Fighting fraud: a new European study suggests fraud is wide-spread. (Global View).The Enron scandal and other high profile corporate investigations demonstrate that fraud is perhaps more prevalent than we once thought. A new European study certainly bolsters this view. The survey of 536 leading companies, conducted by PricewaterhouseCoopers LLP, spanned 15 European countries and revealed some interesting results. It consisted of 3,403 interviews of CEOs, CFOs, and those responsible for preventing and detecting fraud in not-for-profit organizations, government bodies, multinational companies (randomly selected from the top 500 companies in each country) and national companies (selected from those companies with an annual turnover of at least [euro]10 million -- CAD$ 14.25 million). While conducted in Europe, many of the conclusions are just as applicable to North American business. The survey revealed the substantial cost of fraud to companies, shareholders and taxpayers. Fraud is estimated to have cost at least [euro]3.6 billion (CAD$5.13 billion) in the last two years, a loss compounded by the fact that only one in five companies recovered more than half of their lost assets and over half the companies surveyed were not insured against fraud. At least 43% of major European companies fell victim to fraud during this time and a third believed that they are at a greater risk of fraud today than five years ago. In the U.K. and Germany, a staggering 70% of major companies reported that they had been subject to economic crime in the previous two years. Cybercrime, accident and chance More than any other type of fraud, organizations are most concerned about cybercrime. The survey found that 43% of organizations rate cybercrime as the number one fraud risk of the future. Of the victims of economic crime in the last two years, 13% said that cybercrime was the type of crime committed. While the increasing reliance on information systems is likely to cause additional offences, the Association of Certified Fraud Examiners (ACFE) suggests that the same systems may be employed to detect fraud. According to the ACFE, organizations lose about 6% of their revenues to all forms of fraud and abuse. The cost to U.S. businesses is estimated at more than USD$400 billion annually and the average organization is estimated to lose more than USD$9 a day per employee. Further, frauds committed by individuals within the organization are more common than those perpetrated externally. Embezzlement, or theft by an employee, has been the most prevalent type of corporate fraud in the past two years, with 63% of European companies reporting incidents. According to the ACFE, this figure was 58% in North America. Of the frauds detected, 58% were uncovered by accident or chance -- revealing the inadequacy of many company control systems to detect fraud. Although half of all companies believed that responsibility for the detection of fraud lies with the board of directors, only 22% provided specific fraud-related training to management. This simply compounds the risk. Prevention of corporate fraud is no better -- 80% of companies that have been victims of fraud remain confident of their control systems despite the high incidence of overall fraud rates and the apparent ineffectiveness of existing and-fraud procedures. Response and responsibility Almost 50% of European organizations surveyed have a policy to report all economic crime to the authorities. However, only 38% of organizations actually pressed charges. The direct and indirect costs of fraud can be as damaging as the financial loss itself, although this was not reflected substantially in the survey: 36% of organizations felt that fraud had a negative impact on staff morale and 16% believed that fraud hurt an organization's brand. Although the direct relationship between economic crime and share price performance is complex, the fact that fraud can have a negative impact on so many of the critical factors driving corporate performance illustrates how fraud can affect enterprise value over the long term. So all this begs the question: Who is responsible for detection and prevention? Not surprisingly, the survey results suggest that internal auditors are seen as responsible for prevention (29%) and for detection (35%). External auditors are also earmarked for a fraud prevention and detection role by 10% and 12% respectively. In January 2Q02, the Assurance Standards Board (ASB) revised the CICA Handbook -- Assurance Section 5135: The Auditor's Responsibility to Consider Fraud and Error in an Audit of Financial Statement to incorporate the International Standard on Auditing (ISA) 240 of the same name that was issued in March 2001. For fiscal periods ending on or after December 15, 2002, the revised section provides additional guidance concerning fraud risks, or red flags, and the example procedures required in response to identified red flags. However, in the context of the auditor's responsibility to detect fraud, it explains the inherent limitations of an audit. It states that the likelihood of a properly conducted audit not detecting a material misstatement resulting from management fraud is greater than for employee fraud. As for fraud investigation, 14% see external law firms as having a role to play, along with the police (37%), internal auditors (45%) and investigation/accounting firms (20%). European companies look to their lawyers and forensic accountants to protect them against fraud, and similar corporate attitudes exist in North America. This responsibility is all the greater given the apparent inadequacy of many company financial control systems. As part of a strategy for prevention, you may wish to consider the following six key steps: 1. Assess existing and future fraud vulnerabilities. Gain a thorough understanding of the organization (e.g. history, objectives, structure, culture, procedures and controls) and the industry in which it operates to identify the areas which are most vulnerable to fraudulent behaviour; 2. Monitor fraud risks or red flags proactively. Enhance monitoring procedures to identify fraudulent behaviours and designate a senior member of management responsible for implementing the solutions and managing the ongoing process; 3. Create clear policies to encourage and protect whistleblowers. Implement proactive procedures to secure your people and corporate assets, including electronic information, and foster an environment of open communication, innovation and productivity rather than collusion, corruption and retribution; 4. Establish effective personnel policies to facilitate internal investigations. Train management and staff to ensure that they understand what is ethical and acceptable behaviour in the workplace while developing proactive detection methods as the need arises; 5. Maintain a robust fraud-response plan. Allow senior management to resolve the crisis in a timely, effective and efficient manner, mitigating the impact of the fraud and minimizing the risk of the fraud reoccurring; and 6. Communicate the company's stance on fraud to all stakeholders. By building in the appropriate ethical standards and culture from the top down, organizations can prevent fraud and avoid damage to their reputation and relationships with clients, investors and employees. Remember, while these steps are a good starting point, they are not exhaustive. Consider all factors when considering your fraud prevention plan. Colin Shaw, ACMA, CFE, is a manager at PricewaterhouseCoopers LLP. He can be reached at colin.m.shaw@ca.pwcglobal.com. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion