The typical company fraudster is a trusted male executive, sometimes even the chief executive, who will carry out as many as 20 acts of serious fraud over a period of up to five years or more.
Senior managers often assume company fraud is largely an opportunistic crime carried out by relatively junior employees – but they'd be wrong.
A study by accountancy firm KPMG Forensic looking at 360 actual company fraud cases in Europe, the Middle East and Africa has revealed striking similarities in who carries out fraud, for how long and why.
More than eight out of 10 fraudsters were male, with the typical fraudster aged between 36 and 55.
By the time he starts enriching himself by illegal means, he has usually been employed by the company for six or more years.
He typically works in the finance department and commits the fraud single-handed, said KPMG.
In 86 per cent of cases he is at management level – and in two thirds of cases he is a member of senior management, with simply greed and opportunity his motivating factors.
Equally worryingly for companies, the typical fraudster commits multiple offences over an extended period of time before being detected, KPMG found.
Over half commit 20 or more frauds and a third more than fifty. Two thirds commit frauds for between one and five years, and nearly one in ten get away with it for more than six years.
With the total financial loss caused per fraudster at more than €1m in nearly half of the cases, the financial toll on companies could be significant, said KPMG.
Richard Powell, partner at KPMG Forensic in the UK, said: "Companies clearly have a challenge on their hands.
"Over 60 per cent of perpetrators are members of senior management, whose status in the company makes it easier for them to bypass internal controls and inflict greater damage on the company.
"Given the repeated and extended nature of most frauds, companies need to work extremely hard to detect frauds earlier, through tighter internal controls, data analytical tools, and more widely publicised fraud reporting mechanisms.
"Engendering the right culture is also important, to create an environment where it is less likely that fraud can take root," he added.
Weak internal controls were the most usual enabler of frauds (in 49 per cent of cases), the survey reported.
Not surprisingly, therefore, offences were most commonly discovered through staff "whistleblowing" (in a quarter of cases).
Management reviews were the second most common vehicle for detection (more than a fifth).
How sensitively the affected companies reacted to fraud was shown by the fact that two thirds issued incomplete information or none at all about the incident.
The employees, authorities and media were rarely informed for fear of loss of image. Consequently, offences only occasionally led to a criminal investigation.
Mostly, independent investigations are carried out without the police or the public authorities being informed.
"Recoveries of losses from fraud can take several years to be completed. Prevention (such as introducing ethics and integrity measures at the top management level) is always a more efficient and cost-effective means," said Powell.
Amongst the cases KPMG analysed, in Europe the highest proportion occurred in the public sector (29 per cent), with the rest fairly evenly split amongst other sectors such as industrials, communications and financial services.
In Africa meanwhile, 48 per cent of cases were in the public sector, while this fell to just 15 per cent in the Middle East.