7. Make sure the board of directors plays its role. “Corporate governance is the joint responsibility of both the board of directors and management,” says Davidson of Avant Advisory Group. Now that the SEC has mandated greater board involvement in risk management, apprising the board of fraud risk and responses becomes a top priority for the CFO. It won’t be fun, and, as Davidson notes, if board directors are at the top of their game they will push back and demand even more information. But that kind of dialogue can be invaluable in uncovering vulnerabilities.
What Doesn’t Work
The value of implementing those kinds of organizational changes often fails to register with CFOs who, with some reason, have tended to rely on more-formal forms of enforcement: audits from the inside and investigations from the outside.
The ACFE maintains that audits are ineffective. “External audits were the control mechanism most widely used by the victims in our survey, [yet] they ranked comparatively poorly in detecting fraud and limiting losses,” it noted in last year’s study. But the group did acknowledge that audits can be of value when they are combined with management reviews, job rotation, the creation of a code of conduct, surprise audits, and hotlines. In short, the same sort of holistic approach spelled out above.
As for external help, only 347 fraud cases were prosecuted by the SEC in what might be thought of as the Madoff Era, 1998–2007. In 2009, President Obama appointed Mary Schapiro to head the SEC, and she pledged to “reinvigorate a financial regulatory system that must protect investors and…enforce the rules.” That pledge got a booster shot from the Dodd-Frank Act, which will, in theory, double the SEC budget to $2.25 billion by 2015. Schapiro has already indicated that she wants to invest in a technology upgrade, the hiring of 800 employees, and the leasing of one million square feet of new office space.
Yet no new funds have actually been dispersed, and the SEC has had to back out of the lease for new office space, isn’t hiring as planned, and won’t be getting the new technology it needs for enforcement, examination, risk assessment, and market oversight. It has even cut back sharply on travel by its current investigators.
It’s no wonder Sam Antar muses about getting back in the game.
Laton McCartney is a freelance writer based in New York.
There is one potential bright spot within the Dodd-Frank Wall Street Reform and Consumer Protection Act regarding fraud prevention: the law contains provisions that generously reward whistle-blowers. According to Toby J. F. Bishop, director of the Deloitte Forensic Center for Deloitte Financial Advisory Services, the Securities and Exchange Commission has already set aside more than $400 million for that purpose. The act also provides strong protective measures, expressly prohibiting employers from retaliating against employee tipsters. “The IRS set up a similar whistle-blower reward program three years ago,” Bishop notes, “but it hasn’t paid out anything to date, because it is waiting for all the appeals to be exhausted.”
News of the SEC fund appears to have triggered a strong uptick in whistle-blowing, which, in turn, has had at least one unintended consequence: it has created confusion regarding the internal-controls provisions of Sarbanes-Oxley, which required a mechanism by which employees and third parties could, and should, report claims of fraud to management. If a whistle-blower is now bypassing compliance and sending reports of fraud directly to Washington, what’s the point of having internal ethics and compliance programs?
This is a question being posed by, among others, the National Association of Corporate Directors, which has decried the “chilling effect” of the SEC whistle-blower provisions in Dodd-Frank. “Unless the [provisions] are substantially altered, the collateral damage to corporate internal compliance programs — and ultimately the ethical culture that companies strive to obtain — could be harmed. These provisions offer too many incentives for a wide range of potential whistle-blowers to ignore a company’s existing internal reporting system and instead go directly to the SEC. Indeed, [such] enticement…will substantially damage the very systems that serve as the backbone for ethical corporate culture in companies today.” — L.McC.