Mon, Nov 23, 2015

Hiding in the Shadows

There is a curious contradiction in this year’s Global Fraud Survey statistics: the proportion of respondents reporting at least one fraud incident in their company in the past year has risen to its highest level in the report’s eight-year history at 75%, but every separate type of fraud has decreased.

A contradiction in the facts always hides something interesting, as investigators have known since Sherlock Holmes mused about the dog that didn’t bark in the night. Is there a new type of fraud that we have missed? Not likely: every kind of commercial wrongdoing will fall somewhere on our list. And we did not make a mistake adding the numbers—our forensic accountants checked!

I think the answer lies in the nature of fraud statistics— and that answer is interesting and important. Some fraud surveys claim to have hard numbers: an annual total number of cases and a dollar amount for the losses incurred. But this can only record publicly reported cases, and in our experience, this is a small proportion of the total. Those that are reported typically extend over a number of years, making annual trends meaningless. Lastly, no survey can ever measure unproved and undiscovered fraud, probably the largest categories of all, making loss statistics questionable.

What is very clear is that fraud has risen inexorably up the corporate priority list.

Our survey measures perceptions of fraud. We survey senior executives from a broad range of industries in every part of the world about their experience and awareness of fraud. They may not always have detailed knowledge of the incidence and quantum of frauds—in our experience, specific knowledge will be quite tightly held. But as part of the senior management of their organizations, they have an insight into the policies of their companies and what drives them, and so have a very good sense of where risks and opportunities lie. What is very clear is that fraud has risen inexorably up the corporate priority list.

Fraud, corruption and regulatory violations now fill more space in the business press than mergers and acquisitions, with “massive fines” replacing “massive fees” in the related headlines. It is increasingly recognised that boards have a duty to report to shareholders on their response to fraud and regulatory exposure along with other risks. So it is on the agenda and in people’s minds, and the headline result in our Survey reflect this clearly. The apparent decrease in each of the individual categories probably reflects a lack of specific knowledge of the details of the frauds, and so the allocation by type may in many cases involve some guesswork on the part of the respondent. Given that we are looking at perceptions, these guesses suggest give us another interesting insight. Respondents’ top concern is, as always, theft of physical assets, followed by vendor fraud and then information theft. Each of these looks like threats from outside the company, although a little thought will tell you that the threat is probably greater from employees, either directly or in collusion with outsiders. Concern about conflict of interest, regulatory breaches, corruption, internal fraud and misappropriation of funds—all clearly insider issues— are significantly lower.

It is, of course, far more comforting to think of the threat coming from the outside rather than lurking among colleagues within the company. This is most evident in attitudes to hacking: company executives (encouraged by the media) worry more about North Koreans than what is happening in the next cubicle despite the evidence—and our practical experience—that most breaches have an inside dimension. Furthermore, there is a limit to what you can do about threats from North Korea, but there are plenty of effective measures to tighten internal systems and improve employee behavior.

When a fraud is discovered, there is generally a degree of delicacy about conducting internal inquiries. Some is justified: you don’t want to tip off those involved until you are ready. But there is often a concern in senior management about the impact of an internal investigation on morale: “We don’t want to be seen conducting a witch-hunt.” In our experience, people on the ground often know far more than senior management thinks, and the lack of a properly handled investigation can seem at best as indifference and at worst as if the blame may be spread too widely.

If an internal investigation is required, it must be properly handled, and in an increasingly multinational corporate environment, that requires an understanding of cultural, business and legal nuances in different countries. The arrival of the man from head office, with his newly issued passport, wondering why the office is closed on a Friday, is not likely to produce useful results in the Gulf, and the demand for a full email review in Germany will (hopefully) result in a swift education in data privacy laws. The articles in this Global Fraud Report give some helpful insights into the types of issues that we have encountered around the world and in the newer frontier of cyberspace. As I have said many times, most of what we do is common sense, but it’s based on uncommon experience.

Learn more about fraud statistics and trends in Kroll’s annual Global Fraud Report.