Anyone who has read the autobiography of Frank Abagnale, “Catch Me if You Can” (also adapted into a film starring Leonardo DiCaprio and Tom Hanks) would be surprised by the ease conmen find weaknesses in controlled processes. By the tender age of 21, Frank Abagnale had already defrauded banks of 2.5 million via bad cheques and was wanted in no less than 12 countries for committing fraud.
Defined as intentionally deceiving someone in order to cause a loss of property, money or service, fraud may seem like a “victimless” crime since fraudsters typically target organisations where high volume, high quantum transactions are made daily so that the sum they take may look negligible. However, not all companies can afford the financial drain caused by fraud and there have been scandals in recent histories that have not only burned a hole in the pockets of investors but have destroyed the lives of those who depended on the business entity for their livelihood. Arthur Andersen comes to mind, one of the accounting “big five”, before they were brought down by the fallout from the Enron debacle.
The Singapore Fraud Survey Report 2014 by KPMG and Singapore Management University highlighted that a shocking 53% of fraud occurs due to weak internal or overridden controls. The next factor, measured at 58%, highlighted the role of collusion (either between employees and third parties or wholly between employees). Other factors listed included weakness in IT security, physical security or that of management or board oversight – how much are organisations losing each day due to fraudulent practices that they have not yet uncovered?
Paying for anti-fraud measures is a conflict for young companies that would rather spend money on revenue-generating activities. This is akin to asking young employees with huge student loans to invest in life insurance – something that could be really important – if (and a big IF) an accident or ill health arises. As young employees pay off their loans, they get married, have kids and again, incur expenses that forever take greater priority than preventative measures.
We know how that story goes because we have all had that one relative or friend who suddenly discovers cancer or suffered a stroke or heart attack at an “unexpected” age. Yet, instead of doing something about it, most of us choose to label such incidences as “bad luck”. Companies cannot afford to explain risk management failures to investors as “bad luck” when they can prevent them. Directors of companies must take extra duty of care because carelessness is a failure to fulfil fiduciary duties.
Thankfully, as in preventive health regimes, there is always some good advice we can take from experts in the field of governance, risk management, compliance and controls (GRC). First of all, let us understand this – by the time fraud has been detected, money has been lost and even if perpetrators are terminated or punished (by law), the funds that have been embezzled or stolen are rarely recoverable (Benchmarking Your In-House Fraud Investigation Team Report by Association of Certified Fraud Examiners, Figure 17).
Forensic accounting, relying on audit techniques in financial audits, allows business entities to find evidence and calculate loss necessary for settlement and claims through legal means. Like rehabilitative therapy, the damage is done and the patient focuses on recovery, if possible.
For businesses that would rather pay the cost of preventing fraud than the cost of fraud itself, fraud auditing is then employed. Like the work of an auditor, fraud auditing assesses the internal control status of the processes to evaluate the existence of weaknesses, loopholes and or gaps where fraud could occur. The fraud auditor will then recommend additional controls and measures so that frauds can be prevented, detected or be deterred due to the sobering effect of these new anti-fraud processes in the organisation.
Bob Seetoh, a board member and a training director of the Association of Certified Fraud Examiners (ACFE) Singapore Chapter for 2015 & 2016 and the managing director of GRC Consultancy Pte Ltd, uses the simple analogy of a policeman patrolling the streets. The sight of the policeman at work prevents and deters people from committing crimes. Research by the Centre for Behaviour and Evolution at Newcastle University demonstrated that posters of human eyes are enough to change behavior.
Highlighted once again in the Benchmarking Your In-House Fraud Investigation Team Report, the value of an internal fraud investigation team goes beyond looking solely at fraud losses recovered since the very deterrent effect of having a high perception of detection may have already saved the company quite a sum in prevention.
So, no matter how big or small your organisation may be, it is never too early to implement robust preventative internal control measures to mitigate the risk of fraud. This can be done by raising employees’ awareness of fraud risks and anti-fraud policies, establishing reporting channels where actual or suspected fraud can be reported in confidence, and to train employees and external third parties on how to use these channels. Fraud detection often comes as a result of notification by third parties, employees and other stakeholders. An example of a third-party notification is an ex-accounts assistant who was caught after the bank notified the company of a transfer to her credit card account; another is how a woman who siphoned $11.2 million started being investigated based on a tip-off.
When businesses examine areas of governance, risk management, compliance and controls, there are areas which will overlap one another. Classification of these areas can be difficult and fraud auditing may come under risk management consideration to some degree – yet, this point is moot because what matters more is that organisations are fully aware of the potentially disastrous consequences of fraud and that they implement the necessary internal controls to safeguard not only the interests of its investors but also for the long-term future of its employees and other stakeholders.
If you have concerns regarding this area of your business, find a suitable advisor on Asia Professionals Network today.
This article is written by Adrian Mah from Asia Law Network.
This article does not constitute legal advice or a legal opinion on any matter discussed and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and practice in this area. If you require any advice or information, please speak to practicing lawyer in your jurisdiction. No individual who is a member, partner, shareholder or consultant of, in or to any constituent part of Interstellar Group Pte. Ltd. accepts or assumes responsibility, or has any liability, to any person in respect of this article.