Fraud Without an Owner
/Ursula Schmidt, Ph.D., CCEP-I, founder of Schmidt Advisory, opened her session at the 37th Annual ACFE Global Fraud Conference by acknowledging that today’s fraud landscape is increasingly complex. Artificial intelligence, digital finance, environmental, social, and governance (ESG) initiatives, supply chain disruptions, and a growing reliance on third parties have all created new opportunities for fraud. At the same time, traditional fraud scheme methodologies continue to succeed because organizations fail to recognize or act on familiar warning signs.
Schmit noted that although regulations vary across jurisdictions, organizations face common expectations around accountability and safeguarding critical systems. Meeting those expectations requires organizations to move beyond reactive efforts and develop proactive and preventive approaches to fraud risk.
Schmit highlighted that many organizations continue to rely on whistleblower tips — and sometimes luck — to uncover misconduct. She argued that resilience depends on treating fraud management as an organizational capability supported by leadership, collaboration and clear ownership instead of silos.
Asking Better Questions
When discussing how organizations can better understand fraud risks, Schmidt asked attendees to rethink how they approach data analytics. Too often, Schmit remarked, organizations ask whether they have enough data when they should be asking what they actually want to know.
“Analytics starts with curiosity,” Schmidt said, encouraging organizations to ask specific questions before collecting or analyzing data. Starting with focused questions allows organizations to leverage existing information more effectively while avoiding overly complex data analytics initiatives.
Rather than building expansive dashboards, Schmidt recommended starting with smaller projects, beginning with pain points and existing technology. From there, you can build a case for leadership.
“When I want something, I prepare like hell, and I build a case, and I usually get what I want,” she said.
Turning Insight into Action
Schmidt illustrated this approach to analytics with the example of an organization that implemented a new in-house expense reporting system. Although the system reduced manual work, it also eliminated several controls, creating new opportunities to expense fraud that were later discovered during an internal audit.
Instead of viewing the issue as only an auditing issue, Schmidt advocated bringing together developers, IT auditors, finance professionals, human resources and legal teams to identify the root cause and redesign the environment by eliminating silos. The collaborative effort, she said, addressed the fraud risk, clarified procedures and made better use of data to generate alerts across the organization. Throughout the example, Schmidt emphasized the importance of a no-blame approach focused on solving problems as an organization rather than assigning fault.
Schmidt explained that fraud professionals should clearly explain which business problems an initiative is going to solve. Rather than simply asking for more resources, fraud professionals should clearly explain which business problem an initiative will solve, why action is needed now and how success will be measured through key performance indicators, return on investment and risk reduction. Demonstrating efficiencies, leveraging existing resources and identifying synergies across departments can also strengthen the case.
Equally important is building allies before approaching senior leadership. Schmidt encouraged attendees to connect anti-fraud initiatives to the priorities of departments such as finance, legal, human resources and internal audit, helping leaders recognize fraud resilience as a shared business objective rather than an isolated compliance concern.
Culture as the Foundation
Although analytics and collaboration are essential, Schmidt argued that culture ultimately determines whether organizations become fraud resilient. She encouraged attendees to evaluate whether their organizational culture serves as a “driver of fraud or a foundation for resilience.” A healthy speak-up culture, she said, depends on visible communication, psychological safety and confidence that concerns will be addressed fairly. If whistleblowers experience retaliation, if influential individuals appear immune from accountability or if investigations leave employees with unanswered questions years later, trust deteriorates throughout the organization.
Schmidt recommended establishing aligned objectives, clear procedures, unambiguous roles and consistent tone from the top to enforce integrity. Organizations should also conduct post-incident reviews to identify lessons learned and strengthen future responses rather than simply closing investigations. Consistency in hiring and interviewing practices can also reinforce the values organizations expect employees to uphold.
One of Schmidt's most memorable exercises encouraged attendees to assess their organization's mindset. Using a “medals for mindsets” framework, she described a bronze-level culture as one in which employees report concerns when something appears wrong. Silver represents an environment where silence itself is recognized as a potential risk. Gold reflects an organization in which employees can safely disagree with their managers in public without fear of retaliation. Audience polling showed that most participants viewed their organizations as falling within the bronze or silver categories, suggesting that many still have opportunities to strengthen psychological safety.
Schmidt concluded by reminding attendees that fraud risks will continue to grow more complex. Organizations should strive to be prepared, adaptable, responsible, trustworthy and collaborative while fostering shared ownership across the business. Ultimately, she argued, culture remains the “secret sauce” that enables every other aspect of fraud management to succeed. By asking better questions, breaking down silos and creating environments where employees feel empowered, organizations can move beyond reacting to fraud and begin building lasting resilience.
