EthicsPoint published this webinar focusing on proper and efficient investigations.
The presenter was Meric Craig Bloch, VP Compliance and Corporate Investigations of Adecco Group North America.
Meric predicted more fraud coming into the workplace as part of this down economy. Managers are focused on making their numbers and it is harder to do.
Profile of a fraudster:
- Likely acts alone
- Likely a male over 40
- Has worked at the company for a number of years
- Some college (and probably more) education
- no criminal record
- no history of job discipline
It is obvious from this that fraud risk is less on the person and more on the internal situation and pressures. The fraud triangle is a combination of:
- opportunity – compliance programs are in place to remove opportunities
- rationalization – when dissonance happens and gets justified as not stealing (for instance – entitlement, revenge, minimal damage, everyone else is doing it)
- pressure – how and when fraud happens when the pressure to commit fraud is greater than the pressure to not
In this down economy the pressure is increased. So we need to remove the opportunities.
What is the ideal opportunity for a fraudster:
- weak internal controls or ability to override
- Pressure to be dishonest
- perceived reward is relatively high
- perception of detection is low
- potential penalty is low
What is the best way to respond
- good internal controls
- raise the perception of detection
- manage pressures and incentives (this includes treated employees during layoffs and not setting difficult targets)
- focus on identified risks
- zero tolerance for fraud
Meric calls for doing a fraud risk assessment. Learn about the potential fraud risks inside your company and the impact on the external view of your company. You need to determine your own tolerance for fraud risk. You need assess both the likelihood and impact of the fraud. Then you can evaluate your internal controls to see if they are designed effectively and are they operating effectively. Then you need to address the residual risks that are not mitigated by existing controls or anti-fraud programs.
Meric points out that you need to take steps to detect fraud. One tool is a whistleblower hotline. But hotlines are passive. You need someone sufficiently motivated to pickup the phone and make the call. You should make fraud reporting a mandatory requirement.
Fraud generally continues until detected. Half of fraud schemes are discovered by accident.
Fraud allegations can come from many sources, so you should have a consistent protocol for investigating fraud. Your organization should have a best practice for investigations. You need to make sure the investigations are run consistently and are well-documented.
The investigator is not the police. As the investigator you need to think about the business needs. Your investigation should lead to process improvements and better internal controls.
One of the questions was how to prove ROI. Of course, compliance is all about preventing fraud and loss. So it is hard to show savings for events that did not happen.
Doug,
As the Senior Director of Marketing at EthicsPoint, I’m glad you found value in the webinar. We have a lot of respect for Meric, and are glad to be able to host a venue for him to share his knowledge.
I’d like to add a couple of comments and statistics based on your post:
– the ACFE has estimated that companies lose 7% of their annual revenues to fraud. If you start with this figure you can begin to form an ROI model for your business.
– Mike West, from Saugatuck Technology, recently gave a webinar and wrote a whitepaper on building an ROI model which is available on our website.
– Fostering a business environment of integrity and compliance is just as important – if not more so – than having good fraud protection mechanisms in place. In a recent survey the Ethics Resource Center reported that in 2007, 56% of employees personally observed conduct that violated company ethics standards, policy or the law (this is greater than in the Pre-Enron era of 2000).
– Furthermore, misconduct is even more common in “negative work environments”, as defined by:
-Lack of satisfaction with information from top management;
-Lack of trust that top management will keep promises and commitments;
-Lack of satisfaction with information from supervisors;
-Lack of trust that supervisors will keep promises and commitments;
-Lack of trust that coworkers will keep promises and commitments; and
-Rewards for employees who are successful, even if it is through questionable means.
– If only one of these characteristics are present, 48% of employees report observing misconduct. The rate goes to 98% when five are present!
I see this data as a pretty compelling argument for the need for Compliance and Ethics as a business function today.
Bill Piwonka
Bill –
Thank you for supplying the additional information. Those are some compelling numbers