How To Detect And Prevent  Employee Fraud | Everything You Need To Know

In 2020, experts estimated businesses lost an average of 5% of their revenue to fraud. Specifically, the estimate applies to a global estimate on the impact of occupational fraud. This means perpetrators are employed by the organization they are defrauding. Globally, a 5% loss of revenue translates to a loss of $4,5 trillion. 

In this article we will discuss the following: 

What is employee fraud?  
What is the most common type of employee fraud?  
How are employee fraud schemes detected? 
How can we prevent employee fraud?  
How to detect employee fraud 
How eDiscovery helps investigate employee fraud 

What is employee fraud? 

Employee fraud generally falls into three categories. These are asset misappropriation, corruption, and financial statement fraud. Asset misappropriation, or theft, is the most common while doing the least damage per incident. Financial statement fraud is much rarer but has a more significant impact. Corruption is in the middle on frequency and impact. 

Asset Misappropriation 

Theft is the most visible and most common type of employee fraud. As a category of misbehavior, it includes a wide range of actions. From payroll tampering to cash theft and from skimming off the top to the theft of non-cash items. It is important to maintain a sense of scale here. As the figure below shows, the median losses in these categories of asset misappropriation are still very large.   

faud graph table

What asset misappropriation schemes present the greatest risk? (source: 2020 ACFE Report to the Nations)


Corruption includes offenses such as bribery, conflicts of interest, and extortion. These are schemes in which an employee misuses their influence in a business transaction. In a corruption scheme, the employee violates their duty to the employer for a direct or indirect benefit. They defraud the company by allowing their personal interests to supersede that of the organization. This comes at the cost of the organization. 

Financial Statement Fraud 

The rarest and costliest type of employee fraud is Financial Statement Fraud. These are schemes in which an employee intentionally causes a misstatement or omission of material information in the organization’s financial reports. This could be by: 

  • Recording fictitious revenues; 
  • Understating reported expenses; or 
  • Artificially inflating reported assets. 

Financial Statement Fraud schemes tend to run the longest. They are also the most costly and are the least likely to be discovered internally. 

What is the most common type of employee fraud? 

As noted above, asset misappropriation is the most common type of fraud category. Of this broad category, no-cash theft schemes are the most common. However, the data also gathers a wide range of behaviors as ‘asset misappropriation’. Without that grouping of ‘asset misappropriation’, corruption is far more common. 

How are employee fraud schemes detected? 

By far the most common way employee fraud is discovered is by a tip coming in. Half those tips come from employee-level sources. Employees will usually report suspicious behavior of coworkers to supervisors. Another large category of tipsters is customers. These customers may either observe suspicious behavior or are extorted by the fraudster. 

Beyond tips, internal audits and management reviews together uncover over 25% of all schemes. The rest is found out by a wide range of smaller reasons. It is noteworthy that ‘by accident’ is the largest of these remaining categories (5%). The smallest category is ‘by confession’ (1%). If nothing else, that should indicate that employee fraud schemes do not end unless they are stopped. 

How can we prevent employee fraud? 

When looking at potential ways of preventing employee fraud, the temptation exists to say you won‘t be able to. For one, it is very difficult to find out ahead of time who is likely to commit employee fraud. As an example, let’s look at background checks. Background checks aren’t as common as they perhaps should be, with roughly half of all organizations employing them. However, in terms of fraudsters, 87% of fraudsters who were subject to a background check had any type of red flag. To further illustrate this point, only 4% of fraudsters will have previous convictions. 7% had prior charges but were not convicted. 

Only 8% were previously punished for fraud. Another 8% was previously terminated for a fraud-related offense. Needless to say, a previous termination for fraud would not be information an applicant would volunteer. In most cases, these individuals would still pass a background check. 

graph 1 and 2 (1)

Source: 2020 ACFE Report to the Nations

Beyond that, it’s important to understand that employee fraud is a crime of opportunity. Perpetrators take advantage of loopholes and a lack of oversight. One interesting aspect is the fact that perpetrators are hardly ever new faces; only 10% of them have been in the job for less than a year. As a final note, it should be clear that in terms of impact, there appear to be two major contributing factors: time with the company and level of authority. Power and familiarity correlate directly with the financial impact of an employee fraud scheme. 

2 graphsSource: 2020 ACFE Report to the Nations

Employee fraud committed by persons of authority tends to run longer, which again correlates with a greater financial impact. Stopping such activity relies on limiting the opportunities for fraud. This can be achieved by having tight, well-documented controls in place. Having a visible and active infrastructure in place to detect and handle employee fraud may help decrease it. This is especially important to keep in mind when assessing the value of maintaining said infrastructure. The call to decrease budgets and loosen standards will creep in if the prevention works. 

scheme duration

Source: 2020 ACFE Report to the Nations

How to detect employee fraud 

Employee fraud detection is a three-pronged operation: 

Encouraging whistleblowers: educate employees about business ethics and what is and isn’t allowed.  Incentivize employees to come forward with concerns and assure them of their anonymity. Take reports seriously and investigate them fully. Reinforce these values by consistently devoting attention to them in your internal communications.

Surprise Audits: whistleblowers cannot be solely relied upon. For one, not all fraud is immediately visible to most other employees. It also helps to occasionally search and make an inventory of the situation. This can be through various means, including:  

  • External audits of the books; 
  • Random counts; 
  • Checking the inventory. 

Use external accountants to check financial records to ensure a fresh pair of eyes. Having such checks in place (especially unannounced) may uncover schemes. It may also discourage future ones. 

Don’t ignore red flags: employee fraud is nigh impossible to pull off without raising at least a few alarms along the way. In many cases, due to lax standards or a lack of awareness, these small indications are ignored or go unnoticed. There’s no need to become paranoid, but take notice of odd or unusual behavior. Following up on inventory and financial anomalies might bring to light what would otherwise fester in the shadows.  

How eDiscovery helps investigate employee fraud 

eDiscovery tools can be used for both the detection and in the aftermath of employee fraud. Once a scheme has been uncovered, an organization is left with many more questions than answers. Discovering more about the nature of the scheme can be crucial. Depending on that context, eDiscovery tools may have to be utilized to uncover more details. First, let’s look at how eDiscovery can help uncover schemes.  

In a slim majority of cases (51%), there’s more than one person involved in the crime. 33% of all employee fraud cases involve more than 3 people and the damage an average scheme does, is more than triple at that stage too. 

occupational fraud blog

Employee fraud schemes require communication, and a lot of this communication will go through email. eDiscovery tools can search emails and other communications at record speeds. They can be used to seek suspicious patterns, coded language, or specific terminology. This could bring to light suspicious communications between employees or from an employee to an outside party. eDiscovery tools could also be set up to seek out specific types of number codes, such as: 

  • Bank accounts; 
  • Tracking numbers; 
  • Inventory numbers; 
  • Other standardized codes fraudsters might want to exploit. 

After the discovery of employee fraud, those same functionalities can be used to dissect the fraud. It may help expose the duration, severity, complexity, and size of the fraud. By looking for suspicious patterns in the data associated with the first suspect, new suspects might be found. Alternatively, more or new information on the scheme may be discovered.

We highlighted the need for deterrence in the preventative section. Having an eDiscovery tool in place and in use may deter potential fraudsters. Knowing that their activity can be brought to light by an all-seeing AI adds to the complexity. That may keep potential fraudsters in line for longer. 


In summary, the old adage ‘trust but verify’ remains true. As pointed out in the prevention section, complete prevention is extremely difficult. Employee fraud is typically committed by people who are aware of the existing countermeasures and find a loophole. The best means of prevention is to foster a culture where employees who see something, say something. It also helps to audit departments and irregular intervals. Striking the right balance here is crucial. Going too far may result in a police-state-like environment, which does not benefit productivity. 

As for eDiscovery, its use can be both preventative and practical. It serves as a tool that enables auditors and investigators to detect patterns and find information. It can either discover the problem, help to root it out or prevent it entirely.