(First of three parts)
There is a great deal of misconception about the cost and benefit of establishing good fraud control programs in companies. Part of the misconception is the fact that most managers directly relate the cost of developing fraud programs vis-à-vis the value of the actual fraud experienced or detected in the company. Given that there is a likely chance that undetected fraud exists in companies; it is simple enough to see why such an analysis may undervalue the need to develop strong fraud programs in companies.
These difficulty in aligning cost versus benefit is exemplified in the fact that when an effective framework for managing fraud is designed, it should lead to no or minimal occurrences of fraud. The lack of positive data or empirical evidence makes it more difficult to quantify the effectiveness of the program. There lies the paradox that makes most management indecisive about making the right investment for establishing a strong fraud program within their company. Managers of companies tend to play down fraud experiences. Part of the reason for this corporate behavior is the possible impact management faces on the consequences or damage to the company’s reputation.
Some managers have a misplaced reliance on the financial audit that is performed by the external auditor. The external audit’s main function is to provide reasonable assurance that the financial statements of the company are fairly stated according to acceptable accounting standards; it is not meant to give reasonable assurance that there is no fraud in the company or that internal controls are adequate enough to prevent material fraud. Often times, managers also rely on internal audit, risk management or the compliance office to ensure that controls are appropriately designed to prevent and detect fraud. In this regard, these offices do take part in strengthening the organization’s overall control environment; but, managers should carefully vet out the programs and activities within these offices that directly relate to assessing the level of fraud risk and assessing the effectiveness of the specific programs identified within the organization.
In most cases, when management realizes the need to evaluate their susceptibility to fraud, it is mainly driven by an incident that is large enough to be noticed. Can you imagine if this happened in your watch? Perhaps, you would rather be some place else.
The good news is there are several things that you can do immediately to jump start good fraud programs in your company. Here are seven activities that can significantly transform your organization’s fraud prevention efforts:
1. Designate a Fraud Coordinator
2. Establish a fraud hotline and make sure it is accessible and secure
3. Develop a Whistleblower Policy and perhaps a reward scheme
4. Educate your people about fraud, better yet educate them about integrity
5. Communicate, communicate, communicate
6. Get your suppliers and customers in the bandwagon
7. Lead by example!
Designate a fraud coordinator
We all have roles to play in preventing fraud. As part of our job we need to safeguard the company’s assets. In reality, given the many tasks, meetings and activities we perform; it would be helpful if someone or some unit is designated as the point person for fraud issues. Assigning responsibility to somebody within the company to be the fraud coordinator will help ensure that there is always someone “manning the house” – in a manner of speaking.
In most companies, the Internal Auditor is tasked with this responsibility. Given its management independence and its reporting structure (typically, an internal auditor reports directly to the Audit Committee), the Internal Auditor is the person (or unit) that ensures that possible incidents reported are properly investigated (maintaining strict confidentiality) and escalated at the appropriate level. The other job of the Internal Auditor may play is to keep track and record the incidences of fraud. This is important so that possible policies, process changes and control improvements can be aligned to the gravity of risk exposures identified. More importantly, keeping score will help management put the right focus on fraud control. The Internal Auditor can also act as a conduit to help management push for fraud awareness programs and training needed to properly educate your people resources.
Having a fraud coordinator also ensures that investigations are performed within appropriate guidelines, ensuring confidentiality and protection for those individuals who may be the subject of the investigation but may not necessarily be guilty of any corporate misbehavior.
(To be continued)
(Imelda Horario Corros is a Director for Advisory of Manabat Sanagustin & Co., CPAs, a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity.
The views and opinions expressed herein are those of the author and do not necessarily represent the views and opinions of KPMG in the Philippines. For comments or inquiries, please email manila@kpmg.com or mailto:icorros@kpmg.com)