ACCA’s combatting fraud special interest group.
Indeed, as organisations digitise, they are exposing themselves to a new breed of hybrid frauds that combine cybercrime, social engineering and insider collusion. To address these risks, Kanniah says controls must be ‘holistic, not just IT- or compliance-driven’.
The 2024 ransomware attack on MOVEit software, used by hundreds of companies and public agencies worldwide, is a prime example of lessons to be learned. The breach exposed the data of millions of users and resulted in fraud attempts ranging from identity theft to payroll diversion.
Speak-up culture
One of the most tangible ways organisations can get ahead of fraud is by nurturing a culture that encourages people to raise concerns without fear. But, as Sharma points out, this is not just about having a whistleblowing policy.
‘Internal audit should be part of the solution’
‘To foster a culture of speaking up, do not call it “whistleblowing”,’ he says. ‘Label it “unusual activity”. It lowers fear and invites people in.’
It is a subtle change in language that signals a bigger cultural shift: from blame and fear to curiosity and accountability. Listening to internal voices, including investigators and front-line staff, is crucial. ‘Prevention isn’t just advisory,’ says Sharma. ‘It’s about listening to your investigators and acting on what’s already happening under your nose.’
Collaboration is key
Fraud investigation is a specialised skill and should not be relegated to the periphery of audit work, said Benito Ybarra, executive vice president of global standards, guidance and certifications at the Institute of Internal Auditors, making a compelling case for integrating internal audit more effectively into fraud prevention frameworks. ‘Internal audit isn’t the enemy of fraud investigations; it should be part of the solution.’
‘A proper fraud risk assessment can position internal audit as a strategic partner’
He emphasised that while fraud investigation should be treated as a separate discipline – not just another audit task – there needs to be more collaborative learning. ‘You won’t solve fraud by reacting to tips alone,’ he says. ‘A proper fraud risk assessment can position internal audit as a strategic partner.’
Fraud may be evolving fast, but so too are the tools and insights at our disposal. A siloed or reactive approach will not work as the pervasiveness of fraud rises rampantly. The webinar panellists agreed that fraud awareness must be clearly incorporated into governance structures, risk frameworks and organisational culture, which are all contingent on each other in building resilience and seizing opportunities today.
‘Fraud prevention can’t be a siloed effort’ said Wilder. ‘You need collaboration across departments – audit, compliance, cybersecurity – to truly be effective.’
For finance and audit professionals, the message is clear: keep learning, stay vigilant and speak up. The nature of fraud may be changing, but so is the opportunity for accountancy professionals to lead the way in the fight against it.
More information
Watch ACCA’s fraud webinar on demand, featuring members from the Association of Certified Fraud Examiners, the Institute of Internal Auditors, the Association of Corporate Investigators, the Chartered Institute for Securities and Investment and the International Information System Security Certification Consortium. The chart data in this article comes from polling of attendees at the webinar.
Combatting fraud will also be the subject of a session at our annual virtual conference, Accounting for the Future, taking place on 26-28 November. More information will be available in due course.
See also ACCA’s podcast series on risk.
