The Hindu Business Line : Fight frauds with a culture that supports controls

Fraud detection IT tools, intrusion detection systems, whistle-blowing hotlines, reference checks before hiring employees… Companies have tried almost all these techniques to mitigate frauds, but big rackets continue to hit the headlines.

Reason? “Controls alone are not enough,” observes Mr Steven L. Skalak, Partner, Global and US Investigations Leader, PricewaterhouseCoopers LLP. “Companies need to put in place a combination of culture and controls in order to reduce fraud risks. For instance, our surveys found that effectively-implemented whistle-blowing systems, and a corporate culture that supports them, have had a noticeable impact on detecting frauds,” he elaborates, during the course of an e-mail interaction with Business Line.

Employees must feel confident about reporting a fraud, insists Mr Skalak. “And that confidence can only come if the organisation has a strong culture.” Company culture is vital in establishing an effective fraud risk management programme, he declares. “Creating a strong corporate culture by a comprehensive compliance programme that is fully integrated into all components of business operations is the key to mitigating fraud.”

An example of this, says Mr Skalak, is an ethical code of conduct clearly communicated and lived by employees, vendors and suppliers to create a commonality of experience. He again cites from PwC’s survey findings, that a significant fraud prevention and detection step any company can take is to have a robust internal audit department.

“Best investments are those in the whistle-blowing hotlines, in internal audits, in having a corporate culture, educating the staff and in various fraud prevention programmes.”

Excerpts from the interview:

Are frauds on the rise?

Our Global Economic Crime Survey 2007 has revealed that fraud remains one of the most problematic issues for businesses worldwide. There was no abatement in the fraud scenario during last two years when compared with findings from our previous survey undertaken in 2005. Of the 5,428 companies in 40 countries we surveyed last year, over 43 per cent reported suffering one or more significant economic crimes during the previous two years. This figure is similar to the findings of our 2005 survey and shows a 6 per cent increase over the findings of our 2003 survey.

Any estimates of the monetary impact?

The cost of fraud has been on the rise. The total loss reported by our respondents over the last two years was in excess of $4.2 billion. The average loss from fraud over 2005-07 per company was a whopping $2,420,700, as opposed to an average $1,732,253 per company during 2003-05 — an increase of nearly 40 per cent.

This average loss does not include ‘management costs’ involved in dealing with the fallout from a significant fraud — such as reallocation of management time, possible costs of litigation, the need to manage a possible PR campaign and dealing with renewed regulatory oversight and demands.

Does a company going global run a greater risk of fraud?

The global environment brings with it many risks of fraud. Such risks are unavoidable when companies are crossing geographic and cultural boundaries. Companies find themselves in a completely new and different environment.

The principal concerns that have been expressed are of four kinds. The first one pertains to the fact that no one likes to be victimised in a business transaction, especially by their own employees, customers or suppliers. Many companies, when they go global, have to acquire a new set of relationships from each one of these groups.

And there is a high degree of concern that they could be a victim of fraud perpetrated by each side. Being in a new environment also raises concerns over external exposure to fraud — they could be victims of hacking, theft of goods and assets, or could incur data and third-party losses.

Second, when companies cross geographical and cultural boundaries, they feel the fear of getting trapped in an unfamiliar business environment. They also fear getting trapped in a corrupt business environment, where they may have to use inappropriate practices to further their business interests. As Indian businesses expand into new business environments, they are likely to find environments that are inhospitable in these aspects.

The third risk is ‘transaction risk’. The booming M&A (merger and acquisition) market has resulted in tremendous capital flows all across the world. This is putting pressure on a lot of companies. The due-diligence periods are getting shorter and there is a strong pressure on companies to fix deals for strategic purposes. As a result, there are substantial concerns that fraudulent practices in a significant investment may remain undetected.

The fourth risk is ‘contractual risk’ or ‘business-to-business risk’. There is a growing concern that risks associated with areas determined by contracts, intellectual property, for example, are going to be exposed when new territories are entered. Therefore, revenue-sharing and cost-sharing arrangements and all other contractual arrangements that businesses use to establish themselves in territories raise a risk of fraud.

What about JVs?

Joint ventures (JVs) come with their own set of risks. There may be concern over the partner diverting funds from the joint venture company to other businesses. In fact, there are a series of other risks pertaining to joint ventures, such as the partner indulging in corruption and bribery or IP (intellectual property) infringement and other contractual risks discussed before.

Most companies have ambitious 100-day integration programmes to effect a merger. How practical is it to merge two corporate entities in 100 days?

In my view, companies must not get overly enamoured by a 100-day integration programme. In an acquisition, if you have concerns about something fundamental to the business, then it can’t be changed in 100 days.

There are many issues in an international transaction that can’t be dealt with in 100 days. For instance, there are a lot of behavioural aspects — such as the behaviour of employees and of the organisation as a whole — that can’t be changed in 100 days.

In the US, practices such as entertaining clients, gifting, bribery, etc., are not common due to stringent regulations and enforcement. So when an American company acquires an overseas firm, it cannot change attitudes of employees pertaining to entertainment, gifting, bribery, etc., in 100 days. Companies need to have a realistic attitude towards integration.

How should a management tackle a fraud that has just been detected?

One of the most important things to do is to preserve your access to the information you will need in order to investigate the case. Preserving access to information means a couple of things. First, don’t immediately dismiss the employee who is allegedly behind the fraud. On the contrary, the management should meet this employee, interview him/her and investigate if others are involved.

Second, you need to take steps to secure the appropriate sources of data — such as PC files, physical records, laptops, PDA phones, etc. The team investigating the fraud should go through this step as quickly as possible.

Third, maintain confidentiality throughout the process. Every instance of an allegation may not be true. If you don’t maintain confidentiality, it can potentially impair the organisation’s ability to check the problem.

So companies must preserve access to the one who is allegedly involved, preserve access to documents and data and preserve confidentiality while investigating a fraud.

Shouldn’t the regulator be informed about frauds?

In the US, the involvement of regulators varies from case to case. But in any major matter, the regulators will be very active. The expectation of the US regulators has been that of self-reporting. They expect companies to voluntarily report cases of fraud. The days of “let’s just not report” are over. Companies resort to self-reporting in order to avoid harsher penalties. Today, the question before companies in the US is not whether they should report or not report an instance of fraud, but that of when they should report it. It is seen that the earlier companies report instances of fraud, the better. However, it should not be so early as to make an incomplete report.

Bio: Mr Skalak, a CPA (certified public accountant) and a member of the AICPA (American Institute of Certified Public Accountants) and the New York State Society of CPAs, is a past member of the Professional Ethics and Cooperation with Bankers Committees. A BA from Dickinson College and an MBA from Columbia University, he is a frequent instructor at training courses, teaching a variety of auditing and accounting concepts, approaches, and techniques, backed by his more than a quarter-century public accounting experience.

Some of Mr Skalak’s ‘representative assignments,’ as extracted from his CV on the firm’s page, make for an interesting reading, as follows:

Investigation into a trader’s methods in a recent matter relating to unauthorised commodities trading on the LME, COMEX, and OTC base metals markets. The trading resulted in losses in excess of $1 billion.

Defending key executives of a $1 billion manufacturing company in a SEC investigation and shareholder and bondholder class actions. The allegations in this matter include earnings management, revenue recognition errors, restructuring charges, and inadequate disclosures.

Expert accountant in a €500 million dispute before an ICC panel of arbitrators alleging fraud in a business acquisition transaction between two global corporations. The principal matters in dispute pertained to the application of US GAAP in several judgmental areas including the application of the long-term contract method of accounting, impairment of intangible assets, and pension and benefit plan accounting.

Investigation and testimony preparation relating to the methods used by a trader to circumvent trading controls and custody operations for both the Bank’s and customers’ US Treasury securities in a scheme that caused losses in excess of $1.1 billion.

Investigation of the methods and losses of an international money manager who used a series of offshore SPVs (special purpose vehicles) to hide investment losses in excess of $200 million. Trading causing the losses was primarily foreign currency speculation, gold, and US Treasury Bond transactions. Investors were predominantly non-US corporations concentrated in Asia.

Analysis of losses in a portfolio of derivative securities purchased by a pension fund manager on behalf of clients. The analysis was used to equitably divide the losses among the pension funds and maximise their recovery.

D. MURALI

http://InterviewsInsights.blogspot.com

More Stories on : Interview | Economic Offences | Accountancy

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
It’s dosas and idlis still, Mr Pawar, not parathas!

Grow more

Convertible debenture as restorative

Fight frauds with a culture that supports controls

Do our companies understand financial risk?

The black hole called war

Cartoon

Inflation control

Recommendations of Hoda panel

Small finance banks