Written by Chan Tuck Loong FCMA

The bottom-line is that if management wants to play the role of stewardship then, surely the responsibility of safe guarding the assets of a corporation must fall back into their court. Auditing is left only as a deterrent and perhaps the value of it’s services be correspondingly reduced to that.

Corporate governance although not a new terminology, took new importance with the recent events. One of the developments from the Enron saga is the focus on the inadequacy of the accountancy profession in battling fraud. In many countries the accounting fraternity were left shaken and most had to respond with multi-disciplined committees to review controls and rules of reporting in their respective countries. Now, corporate governance has become corporate mantra. However a back-to-basics understanding of corporate fraud is still important for a holistic approach to eliminate the underlying causes of fraud.

Corporate fraud is growing with globalisation

There is ample evidence that corporate crime is growing and with increasing complexity as well. The wide usage of computers in globalisation will be likely to present more opportunities to the intending fraudsters. Further, the time-tested formula that knowledge has a direct relationship with age no longer holds true in the high technological arena. The young workforce in such companies is usually information technology (IT) savvy as compared to their seniors thus rendering a communication and mindset barrier so wide that these younger members are usually frustrated. Unseating the old guard would be an exercise in futility in the pragmatic business world, thereby leaving the young IT savvy workforce exasperated. Their exasperation can then manifest itself in the form of committing breaches in the security of the IT system of their company. These breaches, which may start as a non-fraudulent show of superiority in knowledge, may become fraudulent later through third party influences or mere temptation. This challenge in the workplace today has yet to be properly remedied as the world marches in the era of information technology at such a rapid pace. Corporate fraud, unlike organised crime, may start with the noblest of intention but along the way a few elements appear to steer their thoughts.

These elements are: -

• Pressure (work /personal)
• Opportunity

When the moment of opportunity presents itself, the potential fraudster may, believing that the one off act may go unnoticed, perpetrate the first act of deceit. One act usually follows another and the situation escalates until it gets out of control; the company then faces a disastrous situation. For that reason, corporate fraud is usually known as a disaster waiting to happen. Corporate fraud can be so wide in that the act may not have benefited the perpetrator but was intended to give the company an advantage. It may ultimately bestow a benefit on the perpetrator in an indirect form such as a bonus or a promotion.

Corporate fraud may not necessary be criminal

Criminal offences are prosecuted by the State when the laws as to penal offences are breached. Some acts of corporate fraud, such as criminal breach of trust and theft are criminal offences but many others like advance billings, bid rigging, sub standard deliveries and sale of corporate information are offences that maybe civil in nature. Fraud can also manifest itself in petty form of fictitious/double claims (genuine or accidental) and the misapplication of by-products for own benefit. The question on whether the act is criminal or civil is unimportant, as corporate fraud has been known to diminish the value of a corporation. Management must therefore take stock of the situation in their company as corporate governance is not only about creating value but also about safe guarding the value of the company. Most States are under increasing pressure to re-write laws to be able to prosecute more breaches as criminal fraud. The effectiveness of these re-writing has yet to be seen.

Parties to corporate fraud

Corporate fraud is rarely committed by individuals acting alone; there is usually collusion between parties, all working hand-in-glove to perpetrate it. The collusion can be both internal as well as external or both, the employees and third parties/suppliers working together toward a mutually benefiting arrangement to the detriment of a company/ society. Further, corporate fraud is not limited to down-line employees. The involvement of top management and directors has taken centre stage over the last two years literally demolishing even big corporations overnight. Even companies can become an unknowing party to a corporate fraud whereby their names are used by unscrupulous fraudsters to defraud other companies through fictitious claims and representations. The fact remains that whenever there is a fraud, there would be a victim and a party that would benefit from the act.

Impact on corporation

Many companies such as Enron, BCCI, Barings, Maxwell group and even Sumitomo have learned the hard way the impact corporate fraud can have on the company. Corporate fraud is a disaster waiting to happen. Some organisations are usually tolerant of acts of corporate fraud that are not material in amount as the excuse is that it would probably cost more to investigate or to control as compared to the amount involved. Whilst this may be sound in terms of cost value analysis, it is certainly flawed. When management has knowledge of the acts of fraud and does not take some form of control to stem these practices from spreading, they will send a wrong message to the employees that such acts are tolerable provided they are small in value.

All the companies mentioned in the preceding paragraph faced financial disaster when the fraud was unveiled. This is certainly not the doing of a single event, for fraud had been perpetrated over some time without being uncovered by management. The uncovering took place after the losses had snowballed to the extent that the company could no longer continue trading. The insolvent company then had to be rescued or liquidated bringing much disrepute to the management, financiers and even embarrassment to the government. The impact would not have been so severe had the fraud been uncovered earlier before it escalated. The Barings & BCCI sagas took the British Government by surprise, as both these institutions were established, renowned and thought to be well supervised by the Bank of England. Barings was in fact, brought down by the lone acts of one of its dealers in Singapore (rare case where no collusion was detected) betting on the direction of the Nikkei 225 index which went the wrong way. It was not a case of lack of control but that of misplaced trust on one of its star dealers, which compromised the controls. The most ironical thing is that on the fateful day the bank collapsed, September 25, 1995, there was an advertisement in the Sunday Times in London for the position of Head, Internal Audit that extolled the virtues of the bank.

The Enron saga took a different twist. Top management perpetrated the fraudulent accounting practices that have led to enrichment of its top management and glowing tribute from stock analyst. The victims were the investing public, employees, other stakeholders as well as the integrity of the American corporate governance.

The disastrous consequences of corporate fraud on an organisation should thus never be neglected. Corporate fraud should, as a matter of policy, never be tolerated but constantly checked. A post mortem of the companies mentioned, will provide a consistent finding: that is, along the way the fraud started with some form of pressure to show results or to cover some slip-ups but escalated into a unmanageable situation until it finally erupted into a disaster when it was no longer tenable given the magnitude of the losses. The human factor played a prominent role in these acts of fraud. Michael Comer has warned of the lack of controls or the misguided belief on honesty in his book on Corporate Fraud. According to him “Self regulation is like putting Dracula in charge of the blood bank”.

Fraud risk – a strategic response

- The management of fraud requires a strategic initiative that is multi-disciplined as well as commitment from the senior management. The attitude of senior management towards fraud will be emulated throughout the organisation. For this reason, a proper fraud strategy must be set out and communicated across the organisation. Integrity must be very much an integral part of the corporate culture if the fraud strategy is to be of any value to the organisation.

- A proper fraud strategy would need the presence of the following elements: -

• Clear definitions of values and ethics

- The identification of values and ethics provide a framework for staff to understand the requirements of the organisation.

• Effective recruitment and personnel policies

- The proper screening process is worth the effort in getting the correct staff and deterring potential fraudsters. Further, personnel policies offer guidance to staff as to dealing with situations that can implicate them in fraudulent activities. Remember not to put Dracula in charge of the blood bank.

• Fraud awareness

- Awareness of the various behavioural aspects of a fraudster and typical fraud risk areas enables the organisation to be ever vigilant.

• Skills in observation and identifying fraudulent situations

- The ability to observe and to probe effectively when faced with a suspicious circumstance allows the effective policing of fraud in an organisation. This is a key management skill in response to fraud risk management.

• Fraud response policies

- Policies as to reporting and responding to fraud must be clear in order to deter fraud. These policies should also offer sufficient protection to people reporting fraud.

The fraud strategy outlined above involves much time and effort in developing. As a result, fraud strategy is usually more prevalent in the larger organisations than in smaller ones. The smaller outfits also have the benefit of greater and more direct involvement of the proprietor. However, it does not mean that smaller organisations do not need to have a fraud strategy; they do, but in much more simplified form.

Fraud risk profile of various operational areas is another important step in fraud risk management. The fraud risk profile should be drawn out in order for the company to have a big picture of the various risks faced and the adequacy of the current controls. Reviews should be undertaken during fraud awareness seminars to test the effectiveness of these controls. Where necessary, appropriate changes should be made to tighten the controls and also remove controls that may be no longer necessary given changes in the operations of the company. Profiling of fraud risk allows the matching of fraud risk against appropriate controls.

Management culture has a bearing on the level of corporate fraud risk. A highly authoritarian management culture will result in employees feeling aggrieved by the harsh treatment suffered. They would try to get even by committing fraud whenever possible to compensate for the unfairness experienced. On the other hand, a highly empowered organisation puts trust on its employees to boost morale. The trust may have compromised the controls originally in place. The lack of controls and blind trust may encourage fraud as the opportunity to commit fraud becomes too inviting.

The continuous testing of the controls together with adjustments to the strategies would ensure the controls grow in tandem with changes in corporate culture, strategy and direction. The idea here is that different controls are needed in different organisational structures. This is a very important considering that fraud risk management begins with the managing of people.

Conclusion

Business risk profiling is usually not as glamorous an exercise as other management initiatives and has never been known to be a morale booster. However, seen in the right perspective, running a company without an effective fraud risk strategy is akin to running a country without a system of criminal laws.

While a lot of effort has been put in by many organisations to improve on the value generation, effort towards the retaining of this value must also be in place and constantly be kept in check. Otherwise an organisation would only be working to enhance the value, not of its stakeholders, but for the benefit of fraudsters. While alertness is the key word in fraud detection, awareness is the key to fraud risk management.