The financial scandals at the turn of the 21st century eroded investor confidence and public trust. In response, Congress passed the Sarbanes-Oxley Act (SOX) in 2002. Nevertheless fraud and corruption continue to exist and the extent of white-collar crime is startling. The 2012 Report to the Nation published by the Association of Certified Fraud Examiners estimates that companies lose 5 percent of their revenue to fraud every year and that the total, worldwide cost of fraud exceeds $3.5 trillion annually. As evidenced by the recent $7 billion fraud at Sociate Generale fraud is an international problem. If you or your CFO can envision ways in which employees may have committed white-collar crimes against your company then chances are good that it has already happened.
The extent of ethical violations by employees is also startling. According to the 2005 semi-annual National Business Ethics Study (NBES) from the ethics resource center only 55 percent of employees surveyed said that they reported misconduct. The top reasons why they didn’t report misconduct included:
• They didn’t feel that any corrective action would be taken,
• Fear that reports of misconduct would not be confidential,
• Fear that reports of misconduct would result in retaliation by superiors,
• Fear that reports of misconduct would result in retaliation by coworkers, and
• They didn’t know who to contact.
The 2007 National Government Ethics Survey, also conducted by NBES, indicates the pervasiveness of the problem in the public sector:
• Nearly sixty percent (57 percent) of government employees report that they have witnessed a violation of ethics standards, policy or the law in their workplace within the past year, and
• Almost one-third of government employees who observed misconduct did not report it, thus making it impossible for management to ensure that problems are properly addressed to prevent future occurrences.
While you might hope that the ethics situation has improved, the latest NBES survey (2011) reported that retaliation against employee whistleblowers has risen sharply, and that the percentage of employees who perceive pressure to compromise their standards to do their jobs climed five points from 2009 to 12 percent.
Don’t rely on auditors to uncover fraud. Auditors, both internal and external, do a notoriously poor job of detecting fraud. While the audit function is necessary and important it is not sufficient to either detect or prevent fraud. Most frauds are detected when an employee complains or gives an anonymous tip. To drastically reduce fraud losses companies must raise awareness about fraud among all employees at all levels. Employees are a company’s eyes and ears for the prevention and early detection and of all types of white-collar crime. Unfortunately most employees, like most auditors, don’t know what to look for. That’s where the role of a Chief Learning Officer is critical.
The Sarbanes-Oxley Act of 2002 (SOX) and the Federal Sentencing Guidelines have pushed companies to adopt compliance and ethics training programs. Training is not expressly required under SOX, however Section 301 of SOX requires clear communication of reporting channels and protocols. In addition SOX states that audit committees must establish a procedure for the confidential, anonymous reporting of complaints (Section 301(4)). The required communications and procedures naturally involve training.
Two of the primary reasons, in the NBES study cited above, that employees didn’t report misconduct was that they didn’t know whom to contact and that they were afraid that their reports would not be confidential. If this is the case then clearly the procedures required in SOX Section 301(4) are not being successfully implemented. In addition, training oriented to meet the specific requirements of SOX is not sufficient to deter fraud. More is needed.
Fraud Awareness Training
Fraud awareness training programs can be designed to meet the communications requirements of SOX, and also to serve as an effective deterrent to fraud. At the conclusion of a fraud awareness program participants should be able to:
• Explain what fraud is,
• Understand how fraud hurts them and their company,
• Describe how fraud is committed,
• Describe the personality characteristics of fraud perpetrators,
• Identify the three conditions necessary for the commission of a fraud,
• Identify fraud “red flags”, and
• Explain what to do if fraud is suspected.
The following sections provide background information for each of these learning objectives.
Fraud is a deception deliberately practiced to secure an unfair or unlawful gain. A more complete definition is that it is the intentional misrepresentation of a material fact, made for the purpose of securing an unfair advantage, and that is relied upon by another to their detriment. To summarize, the key elements of fraud are:
• False representation, a big lie.
• The lie was intentional or knowingly made.
• The lie must be made to obtain a benefit or advantage not due.
• The lie must be material, that is, it must make a difference.
If the truth had been told, would you have done anything differently? If so, then the lie was material.
• The lie is relied upon by another.
• A resultant loss occurred.
One of the key differences between armed robbery and fraud is that fraud is generally perceived as being a victimless crime. Many frauds go undetected and so the victim never discovers that a crime was committed. In addition, unlike armed robbery, fraud is difficult to detect; the crime is intentionally hidden.
Effects of Fraud
A few statistics can quickly demonstrate that white-collar crime is big business. The 2012 ACFE Report to the Nation estimates that companies lose 5 percent of annual revenues to fraud. As noted above, that means that the world-wide loss is about $3.5 trillion. The average dollar loss from the cases used as the basis for the biannual report was $140,000. However, about one fifth of the cases resulted in losses of over $1 million. Cases like Enron gets lots of press but fraud affects companies of all sizes. In fact small companies, companies with less than 100 employees, are usually the hardest hit. In addition, the average detected fraud lasted 18 months before it was discovered.
Assume that net income is five percent of revenue at your company. If that were true and your company was hit by a $100,000 fraud it would take $2 million in sales to recover the lost profit. Fraud hurts. That hurt is passed on to customers as higher prices and to employees as lower wages and benefits. Participants in a fraud awareness program should understand how fraud could (or has) affect their company and how it affects them.
The steps in the commission of a fraud are asset misappropriation (a nice way to say “larceny”), concealment, and conversion. Fraud is difficult to detect because of concealment. The fraud perpetrator intentionally hides the evidence of the misappropriation. For example, an employee may steal cash and then hid the theft by preparing a seemingly normal entry in the accounting system. The books balance, everything appears normal, but cash is missing and the theft has been covered up.
It is generally agreed that three conditions must be present for the commission of fraud: opportunity, pressure, and rationalization. The reduction of any one of these three factors is perceived as reducing an individual’s ability and motivation to commit fraud and thus to help prevent fraud. Opportunity exists when an individual identifies a method of misappropriating another’s assets for their private use and, in most cases, of concealing the diversion. Strengthening internal controls is usually perceived as the “best” method of reducing opportunity risks and it is the only one of the three factors under direct organization control.
Pressure is presumed to contribute to corruption when individuals face financial problems that they perceive to be unsolvable. Rationalization provides a mechanism for justifying corrupt acts. While it may be possible to identify individuals experiencing financial stress, managers have little direct control over that stress or individuals’ rationalizations. Coworkers, on the other hand, may be very familiar with the financial stresses that their colleagues face and with their thought processes and statements that might lead to rationalization. This places them in a better position to identify individuals who may have incentives to commit fraud, if they are trained to recognize the symptoms.
Who commits fraud? Take a good look around you. For the most part people like you and me. In fact, jailed fraud perpetrators don’t look much like other property offenders; they look more like college students. Convicted fraud perpetrators, when compared to other incarcerated property offenders, are better educated, more religious, less likely to have abused drugs or alcohol, less likely to have previous criminal records, and to have better mental health. In addition, they demonstrate higher self-esteem, self-sufficiency, motivation and achievement and are more optimistic. Frequently fraud perpetrators are trusted, long-time employees.Required Training
Red flags are indications that a fraud might be occurring. A red flag doesn’t prove the existence of fraud, all it does is call attention to a condition that should be investigated more thoroughly. The side bar list common red flags. A fraud awareness training program should train employees to recognize red flags that may appear in their workplace and train them what to do when they detect red flags.
The final learning objective is the most important. Every individual in the organization must know what to do if they suspect that a fraud might have been committed. To overcome the fear of being a whistle blower employees must:
• Know who to contact,
• Feel that corrective action will be taken,
• Know that reports of misconduct will be confidential,
• Know that reports of misconduct will never result in retaliation by superiors,
• Know that reports of misconduct will never result in retaliation by coworkers, and managers.
The last two concerns become non-issues if employees are sure that their reports of misconduct will be confidential. The easiest way to ensure confidentiality and to ensure that employees know whom to contact is to institute a 24/7 fraud. Employees need to know when and how to use the fraud hotline early enough to prevent financial losses.
A fraud awareness training program can help make your company fraud-proof. It requires commitment at the top and participation throughout. Only when all employees know what fraud is, how it hurts, what to look for, and how to report it will the risk of fraud be substantially reduced.trust that has been placed in them makes fraud possible. While only 2% of incarcerated property offenders are female about 30% of fraud perpetrators are female. All of this makes fraud perpetrators hard to identify. Participants in a fraud awareness program should understand that any of their colleagues might be capable of committing fraud.