While high-tech ways to combat fraud are on the rise, Mary Breslin of Verracy says many organisations are still failing to address some of the basics – like knowing which behaviour constitutes fraud, questioning extraordinary success and examining incentive drivers within the business.
Want to prevent your organisation from suffering large-scale fraud and scandal? Then change the way you look at it.
If we want to prevent, or even minimise the impact that large-scale fraud has on organisations and society then we have to start by changing the way we look at business, inside and out. Despite all the attention fraud receives today, there are basic measures every organisation should take that just aren’t happening. To begin with, every organisation should:
One of the most frequently-used definitions of fraud comes from Black’s Law Dictionary: “The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organisation’s resources or assets.”
However, history has shown that while we are excellent at identifying fraud in hindsight, most people are hesitant or reluctant to call actions ‘fraud’ in real-time, while it is occurring.
We frequently hear that acts and actions might be “bad business decisions” or “waste and abuse” but rarely do employees answer “yes” to the question, “Are you aware of any fraud?” Defining fraud, knowing what to look for and the questions to ask are skills every auditor, compliance professional, accountant and manager needs.
Formally defining fraud, waste, abuse and bad business decisions before there is an actual incident will prevent employees and management from mislabelling potentially fraudulent behaviour as something else. However, how you define it depends on your industry and culture. Risk-based businesses, such as investment banking, are not going to define fraud, waste or abuse in the same way as a more conservative business, like retail or manufacturing. A $5,000 dinner at one entity may be normal business practice while considered abuse or maybe even theft in another. Organisations need to define where the line is for their business before they have instances that need to be labelled.
Some of the most famous corporate frauds share a common trait – extraordinary success. In fact, many were featured in major publications and given annual recognition for being “the most innovative”, “the most admired” and “the best company to work for”. And often these awards were given in the same year or year prior to the scandal and/or collapse of the organisation.
How does that happen? How are these organisations receiving accolades while getting away with fraud? Partly to blame is the way our society values success. Very rarely do we question success. How often are auditors or Six Sigma teams called upon to go investigate an area of the business because they are doing too well, or always meeting expectations? Or, for that matter, to look at an organisation wholly due to its unprecedented success – such as the former Enron or Lehman Brothers? Rarely. So why aren’t we more sceptical; why don’t we question success?
Because we want it to be true. Especially in the United States. Americans place a high value on achieving success. Because we value success so highly, we are hesitant to question it. Bernie Madoff was guaranteeing 20 per cent returns and some very intelligent people took that on face value. Enron grew every single quarter and never missed forecasts or expectations. Theranos, the health technology corporation, underwent a fairy tale climb to extraordinary success; it wasn’t real, yet no one questioned it. Lehman Brothers was almost 200 years old and had revenue growth of approximately 200 per cent from 2002 to 2007 before its collapse. That is unprecedented growth for a mature company that did not radically change the way it did business. Again, it wasn’t real, but rather than being questioned, Lehmans was heralded by Fortune magazine as “The Most Admired Securities Firm” just months before its collapse.
In hindsight, these were all clear red flags – indicators of manipulated or false results. Yet in real-time only a small handful of people questioned any of those ‘success’ stories. Therefore, have a healthy scepticism. Learn to question success; especially unusual success.
Additionally, we must understand what drives behaviour. Organisations put pressure on employees in a multitude of ways, but two areas of significant pressure are incentive programmes and measurement programmes.
Evaluate internal incentive programmes
Every organisation uses incentive programmes. While not every incentive scheme leads to fraud, many do. Why?
Unfortunately, there are many factors. It starts with the purpose of the incentive programme. Is the incentive meant to inspire, to punish, to influence or to deter?
Incentive programmes can be either ‘positive’ or ‘negative’ in nature. Positive incentive schemes reward desirable outcomes, such as accomplishing goals, or exceeding expectations, while negative incentive programmes take the form of punishment. Employees are ‘punished’ for not meeting expectations or not achieving key performance indicators.
Understand and evaluate the difference between positive and negative incentive programmes. Employees are more likely to commit a wrongdoing due to a negative incentive than for a positive incentive. Why? Simply, because it is easier to justify unethical behaviour to protect one’s job than it is to justify it for a reward. Look at Wells Fargo. Unrealistic expectations in negative-based employee programmes led to widespread systemic fraud.
Evaluate measurement programmes – management reporting and KPIs
Not everyone who commits fraud does it for personal gain. Senior managers may be protecting their department or their personal pride. Executives may be looking to improve or maintain how the organisation is perceived by investors, bankers, the public and the industry. Frequently these individuals are chasing numbers: forecasts, key performance indicators (KPIs) and/or management targets. Managers who are managing ‘to the report’ instead of managing the business may feel pressured to manipulate results, or their focus on the numbers may provide others with opportunity for wrongdoing. If a balanced approach is not being used, it can drive poor decision-making and bad behaviours.
Reporting and KPIs that focus only on success factors, and do not highlight the counterbalance or negative aspect of the same results, may create both pressure and opportunity for fraud. Think of a bank that only measures loan growth and not default rate. The quality of the loan – whether a customer can pay the loan back – loses adequate consideration. The long-term results would be devastating.
Understanding how targets are determined and if they are realistic is critical. Let’s look at an example – layoffs. Many of us have been through a downturn and layoffs at our respective organisations during our careers. It is a difficult and upsetting process; no one wants to go through it. Frequently, the management team will determine how much the organisation needs to reduce in total – say, 30 per cent. Then they will dictate that every department must lay off 30 per cent of their employees. All areas must contribute equally because that is considered fair. But is it? Often, no. What if there is an area of the business that has actually grown and increased revenue? What if that area of the business is up 30 per cent over the past year, not down like the rest of the business? Should they still have to lay off 30 per cent of their employees? How will they get the work done and satisfy customer needs? What problems will that lead to?
Now let’s flip it: what if positive growth expectations were set the same way? What if the organisational goal was 10 per cent growth over the next year and every area of the business is expected to increase 10 per cent to make that happen. Is that realistic? Are all areas of the business the same? Would this create undue pressure in some areas and drive bad behaviour? I think it might.
Corruption Perceptions Index – know where You operate
The risk of bribery and corruption for organisations continues to rise steadily as today’s marketplace becomes increasingly global. Companies must be aware of, and prepared for, the risks that a company operating in countries, cultures or areas far from their home market will face. In some regions, bribery and corruption are a standard practice and learning to anticipate and identify the red flags for corruption are critical to an organisation’s success.
Transparency International, a global coalition against corruption, produces an International Corruption Perceptions Index annually. The index ranks 180 countries and territories by their perceived levels of public sector corruption. The results are delivered both numerically and visually. This picture truly does speak a thousand words.
If your organisation is operating in poorly ranked parts of the world, you have corruption risk. How do we detect corruption or bribery? Follow the cash. Very rarely do individuals pay bribes out of their own pockets. If your organisation has business that could be susceptible to bribing public officials, or their family members, look for the opportunities where the business can create cash payments. Are travel and entertainment expenses particularly high? Is there extensive use of petty cash? Are there cash advances? What weaknesses exist in processes around cash? That is where to start looking.
These are just some of the elements that should be evaluated in every organisation. Auditors, compliance professionals, accountants and managers at every level should be evaluating practices and programmes to ensure they are not driving bad behaviour. Consider bringing in outside firms to perform a truly independent and objective evaluation of the existing practices and programmes to ensure the culture does not lead to bad behaviour that can put your organisation at risk.
Mary Breslin – whose career in the industry spans over 20 years and includes significant international experience – is the founder of Verracy
(www.verracy.com) and specialises in internal audit transformations, operational and financial auditing, fraud auditing and investigations, as
well as corporate accounting.