Deloitte India Fraud Survey
• 56% of respondents believe fraud will continue to rise • New fraud risks such as those from social media, ecommerce, cloud computing and virtual currencies, seen as insignificant; • Compliance with fraud risk management related provisions listed in the Companies Act 2013 is perceived as a cost; • Deloitte India launches tool to self-assess organizational preparedness to tackle fraud
Mumbai, 16 December 2014: Rise in corporate fraud over the next two years could outpace corporate India’s efforts to mitigate it, according to the findings of the Deloitte India Fraud Survey Report.
Around 56 percent of survey respondents believed that incidents of fraud would continue to rise over the next two years, and highlighted diversion/theft of funds or goods, bribery and corruption, and regulatory noncompliance as the top three frauds they had experienced in the past two years. The associated losses due to fraud appear to be conservative, as 44 percent of survey respondents said they lost less than INR 10 million over the last two years. Further, the majority of survey respondents indicated that emerging fraud risks such as social media fraud (69 percent), ecommerce fraud (60%), cloud computing fraud (96 percent), and virtual/ crypto-currency fraud (50 percent) did not pose a challenge to their organizations, and adequate steps were not being taken to mitigate these frauds.
“One of the key reasons for the continued dominance of well-known frauds among corporate India is the reliance on inadequate/ dated mechanisms to manage fraud risks. We have observed that companies make limited investments in the area of fraud risk management and tend to rely on a generic set of controls to mitigate all frauds. Over the years these mechanisms can lose their effectiveness, thereby exposing companies to the risk of fraud. This is also a likely reason why companies are unable to gauge the extent of fraud risks from new areas such as social media and ecommerce,” said Rohit Mahajan, Senior Director & Head, Deloitte Forensic.
Detecting and responding to fraud
To detect fraud, survey respondents indicated relying on internal audit reviews (62 percent), whistleblower hotlines (53 per cent) and IT Controls (51 percent). The growing reliance on whistleblower hotlines and IT controls is in line with global trends for fraud detection and is an indicator that corporate India is evolving towards mature practices in this area. However, the actions taken upon the detection of fraud continue to remain conservative with survey respondents identifying internal investigations (87 percent), disciplinary action taken against the fraudster (78 percent), and renewal/ updation of existing controls (77 percent), as the key actions undertaken by their organizations.
As part of fraud prevention methods, survey respondents identified regular monitoring/ assessment of fraud risks, conducting due diligence checks, and the use of proactive forensic data analytics (in that order of preference) as key processes that need to be implemented by organizations as part of their fraud risk management framework.
Impact of the Companies Act 2013
Close to 88 percent of survey respondents felt that a stringent regulatory environment could help reduce instances of fraud in the future. The Companies Act 2013 was identified as a key legislation that could accomplish this and provisions such as the mandatory establishment of a vigil mechanism for listed companies, and greater accountability on board and directors to prevent and detect fraud, were identified as most effective in fighting fraud. However, responses indicated that limited efforts were being taken to comply with these provisions. For instance, only 38 percent of respondents indicated that they organized periodic training programs for senior management on fraud risk management. Given the increased scope of responsibility and liabilities on senior management in the event of fraud, one would expect that such trainings would be the norm among corporate India, not the exception.
“Corporate India has traditionally taken a reactive approach to mitigating fraud and complying with regulatory requirements. This is what our survey responses also highlight. However, with organizations being exposed to new frauds and a changing regulatory environment, a proactive approach is the need of the hour. Companies need to make investments towards putting in place systems and processes aimed at curbing fraud in the long term,” Mr. Mahajan said. For example, technology can be leveraged much more in fraud detection and prevention. Due diligence practices can be used, wherever possible, to minimize the risk associated with counter parties. Such measures can, over the long term, prove beneficial in addressing fraud and possibly complying with a changing regulatory landscape, he indicated.
‘Fraud Risk Score’
To help companies understand their level of preparedness to tackle fraud, misconduct and noncompliance, and identify gaps in the fraud risk management frameworks, Deloitte Forensic has developed a tool based on its experience of fraud investigations in India over the last two years. Called Fraud Risk Score, the free tool analyses user responses to a set of questions and computes a score, indicative of the organization’s preparedness to tackle fraud. It also shares recommendations of possible actions that one can take to improve the score.
The Deloitte India Fraud Survey Report was developed basis responses from close to 400 CXOs across all major sectors working in the area of fraud risk management. Besides deliberating on the current state of fraud in corporate India, the survey also focuses on prevention and detection of fraud including profiling the fraudster, role of technology in fraud risk management, and managing new fraud risks.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about for a more detailed description of DTTL and its member firms.
Deloitte India herein refers to Deloitte Touche Tohmatsu India private Limited