KPMG audit teams can use ACFE fraud report to sharpen controls

Fraud is still being caught by people before systems, and that is the warning KPMG audit, forensic and risk teams should take from the latest ACFE benchmark. The Association of Certified Fraud Examiners said organizations lose an estimated 5% of revenue to fraud each year, and its new Occupational Fraud 2026 report found that 43% of cases were detected through tips, with more than half of those tips coming from employees.

Released on May 12, the report reviewed 2,402 occupational-fraud cases from 143 countries and found more than $3.4 billion in total losses. The median loss was $104,000, but the average loss was $1.457 million, a gap that shows how a small number of long-running schemes do most of the damage. The typical case lasted 12 months before detection, long enough for weak oversight, ignored warnings and poor segregation of duties to turn a control lapse into a career-ending failure.

That is the part KPMG professionals should be pressing on with clients. The ACFE said fraudsters who display at least one behavioral red flag, such as financial troubles or living beyond their means, caused higher median losses than those without those signals. Larger organizations with more than 10,000 employees ranked near the top in median-loss severity, a reminder that scale does not protect a firm if managers are stretched thin or control owners assume someone else is watching.

The profile of the fraudster is also familiar to anyone who has worked in a large professional-services environment. The ACFE said longer-tenured, college-educated male employees were more likely to commit fraud, and 68% of fraudsters were terminated while 54% of cases were referred to law enforcement. KPMG’s own fraud research has found that the typical fraudster is male, 36 to 55 years old, highly respected and long-serving, while weak internal controls were the prime reason in 76% of fraud cases and tip-offs remain the most common detection method.

For audit teams, the lesson is not that more controls always solve the problem. It is that controls fail when nobody follows the trail. Hotline design, manager training, interview technique and data analytics all matter because employees are still the first line of defense. KPMG’s ethics and compliance hotline, which runs through an independent third-party provider and is designed to protect confidentiality and anonymity, fits that model.

The 2026 report is the 14th in ACFE’s Report to the Nations series, marking 30 years since the first edition in 1996. Across that series, the ACFE says it has aggregated well over 20,000 occupational-fraud cases. For KPMG teams heading into another cycle of client testing, the message is blunt: the most expensive frauds are usually the ones that linger longest, and the cheapest control is still a worker who feels safe speaking up.