What’s the biggest threat to organisations at the moment? The World Economic Forum says there is greater risk of cyber threats destroying global infrastructure than anything else. This largely unknown quantity ranks higher than financial collapse, natural disasters and terrorism in terms of real, ongoing threats. What’s more, when cyber crime does hit an organisation, the price can be devastating. PricewaterhouseCooper’s 2011 Cybercrime: Protecting against the growing threat - Global Economic Crime Survey found that almost one in ten organisations reporting cyber fraud did so after suffering losses of more than US$5 million.
A recent State of the Internet Report by cloud platform provider Akamai Technologies found there was a whopping 2,000% increase in cyber attacks over the three years to the third quarter of 2011. Of those, more than 49% originated from the Asia-Pacific region.
White-collar crime in the business world today is something almost every leader has to grapple with. Paul Curby, Executive Director – Forensic with corporate recovery advisory firm KordaMenthaNeo, says this is because of natural changes with process, people and systems.
“Every change creates an opportunity,” he explains. “Much of the white-collar crime that I have seen started out as an opportunistic crime. Usually a small amount to start with and increasing amounts as the perpetrator’s confidence increases that they are either unlikely to be challenged or get found out.”
Fraud at work
Typically, vigilance decreases as trust increases. “Human nature compels people to trust each other and avoid workplace confrontations,” says Curby. “A fraudster will play on this. Often, after the event, staff in an organisation will tell that they never suspected or simply couldn’t believe that their staff member would commit the fraud.”
The type of fraud risk to an organisation is dependant on the industry in which it operates. The most common fraud is asset misappropriation, says Curby. This includes schemes such as theft of cash, expense-related fraud, and the manipulation of billing systems such as through submission of false invoices.
Procurement fraud is also an area that features prominently in the top five. “Collusion between staff and vendors is a risk and constant monitoring is required,” Curby explains.
A recent case in point occurred when Singapore’s National Parks Board bought Brompton bicycles costing $2,200 each for its officers to use on patrols. An internal audit by the Ministry of National Development found some discrepancies which, although inconclusive, suggested the possibility of bias in the procurement. The National Parks officer involved in making the purchase of the 26 foldable bicycles, with a total bill of $57,200, has since been suspended.
HR’s role in preventing fraud
Company culture plays a significant role in determining a company’s susceptibility to thefts and scams. “HR can instil integrity into the organisation by publicising consequences of policy breaches and lessons learnt,” says Wilson Ang, Of Counsel, Norton Rose (Asia) LLP. “Effectively and accurately managing information when reporting to the Board is an important aspect of the proper functioning of a company’s compliance system.”
HR needs to push through sound policies (for instance on IT, including social networking, and expense claims) around the company’s expectations of its staff. “Staff need to understand that there may be consequences to their actions,” says Curby. “A framework should exist and be adhered to as it provides guidance to staff and management.”
HR can also help ensure that there is consistency in the application of policy. Other staff may watch very closely to how another staff member is treated with regard to an allegation. “The perception must be that there is procedural fairness with an investigation or you run the risk of creating disharmony among employees,” Curby explains.
Yet another useful tool in the fight against corporate fraud is not only pre-employment screening, but also screening during employment. “It is important to re-screen an individual as they advance to more senior roles within the organisation,” says Curby. “Promotion will usually bring greater responsibility, access to systems, and the ability to circumvent or override controls.”
A number of investigations Curby has done involved an individual or their family members incorporating their own company and then using this shelf organisation as a vehicle to invoice their employer. “Basic screening may uncover this and the employee can then be questioned as to the purpose of this new entity,” he adds.
There is still over-reliance on the audit function (both internal and external) as a stop-all measure against internal fraud. An audit generally tests existing processes and controls. But those existing controls or processes might be flawed in the first place. Hence, most experts agree that more can be done to proactively and independently check where loopholes might be.
While internal audits may detect about 14% of fraud, according to the Association of Certified Fraud Examiners’ 2012 Report to the Nations on occupational fraud and abuse, the majority of fraud is uncovered by a tip-off. Organisational culture, therefore, can play an important part in the willingness for someone to come forward.
Whistle-blowing is a valuable tool but needs to be underpinned with good policy and procedures. “Employees need to have confidence that their anonymous report remains just that; anonymous,” says Curby. “Also, there should be an assurance that the employee will be protected from harassment and that their promotion prospects will not be curtailed by virtue of the disclosure.”
Employees also need to have confidence that their report will be reviewed and acted upon accordingly. Equally important is a robust complaint assessment procedure to evaluate and classify each complaint.
HR should encourage employees to blow the whistle whenever they witness fraud in the organisation. Several methods to do this include the availability and accessibility of channels; assurance of non-retaliation, regular updates to the whistle-blower if a complaint is lodged and, where appropriate, rewards, says Ang.
“It comes down to a culture where checks and balances are routine in the company, and expected by staff,” says Curby. “A company needs to hope for the best but prepare for the worst. The results of various fraud surveys conducted over many years are testament to that.”
Key to integrity
According to a new research report by international chartered accounting organisation ICAEW, and Leeds University in the UK, there is a mismatch between how different techniques to encourage integrity are perceived, when matched against the perceived integrity of an organisation.
Many of the research respondents were sceptical about ethics training, and perceived it as tokenistic, simplistic or even patronising. Similarly, only 24% said that ethical behaviour was rewarded in their organisation even though organisations that did reward ethical behaviour found it to be effective. Finally, whistle-blowing was the technique rated lowest in terms of perceived effect on integrity, yet is shown to exhibit a significant positive effect in reality.
Mark Billington, Regional Director, ICAEW Southeast Asia, said: “Integrity is much-desired but little-understood. It is also something all types of organisations must actively seek to promote.”
The report’s principal author, Jim Baxter, Professional Ethics Development Officer at Leeds University, said organisational leaders need to be seen to be leading by example, and should also work on creating an open culture within their organisation. “People need to feel that they are able to raise issues and concerns without fear of retribution, either direct or indirect, and that their contributions are valued,” said Baxter.
Techniques which were found overall to have a significantly positive effect on organisational integrity were:
• Management setting tone and leading by example
• Open cultures
• Stated organisational values
• Support for whistleblowing
Corporate governance code revised
Singapore’s newly-revised Code of Corporate Governance will generally take effect for annual reports relating to financial years commencing from November this year, with a five-year transition period for board composition changes.
The key changes include:
• Requiring more detailed remuneration practices and disclosures
• Placing greater emphasis on director independence
• Implementing board composition guidelines
• Holding companies responsible for
• Limiting and requiring disclosure of the maximum number of board representations directors may hold
• Limiting appointment of alternate directors
• Ensuring the board oversees risk management
• Encouraging companies to protect and facilitate shareholder rights
HRM Asia welcomes your contribution. Your IP address is recorded in the event of