Results of a recent Protiviti survey reveal the majority of companies are not well-positioned to conduct proper fraud and corruption risk management. If addressing these risks is not an integral part of their strategic plans, companies will continue to struggle.
Because stakeholders vary between organizations when it comes to fraud prevention and compliance issues, the survey, assessing organizational readiness to deter, detect, investigate and report fraud and corruption, was targeted to an array of titles including chief compliance officers, general counsel, internal audit, outside counsel, members of senior leadership and board members.
Several speakers shared their impressions of the survey’s results during a roundtable discussion in New York. Some of the notable findings participants discussed included:
- A substantial percentage of respondents said there have been no allegations of fraud or misconduct investigated over the past three years
- Only 29 percent provide anti-corruption training for select personnel
- Only 6 percent of respondents gave their organization a high confidence rating for assessing and monitoring third-party corruption risk
Peter Grupe, a former FBI agent and Protiviti’s Director, Internal Audit and Financial Advisory – Investigations and Fraud Risk Management, was not surprised by the survey’s findings but was troubled by respondents’ impressions of their companies’ fraud and corruption histories.
For many respondents, fraud or misconduct was not known to have taken place in the past three years. “The expression ‘we don’t know what we don’t know’ is very applicable here,” he shared.
This raises questions about how effective organizations are at identifying fraud. Pam Verick, Director, Investigations and Fraud Risk Management, Protiviti noted, “We see this check-the-box mentality. If companies do the bare minimum, fraud is going to be an issue – whether you’re aware of it or not.”
Effective fraud and corruption risk management should be part of the overall strategic planning process. Scott Moritz, also a former FBI agent, and Managing Director, Investigations and Fraud Risk Management, Protiviti, emphasized the importance of implementing an effective program. “A robust anti-fraud or compliance program can prevent a company from ‘the corporate death penalty.'”
An indicted company can suffer long-term damage to their brand and should be prepared to pay extreme costs to save it. Siemens’ bribery scandal reportedly cost the company $1.6 billion and there are countless organizations that have been acquired or simply disappeared because they did not consider fraud and corruption risks properly.
Oftentimes, companies act once they themselves are in the crosshairs or a peer organization is implicated in an investigation. Donald Rebovich, Ph.D., Executive Director, Center for Identity Management and Information Protection and Chair of Economic Crime & Justice Studies, Utica College, echoed Moritz’s sentiments by explaining that the idea that “past is prologue” seems to be informing many companies’ actions (or lack thereof) when it comes to anti-fraud and compliance. Companies tend to believe if it hasn’t happened to them yet, it won’t happen in the future.
For boards to fulfill their fiduciary responsibilities, fraud needs to become part of the corporate governance conversation. Verick noted companies are struggling to respond to fraud risk in a proactive manner, and wondered, “How could you possibly have a strategy if you don’t know what you’re vulnerable to?”
Though the public awareness is there, it’s not yet translating into the allocation of funds to compliance programs. Moritz said of the survey results, “The hope is that information like this will make boards pay attention. Resources are usually there if the organization has the motivation.”•