In large companies there are usually measures in place to detect these threats, but there are plenty of examples to prove that, once a corporate culture turns sour, it’s hard to turn back.
Recent examples include Volkswagen’s global scandal of cheating on emissions tests, a culture of greed inside Australia’s banking and financial services sector, the AWB oil-for-wheat kickback scandal, and, more recently, the $21 million accounting deception undertaken inside retailer Target.
Small- to medium-sized enterprises (SMEs) tend to be more exposed to bad behaviour from management and staff. And, while multinational organisations may be resilient enough to come back from fraud, bribery, or corruption, most Australian SMEs aren’t.
For example, according to the Association of Certified Fraud Examiners (ACFE), Australian organisations lose up to five per cent of their annual revenue to fraud alone. That can represent an entire year’s profit.
It’s essential to take steps to mitigate the risk, both formally and informally.
The first step is to work out what the culture within your business is like now, identify what you want it to be like, and outline what changes you and other management need to make to live up to the behaviours you want your staff to emulate.
As well as empowering employees to question and speak out about improper conduct, you should also have clear incident reporting lines in place to ensure employees who witness improper behaviour, whether it’s from managerial staff or others, can report it. Underlying this is the culture and reality of protection of those who report such suspicions or concerns in good faith.
Culture alone won’t defend your business from individuals going rogue or people doing the wrong thing, so you also need to develop a more prescriptive set of processes to both prevent and detect breaches.
To ensure processes aren’t bypassed by improper behaviour, you should document and implement an effective fraud and corruption control framework that encompasses everyone at every level in your organisation, including the management team responsible for running the business.
Sadly, fraud by CEOs, CFOs, and others in the ‘C-suite’ is much more prevalent than most companies, regardless of size, would care to admit. The ACFE Global Fraud Study 2016 revealed that the higher the perpetrator’s level of authority, the greater fraud losses tend to be.
The study also revealed the median loss of $703,000 caused by an owner/executive was more than four times higher than the median loss caused by managers ($173,000), and nearly 11 times higher than the loss caused by employees ($65,000).
There is a myriad of reasons for fraud within the owner/executive ranks, but the ACFE Study also suggests the single biggest motivation (45.8%) is people living beyond their means.
So it’s important for your business to implement necessary checks and balances to mitigate these risks, while reassuring your board, audit committee, and stakeholders, including shareholders, that your C-suite executives act ethically and with integrity at all times.
The key is to develop tailored forensic or fraud detection procedures, or a forensic review, focused on your C-suite. Remember, no one, regardless of their seniority in your business, is above the scrutiny needed to mitigate the risks of fraud and corruption.
Examples of forensic or fraud detection procedures at the highest level include: interviewing C-suite executives; conducting forensic due diligence background checks; understanding the systems-access profiles of C-suite executives; and performing forensic IT analysis as required.
Roger joined RSM in 2015, and works in risk advisory. He is the National Head of Fraud & Forensic Services and has over 25 years of experience in forensic investigations and forensic accounting, fraud, bribery & corruption control, related training, forensic IT, compliance, and corporate security. Prior to RSM, Roger was a partner in forensics for a ‘Big 4’ firm where he had been for 13 years, and initially commenced his career in the police force leaving as a detective after 12 years. Roger is located in Melbourne.
- Is superannuation still a good option for your clients?
By Chris Morcom
- Practical advice for improving your cyber security
By Rob McAdam, Pure Hacking
- Blockchain: why it’s time for accountants to get on board
By Ben Scull, Thomson Reuters