KPMG’s Latest India Fraud Survey Kicks Up Some Dangerous Statistics
I was intrigued recently when the KPMG India fraud survey 2012 (download it here) threw up a shocking conclusion – Corporate India dubs rising fraud as an inevitable cost of business. Close to 55 % of respondents polled indicated that their organisations experienced fraud in the last two years vis-à-vis 45 % in the 2010 edition of KPMG’s fraud survey.
However, it is surprising to note that 71 percent of the respondents think of fraud as an inevitable cost of doing business. This includes 80 percent of respondents who stated that they had experienced fraud in the last two years. What is hardly surprising is the fact that Indian companies outnumbered multinational firms in this view. I agree with the report’s view that this is a dangerous attitude to have as it could lead to organisations having a tolerant approach towards fraud and subsequently not investing enough in the appropriate fraud risk management controls and framework. It also translates into a culture of merely reacting to fraud and not proactively taking steps to mitigate it.
Let us look at the graphic below to understand better what a company’s employee feels about the state of corporate fraud in India today:
* Info & Graphics Source – KPMG India Fraud Survey 2012
We can see that the perception levels for frauds like money laundering (47%), internal reporting related frauds (44%) and intellectual property fraud (40%) too are significantly higher (compared to KPMG’s 2010 survey). These frauds today rely on technology to increase their impact. Let us now look at the sectors that are perceived as most vulnerable to fraud.
* Info & Graphics Source – KPMG India Fraud Survey 2012
It does not require a survey to realise that the financial services and banking industry that is so heavily reliant ontechnology faces the gravest threat. While technology can be a great facilitator for the business, it can also offer an equally potent platform for committing frauds like cybercrime, phishing and data theft.
Possible misuse of technology in the banking sector includes use of banking access for over payments to vendors / self bank account, sharing of potential confidential information and misuse of company’s technology resources for unauthorised activities including conflicting business relationship. Additionally, providing services on mobile and social media platforms with limited knowledge of the security requirements, poses threats to customers as well as financial institutions. Some of India’s co-operative banks may choose the cheapest IT Services company to design and develop their bank’s internet banking website but in such cases cheap may not be best!
Procurement function continues to be most vulnerable to fraud
Survey respondents have rated procurement, sales and distribution and inventory as the most vulnerable processes within an organisation. These areas being characterised by large number of stakeholders, multiple touch points, increasingly complex processes involving a significant proportion of organisations’ funds, it is not surprising to see this finding. Additionally, these processes involve a high degree of interaction with external stakeholders like vendors and customers where collusion can override certain internal controls.
Despite the widespread acknowledgement of the vulnerability of these processes, it is surprising to note that organisations have failed to implement basic controls. Due diligence of vendorsbefore selection, involvement of representatives from multiple departments in the vendor selection process, and adequate segregation of duties and controls over access rights, are some of the controls which may help organisations in managing these risks better notes the survey.
This brings us to a very important fact – something that most companies fail to overlook until it’s too late. As Hollywood would say:
The Enemy Lies Within
Employees within organisations is the single largest group well equipped to perpetrate fraud or assist an external team to do so. Like an impending implosion, the larger threat of fraud lies within an organisation itself. However, most organisations tend to ignore or merely warn respective employees upon discovery of small value frauds (such as faking personal bills or fudging of expense reports). In the entertainment business for example, budget expenses for shooting and post production is where expense fudging often takes place. Therefore, when employees collude with external parties to commit fraud (such as processing fake invoices submitted by vendors), organisations often tend to blame external parties first and not employees. This could be a possible reason for KPMG’s survey respondents to have ranked vendors/agents as the most likely to commit fraud against an organisation.
Among employees, senior management is considered the most susceptible to committing fraud by virtue of their ability to override existing controls. According to the ACFE 2012 Global Fraud Study (download it here), the position held by thefraudster within an organisation is directly related to the loss incurred on account of the fraud committed. Losses caused by senior management were approximately three times higher than the value of fraud loss due to managers; managers in turn caused losses approximately three times higher than junior employees.
In such circumstances it becomes imperative for organisations to provide a safe, robust channel for employees to report suspicions of malpractice. It is also important that an organisation’s Board comprise of individuals with utmost integrity who would engage themselves with the management. The Board needs to take a lead by setting the tone at the top and facilitate a zero tolerance approach towards fraud.
People are Essentially Good
However it must be remembered that the vast majority of employees are honest and hardworking. Unfortunately, it may only take one dishonest employee to put your business in serious trouble or even destroy it. The methods used are only limited by a dishonest employee’s creativity. Do not assume you can “profile” an employee thief.
Many frauds are perpetrated by long-term employees that no one ever thought could be involved in fraud. One of myfavorite fraud stories is about a parking lot outside Britain’s Bristol Zoo. Allegedly, for 25 years, 7 days a week, approximately $500 was collected in parking fees every day. The attendant never took a day off and then one day he did not show up for work. When the zoo called the city about a replacement, they were told he was not a city employee and the zoo was responsible.
The zoo was shocked that the attendant was not a city employee because he certainly was not a zoo employee! This is also a commonplace occurrence in Mumbai’s cities where fraudsters in the name of public parking in collusion with theBMCoften extract parking fees to the tune of fifty rupees when the official fee for parking is only Rs. 5 or Rs. 10. It is another thing that even paying Rs. 50 is a helluva low amount for parking space in a space-crunched city like Mumbai where cars jostle with people and where footpaths are almost non-existent (I sincerely hope the BMC raises the car parking charges to Rs. 500 for an hour and trust me I wouldn’t mind paying it if it can discourage more people to walk more and drive less!)
Coming back to the Bristol Zoo case, at $500 a day, 7 days a week for 25 years, that equates to $4.6 million dollars earned by the fraudster! Although the veracity of this story has been challenged, the lesson to be learned rings true. Many times a fraud may be right under our nose and we may not see it! Be professionally skeptical, follow up on anomalies, and respect your instincts. I think we can broadly characterize most employee fraud into 10 categories. If you know what broad types of fraud schemes exist and have some basic knowledge of internal control, perhaps it can help you prevent employee fraud at your company.
I will provide the broad categories here and then briefly explore each of them in additional detail in later articles.
1. Poor Gate Security & Access & Exit Control
2. Fake Documents
3. Fake Vendors or Fake Employees
4. Misapplying Customer Remittances
5. Bribes, Bid-Rigging, and Kickbacks
6. Purchasing Goods for Personal Use with Company Funds
7. Data Manipulation
8. Fraudulent Expense Reports
9. Manipulate the Machines
10. Salami Fraud
Know that many controls are easy to establish while others may be too elaborate or expensive for your business. For smaller businesses, itis sometimes difficult to properly segregate duties for good internal control. Think hard about this because itis a major reason smaller businesses are hit so hard by employee fraud. Segregation of duties between employees having physical control of your assets and record-keeping for those assets is absolutely critical.
Regardless of the amount of time and money you spend, you will never be able to completely fraud-proof your company. Having said that, employee theft is a crime of opportunity. If you take small, simple steps, you can create a healthier internal control system and help discourage employee fraud at your company.