An exclusive Compliance Week survey shows that many corporations are bracing for a drop in revenues next year and a spike in fraud—not that they have the internal controls ready to fight it.
That’s according to the results of an online survey of 249 compliance, legal, finance, and risk executives at public companies conducted by Compliance Week and Deloitte Financial Advisory Services in late October. More than 75 percent of respondents say they expect diminished budgets in the coming year. At the same time, nearly all (91 percent) expect fraud activity to remain steady or increase.
Spindler
“Overall, the survey indicates that we need to prepare for an oncoming wave of increased fraud activity, and Corporate America isn’t yet there,” says Michael Spindler, a partner in Deloitte Financial Advisory Services’ forensic and dispute services practice.
The survey underscores new challenges compliance executives are likely to face in the first recession of the post-Sarbanes-Oxley era. Among the findings:
70 percent of respondents say their company experienced a reduction in revenues compared to projections for the past year;
27 percent expect “significant” budget cuts in the coming year;
46 percent expect fraud to increase “significantly” or “somewhat,” and only 3.6 percent expect fraud to decrease.
“Our expectations were that the survey would indicate concerns about an increase in the rate of fraud as result of the economic downturn,” says Spindler. “What surprised us was how overwhelming the response was in that direction.”
Equally unsettling are companies’ thoughts on how well they will—or will not—fight that expected increase in fraud. For example, while 85 percent of the executives polled stated they’re prepared to address fraud risks that may result from cost-cutting initiatives, 27 percent say they aren’t prepared to address fraud risks that may result from global expansion, and another 21.5 percent stated they didn’t know the answer to the question.
Even for those that are “somewhat prepared,” Spindler says, there are “still considerable risks.”
Prentice
The core of the problem is that many steps companies implement to cope with an economic downturn can increase their fraud risks. Cost-cutting measures such as layoffs and pay cuts can leave employees feeling “disenfranchised,” says Heriot Prentice, director of standards and guidance at the Institute of Internal Auditors. “People who previously never thought of committing fraud may feel there’s an opportunity.”
At the same time, experts warn, companies often either weaken or eliminate internal controls during a restructuring. Carefully crafted segregation of duties, for example, might be thrown into turmoil after a wave of job cuts. “When companies cut staff, the internal controls they’ve built up are normally cut back as well,” Prentice warns.
“Companies need to have a clear understanding of responsibilities around antifraud programs and controls from the board level all the way down to line employees.”
— Donna Epps,
Partner, Dispute Services,
Deloitte FAS
Ratley
James Ratley, president of the Association of Certified Fraud Examiners, says the problem can be even larger for small businesses. Those with fewer than 100 employees are “more than twice as likely to experience fraud problems because they often don’t have adequate internal controls or auditors,” he says.
During a downturn, and particularly when companies are reducing their workforces, Prentice says it’s critical for companies to review critical controls such as delegation and segregation of duties to make sure they “haven’t gone out the door with those employees.”
Other cost-cutting actions, such as turning to low-cost foreign suppliers or trying to sell to a global marketplace, can also result in new fraud exposures such as bribery and corruption, says Donna Epps, a partner in the forensic and dispute services practice at Deloitte Financial Advisory Services.
The survey results show that some companies are at least discussing measures to bolster their anti-fraud controls and programs. Slightly less than two-thirds of those polled report that they’re engaged in internal discussions around enhancing fraud monitoring or increasing internal audit to deal with the anticipated increase in fraud. But another 31 percent have not.
Moreover, while many companies appear confident that they can handle some of the additional fraud risks resulting from cost-cutting actions, the findings show far fewer feel prepared to address the risks posed by expansion plans. Eighty-five percent of the executives polled stated they’re prepared to address fraud risks that may result from cost-cutting initiatives; only 52 percent said they’re prepared to address risks related to global expansion.
Coping With a Control Squeeze
Perhaps most troubling is the number of respondents who say their organizations aren’t prepared for the added fraud risks that they may face: Roughly 27 percent admitted as much, and another 21.5 percent didn’t know the answer to the question.
Even for those that are “somewhat prepared,” Spindler says, there are “still considerable risks.” For that reason, he says, companies must make fraud risk management a priority.
FRAUD FEARS
Do you anticipate that the incidence of fraud within your company will increase or decrease in the next year?
Industry:
Manufacturing
Financial Services
Other
Decrease Significantly
1.0%
0.0%
0.0%
Decrease Somewhat
2.0%
5.7%
3.7%
Don’t Know
2.0%
5.7%
7.4%
Increase Significantly
4.9%
3.8%
6.2%
Increase Somewhat
40.2%
45.3%
39.5%
Stay the Same
50%
39.6%
43.2%
Source
Compliance Week/Deloitte Survey on Fraud (October 2008).
Experts offer several recommendations for mitigating fraud risk when companies must do more with less. For instance, experts say tactics such as continuous auditing and using software to do data mining and data analysis can help companies spot trends and evaluate potential fraud activity. The Institute of Internal Auditors, the Association of Certified Fraud Examiners, and other associations also have guidance worth consulting, they say.
Epps
Epps stresses the need for a strong antifraud tone at the top, but warns that a commitment by management and the board isn’t enough. “Companies need to have a clear understanding of responsibilities around antifraud programs and controls from the board level all the way down to line employees,” she says.
Organizations must also have a plan for what to do when a fraud allegation arises and documented processes for how allegations will be handled at each level. Epps says transparency into the process is also crucial. “People have to see that if bad behavior occurred, a process was followed to correct it,” she says.
Management must also make an example of cases where fraud is found. Ratley says enforcement “has to be swift and sure.”
Since internal reporting is the most common way fraud is discovered, Epps says training and publicity around whistleblower hotlines can also have an influence. Again, experts say actions are just as important as words: After a report is made, “People need to see some action taken or they’re never going to call again,” Ratley says. “They need to see the auditors there, or see some action taken by management, or see controls tightened.”
Epps also suggests companies with hotlines in place should reassess their effectiveness, particularly if they’ve had a low call volume, which could be “more of an indicator that the hotline isn’t working well than an indicator that your organization is free of fraud.”
Spindler recommends companies look at their existing fraud risk assessment and either update it, or conduct a new one to address any changes made in response to the economic slowdown. Additionally, he says, companies should consider conducting a workforce survey to get a sense of whether employees “have a clear understanding of the tone at the top and ethics policies and the antifraud program.”
No comments yet