Small organizations (under 100 employees) whether profit or not for profit frequently do not proactively address the issue of fraud. The Association of Certified Fraud Examiners (ACFE) 2010 Report to the Nation (RTTN) reported that in respect to the small organizations in the study:
•They accounted for 31% of the victim organizations in the study.
•Median loss $155,000.
•Most frequently relied on control was external audit of financial statements 51%.
•External audit accounted for detection in 7% of cases.
•Most common detection method was tips 33%.
Further, it not uncommon to read of such instances as:
“Accounts receivable for his company…, had been overstated by $2.7 million—double their true value. And $422,539 was missing from the firm’s coffers.”
“…. is accused of embezzling more than $260,000 from …. where she worked for two decades”.

Given exposure to fraud, why are small organizations hesitate to be proactive in managing fraud risk?