|
|
 |
  |
|
|
|
 |
|
|
|
|
| |
Fraud Risk Management
By Marc Ronez, Managing Director, ARiMI
|
|
| |
Over the past three to four years the stream of news about Enron,
Global Crossing, Worldcom, Singapore Airlines, NKF and other
high-visibility fraud cases has resulted in a tremendous loss of
value and market capitalization. To stem the tide and restore
confidence in the capital markets, in the USA, the Congress passed
the Sarbanes-Oxley Act in 2002, which clearly delineates the roles
of senior management, boards of directors, audit committees and
outside auditors. Although it's not possible to detect every
instance of fraud, now all parties responsible for financial
reporting and internal control must exercise much greater vigilance
if they do not want to suffer serious consequences. The consequences
of fraudulent activities for organizations can go well beyond direct
financial loss to include media embarrassment, damage to reputation,
hammering staff's motivation and loss of customers. However for a
long time, Fraud risk was not taken seriously by most organizations
and even ignored altogether. Things are changing as following widely
publicized cases such as Informatics and NKF scandals, and the
resulting increased awareness of fraud risks—and of all their financial,
legal, and reputational consequences—many organizations are now moving
towards identifying the areas that present the greatest risks of fraud
and implementing plans and practices to deal with it.
The best time to deal with fraud and misconduct is probably before
they occur by approaching the issues from various angles. Hence experts
would generally advocate a series of combined activities which together
add up to a holistic way of tackling fraud. Most experts would agree
that a clearly defined corporate culture, robust personnel policies,
pre-screening of customers, service providers and contractors, regular
assessment and a robust, efficient internal control environment are
vital elements of a good fraud Risk Management Plan. While all the
above is indeed very important, implementing a Whistle blowing line
or other confidential reporting structure for employees to pass on
details of any possible fraudulent activities should also be a key
element of any Fraud Risk Management Plan.
....................................................................................................
|
|
Please click on the links below to have more information
|
| |
|
|
| |
Organizations should want know about any conducts or behaviours that would fall in the following definitions (We will distinguish fraud and corruption).
Fraud is defined as:
"The intentional distortion of financial statements or other records by persons internal or external to the authority which is carried out to conceal the misappropriation of assets or otherwise for gain".
Corruption is defined as:
"Corruption is usually thought of as abuse of office for personal gain, which consists of the offering, giving, soliciting or acceptance of an inducement or reward, in exchange for influence on the action of that person. The gain mentioned above may involve money, sexual favours, advancing family interests or power”.
....................................................................................................
As an example, fraudulent or corrupt acts may include:
• Conflicts of interests e.g. a corrupt relationship can involve an employee setting up a company, the company supplies goods and services to the organisation, the employee does not tell the organisation about it
• Breach of trust e.g. leaking of confidential or sensitive information
• Employee misconduct e.g. use of the credit card for private use, excessive use of telephone for private calls, internet abuse
• Criminal offence
No lists can cover every instance of fraud or corruption. Hence it is important to always use scenario analysis to uncover other possible exposures to fraud.
....................................................................................................
|
|
| |
For more information  |
|
| |
|
|
| |
|
|
| |
Any fraud prevention program is hampered by the belief that we are all too smart and cautious to ever be deceived by a con man. This perception is the starting point in a whole range of related false assumptions that allow criminals to defraud both individuals and organizations with virtual impunity.
....................................................................................................
|
|
| |
Myth 1: We are smarter than Con men — Think again! Apart the obvious crooks, most fraudsters look like trustworthy persons. If fraudsters were easy to spot, they could not deceive us. The only difference between a legitimate offer and a scam is the invisible intent of the promoter. If we all had telepathic powers to read other people's minds, we would be immune to deception. Since we don't, we are all at risk!
Myth 2: It will not happen to us, We trust our staff — The path from honest employee to embezzler may never have been taken intentionally without an opportunity and a deceptive and often unexpected external pressure.
Myth 3: Fraud is an external threat — Once an employee has been compromised, the fraudster has a direct access to a company's internal system. All external source fraud prevention measures have been bypassed snd are useless. Frauds by staff represents 80% of Fraud cases
Myth 4: Financial losses seem to be generally small — While many institutional or business-focused frauds, such as the fax paper and printer toner telemarketers in office supply scams, seek only small amounts per hit, these can easily add up through prolonged repetition. Even then, they pale in comparison to losing trust in or having to terminate a formerly valued employee who has been tainted by a deception.
Myth 5: Laws & punishment will act as deterent — The fact is that laws are made for those who will obey them. Criminal fraud operations don't and pose as respectable corporate entities and either stretch the limit of consumer laws or ignore them entirely. Any financial penalties they may be ordered to pay are considered as a normal cost of doing business. Historically, white-collar criminals have received very light sentences. While this situation is now changing rapidly, it is unlikely to be a deterent for people who do not expect to get caught.
Myth 6: Better deal with it quietly — Efforts to protect the image of an organization by avoiding the bad publicity inherent in prosecuting a fraud case further encourage scammers, who rely on this factor to elude punishments. I fact, less than 10 percent of fraud victims report the event to authorities thus minimising the perception of the problem.
Myth 7: Our current control system can deal with the problem — If you risk control system was not designed specifically for fraud risks, it will not identify the potential cases. 75% of fraud cases are discovered by by tips or accidents.
....................................................................................................
|
|
Awareness of the potential frauds that are targeting organizations and disseminating that information to staff may ultimately be an organization's best and only defense. Organizations should take the time to refer all employees to a fraud information resource that explains how they might be victimized against their better judgment.
....................................................................................................
|
| |
For more information |
|
| |
|
|
| |
| Why Fraud often goes undetected? |
|
|
|
| |
Any fraud detection program is hampered by the above mentioned myths and false assumption. In addition, I would like insist of the folowing 2 important points:
• An organisation's own staff accounts for most of fraud losses.
• Tips are one of the best way to find out about existing frauds
....................................................................................................
Surveys show that an organisation's own staff accounts for 70 to 80% of fraud losses. In 50% of these cases, senior employees are involved in the fraud. They have been in the organization for at least five years and are often in a position to over-ride or circumvent controls that are supposed to protect against fraud.
Furthermore, based on my experience, frauds are usually identified and reported by the following means or groups of people:
| Type |
Percentage |
| Tips |
55% |
| Internal Audit |
21% |
| Accidents |
17% |
| External Audit |
12% |
|
As illustrated above, when looking to find out more about possible existing frauds, the first point of call should therefore be the members of the staff of the organization itself.
The reason for this is that they are the "eyes and ears" of a company . Most of the time, when someone is involved in a fraud or any kind of misconduct, there will be somebody who knows about it. Recent scandals have revealed that often a number of members of the staff knew exactly what fraud was going on and who was doing it. But more often than not, people will not report about what they see or know.
These people who know are an extremely valuable resource and should be treated as such. Unfortunately organizations are often failing to connect and utilize this essential resource in their fraud detection mechanism. The sad part of the story is that if they had used properly they could have stopped the fraud much earlier and saved the organizations mentioned above a lots of trouble.
|
|
| |
For more information |
|
| |
|
|
| |
| The fear factor for the Whistle blower |
|
|
|
| |
Why members of staff are often afraid of blowing the whistle?
The reason is actually very simple especially in Asian hierarchical organizational context. For those current members of staff that do blow the whistle, the consequences can be disastrous!
It is a sad fact to note that far from being recognized as corporate heroes saving the organization from potential destruction, my experience is that most whistleblowers are sidelined or their careers ruined following their disclosure. In too many cases, we can observe the following scenario: a whistleblower alleges that one or a number of long-term members of staff have colluded over a number of years to de-fraud their organization of hundreds of thousands of dollars. Then often the management either ignore the matter or disclose to the person under suspicion. Organizations sometime initiate an investigation reluctantly but often after a short while, decide abruptly to cease the investigation on the basis that it is not producing any convincing results. The whistleblower or a scapegoat is finaly often the one to be punished. Many recent publicized cases have highlighted how whistleblowers are ostracized, bullied, over-looked for promotion, or treated so badly that they have to leave a job that has become untenable.
Furthermore the current volatile economic climate with media reporting on daily basis stories about company staff redundancy programs, falling profits and closures, it reinforcs the feeling of insecurity among the staff of many organization as, whether it is true or not, staff are under the perception that jobs are at risk. This result into a powerful ‘fear factor' in the mind of the employees and the belief that they will increase the likelihood of losing their jobs if they make noise and ‘shake the mud'.
|
|
| |
For more information |
|
| |
|
|
| |
| what is a Whistle blowing Policy? |
|
|
|
| |
Employees are often the first to know when something is going seriously wrong - be it a serious danger to the public or a major fraud. Unfortunately, All too often, they will not report it and the alarm is not sounded. The result is that the people in charge do not get the chance to take action before real damage is done.
There should therefore be avenues for reporting suspicions of fraud and misconduct. Staff should be encouraged to report suspicions of fraud through various channels including hotline set up for the purpose. It is important that staff know clearly how and where to report their suspicions and that any suspicions of fraud reported in this way is seen to be acted upon by management. Members of the public – such as former employees, customers and suppliers - should also be encouraged to report their suspicions of fraud through advertising campaigns, offering rewards, ensuring that avenues for reporting fraud are widely publicized and assuring whistleblowers that any information received will be treated confidentially.
Having such a policy might also discourage potential whistleblowers from approaching the press. In addition, to be effective, organizations need to nurture a culture in which employees believe their concerns will be taken seriously, and that the protection given by the law and policies is real and effective.
Whistle blowing is therefore a formalised, secure and confidential procedure whereby employees disclose any wrong doings such as fraud, misconduct, breach of any health and safety law, or any other illegal act, either on the part of management or by fellow employees.
Whistle blowing policies aim to ensure that serious concerns are properly raised and addressed in the work place. This is why having a robust whistle blowing policy in place is an essential “good practice” for the fraud risk management of any organization. It is essential for any organization that a whistle blowing policy is in place and that all staff are aware of what is required of them.
|
|
| |
For more information |
|
| |
|
|
| |
....................................................................................................
|
|
| |
Do visit this page again regularly for more updates on the subject.
|
|
| |
|
|
| |
|
|
| back
to top > |
|
|
 |
|
|
|
© copyright 2003 arimi. ARiMI is supported by IIA and CARM Institute