Skip to content

Surprise audits are proven to fight fraud

Four antifraud controls are associated with at least a 50% reduction in both fraud loss and duration, according to “Occupational Fraud 2024: A Report to the Nations” published by the Association of Certified Fraud Examiners (ACFE). They are financial statement audits, reporting hotlines, surprise audits, and proactive data analysis. However, the ACFE study also found that two of these — surprise audits and proactive data analysis — are among the least commonly implemented controls. Here’s how your organization might benefit from conducting periodic surprise audits.

Financial statement audits vs. surprise audits

Business owners and managers often dismiss the need for surprise audits, mistakenly assuming their annual financial statement audits provide sufficient coverage to detect and deter fraud among their employees. However, financial statement audits shouldn’t be relied upon as an organization’s primary antifraud mechanism.

By comparison, a surprise audit more closely examines the company’s internal controls that are intended to prevent and detect fraud. Such audits aim to identify any weaknesses that could make assets vulnerable and determine whether anyone has already exploited those weaknesses to misappropriate assets.

Auditors usually focus on particularly high-risk areas, such as cash, inventory, receivables, and sales. They show up unexpectedly, usually when the owners suspect foul play or randomly as part of the company’s antifraud policies. In addition, an auditor might follow a different process or schedule than during an annual financial statement audit. For example, instead of beginning audit procedures with cash, the auditor might first scrutinize receivables or vendor invoices during a surprise audit.

The element of surprise is critical because most fraud perpetrators are constantly on guard. Announcing an upcoming audit or performing procedures in a predictable order gives wrongdoers time to cover their tracks by shredding (or creating false) documents, altering records or financial statements, or hiding evidence.

Big benefits

The 2024 ACFE study demonstrates the primary advantages of surprise audits: lower financial losses and reduced duration of schemes. The median loss for organizations that conduct surprise audits is $75,000, compared with a median loss of $200,000 for those organizations that don’t conduct them — a 63% difference. This discrepancy is no surprise in light of how much longer fraud schemes go undetected in organizations that fail to conduct surprise audits. The median duration in those organizations is 18 months, compared with only nine months for organizations that perform surprise audits.

Surprise audits can have a strong deterrent effect, too. Companies should state in their fraud policies that random tests will be conducted to ensure internal controls aren’t being circumvented. If this isn’t enough to deter would-be thieves or convince current perpetrators to abandon their schemes, simply seeing guilty co-workers get swept up in a surprise audit should help.

Despite these benefits, the 2024 ACFE study found that less than half (42%) of the victim organizations reported performing surprise audits. Moreover, only 17% of companies with fewer than 100 employees have implemented this antifraud control (compared to 49% of those with 100 or more employees).

How does the presence of anti-fraud controls relate to media loss? (Fig. 28)

ControlPercent of casesControl in placeControl not in placePercent reduction
Surprise audits42%$75,000$200,00063%
Management review72%$100,000$250,00060%
External audit of financial statements84%$121,000$250,00052%
Fraud training for managers/executives62%$100,000$200,00050%
Anti-fraud policy60%$100,000$200,00050%
Proactive data monitoring/analysis45%$100,000$200,00050%
Fraud training for employees63%$100,000$187,00047%
Formal fraud risk assessments48%$100,000$187,00047%
Internal audit department80%$120,000$210,00043%
Dedicated fraud department, function, or team50%$109,000$184,00041%
Code of conduct85%$121,000$200,00040%
Management certification of financial statements77%$120,000$200,00040%
External audit of internal controls over financial statements72%$119,000$199,00040%
Employee support programs59%$101,000$150,00033%
Independent audit committee68%$120,000$165,00027%
Rewards for whistleblowers14%$110,000$145,00024%
Job rotation/mandatory vacation23%$115,000$150,00023%

How does the presence of anti-fraud controls relate to the duration of fraud? (Fig. 29)

ControlPercent of casesControl in placeControl not in placePercent reduction
External audit of financial statements84%12 months24 months50%
Internal audit department80%12 months24 months50%
Management certification of financial statements77%12 months24 months50%
Hotline71%12 months24 months50%
Proactive data monitoring/analysis45%9 months18 months50%
Surprise audits42%9 months18 months50%
Job rotation/mandatory vacation23%8 months16 months50%
Management review72%12 months23 months48%
Formal fraud risk assessments48%10 months18 months44%
Code of conduct85%12 months20 months40%
Fraud training for employees63%12 months20 months40%
Fraud training for managers/executives62%12 months19 months37%
External audit of internal controls over financial reporting72%12 months18 months33%
Independent audit committee68%12 months18 months33%
Anti-fraud policy60%12 months18 months33%
Dedicated fraud department, function, or team50%12 months18 months33%
Rewards for whistleblowers14%9 months12 months25%
Employee support programs59%12 months14 months14%

Source: Occupational Fraud 2024: A Report to the Nations. Copyright 2024 by the Association of Certified Fraud Examiners, Inc.

We can help

Your organization can’t afford to be lax in its antifraud controls. The ACFE estimates that occupational fraud costs the typical organization 5% of its revenue annually, and the median loss caused by fraud is a whopping $145,000. If your organization doesn’t already conduct surprise audits, contact us to discuss how they can be used to fortify its defenses against occupational theft and financial misstatement.


Share with your network

Copy this link: