That challenge becomes all the more daunting when one considers the many varieties of fraud that exist. Aside from various forms of embezzlement and outright theft, and the growing risk of information theft (think hackers), two other kinds of corporate malfeasance have come to the fore in recent years: fraud in the business model and fraud in the business process.
The former is defined by a company selling illegal or worthless wares. “If the pharmaceutical industry sells alleged off-label drugs that have not been approved by the FDA, or the financial-services industry is offering worthless subprime mortgages, that can constitute business-model fraud,” says Toby J. F. Bishop, director of the Deloitte Forensic Center for Deloitte Financial Advisory Services.
Fraud of the business-practice variety, Bishop explains, can range from corporations ignoring or turning a blind eye to environmental or safety laws to the ever-popular practice of engaging in “window dressing” at the end of the quarter.
An Action Plan
With fraud on the rise, and with all parties that could possibly be tempted feeling more pressure to cross the line, how should companies respond? First, the bad news: “Most fraud today is uncovered by whistle-blowers, or by accident — a tip, a rogue piece of mail, or by happenstance,” says Tracy L. Coenen, a forensic accountant and fraud investigator who heads up Sequence, a forensic accounting firm.
In a sense, companies (at least those that are publicly traded) were supposed to self-insure against fraud by implementing, at great expense, the controls framework included in Sarbanes-Oxley. But a framework still requires an enforcer, and at many companies there is none. “There’s often no single entity for oversight,” says Deloitte’s Bishop. “Many companies have no compliance or risk management at all.”
Even when they do, there’s the issue of how effective it can be. It’s not a job that wins friends and influences fellow workers. “The compliance officer is the most hated person in the company,” notes Thomas Quilty, CEO of BD Consulting and Investigations. “Companies often retaliate against them,” adds Antar.
“Compliance staff frequently end up pushing paper [just] so it looks like the company has tried to do the right thing in case there’s an investigation,” says Coenen. “They’re not effective.”
As for what to do, while no one has yet come up with a silver bullet, experts point to seven useful steps that all companies can take:
1. Start at the top. “It’s critical for both the board of directors and executive management to set the tone for the corporation and its operating units,” says James Davidson, managing director at Avant Advisory Group and a certified fraud examiner. In fact, this may be the most important component of the control environment necessary for deterring fraud and fostering transparency. Plenty of lip service has been paid to the importance of tone at the top, of course, and it is often cited as the key to the success of…well, almost everything. But when it comes to curtailing fraud, it really does matter, because without it, an “entire culture of workplace fraud” can take root, according to the Association of Certified Fraud Examiners (ACFE).