It is still rare to find an organization with a top down fraud and corruption preventive strategy that is part of its culture. This is often because certain executive directors believe that promoting an open, honest culture will ensure the likelihood of fraud and corruption remains low. However, even with the best culture, organizations have little or no control over an individual's personal circumstances, private life or motivation. In over 25 years of investigations, the one common factor we have observed is that discovery of a fraudster comes as a complete surprise.

Another reason for the lack of a holistic strategy is, ironically, the crippling effect of excessive regulation, legislation and bureaucracy. So much time and effort has gone into corporate responsibility and governance, internal controls and risk management strategies that very little time has been devoted to getting to grips with the way criminals think, the methods they use, how to detect attempts and how to prevent them from succeeding.

Many companies face a third challenge, as they may actually promote a culture in which some managers feel they are above the system because they are making a big profit. They start claiming excessive travel, entertaining and personal expenses through the company, favouring friends and family members, and creating hidden salary packages and options. This tends to promote a culture of dishonesty, as other employees notice it and follow suit.

A high price
Every incident of fraud and corruption reduces net income by an equivalent amount. If the profit margin is 10%, then recovering the lost income requires at least ten times that revenue be generated.

In most cases, the hidden indirect costs, such as constraints on expansion and development, damage to reputation and employee morale, and the expense of an eventual investigation, greatly outweigh the direct costs.

There is a wealth of academic and empirical research that shows the annual cost to organisations of corporate fraud and corruption is around 1-5% of their turnover. Investing in preventing fraud and corruption is far better than investigating and cleaning up after the event. It also leads to large increases in profit margins.

Criminal minded
Rather than using checklists, which are often associated with compliance-based approaches, managers and employees should engage in an open discussion as to which job functions have the highest potential for fraud and corruption, including top management, and then which method would work best against their company. This can be done in workshops, training sessions and interactive multimedia training.

The secret is to allow employees and management to think like potential criminals in a controlled environment, which is far better at exposing and uncovering hidden loopholes. There have been cases where ongoing frauds were identified as a result of workshops.

Once the real methods of fraud and corruption have been identified, they can be evaluated and ranked according to their likelihood and impact, and recorded in a 'fraud and corruption profile', unique to each organisation. Specific controls to mitigate the high risk methods can then be implemented.

Empower employees
A growing number of organisations are now empowering their employees to prevent fraud and corruption. Firstly, they ensure that employees have read and understood relevant policies such as the Code of Conduct and Fraud and Corruption. Then they train them to recognise the red flags indicating potential problems and how to report concerns. These can include changes to a person's behaviour, discrepancies or anomalies in the process or transactions, and alarms from systems monitoring.

It is common to find that very few employees have previously received any form of practical instructions. The really effective programmes are those that:

• Use realistic and engaging examples where feedback from the participants is an integral part of the programme
• Are mandatory for all employees and management
• Are well coordinated and planned to avoid confusion and duplication of effort.

The best way to uncover fraud and corruption is to actually look for the red flags, something that is still under-resourced in many organisations. Nearly all the behavioural, transactional and systematic indicators of fraud and corruption are hidden in the money flows, both in and out of the company. The key elements of the process (which we refer to as health check) is knowing what to look for and testing these indicators.

Erosion of value: what should you be looking for?
Major examples of fraud and corruption include:

• misrepresentation by third parties and insiders with regard to a corporate merger, acquisition or divestment.
• diversion of expenditure on either major capital expenditure projects or otherwise procurement operations.
• deliberate overcharging by suppliers.
• payments paid to agents, third parties and officials that would normally be called 'bribes'.
• preferential treatment of customers in exchange for a kickback.
• false accounting, including material and deliberate misstatement of financial information.

Manage and learn from incidents
While it is difficult to prevent all incidents of fraud and corruption, it is possible to reduce their impact by having a fraud response plan. If the organisation does not have an in-house investigation capability, a trusted external provider should be retained to professionally manage investigations and conduct interviews.

It is essential to learn from past incidents rather than focusing on a witch hunt to find scapegoats. Information outlining why things went wrong and what improvements are being made should be communicated across the organisation.

---

This article is contributed by CIMA (The Chartered Institute of Management Accountants) and it first appeared in Financial Management, CIMA's monthly magazine for its members.