Implementing fraud risk management is key
Unleashing our clients' full potential
The current slowdown in the economy can make it more difficult for executives and managers to achieve financial targets/ results, while also putting more employees under personal financial pressure. Fraud specialists suggest that economic pressures increase the number and likelihood of individuals resorting to fraud to achieve corporate objectives or to meet personal needs. Financial losses due to fraud are additional costs that organisations will have a hard time absorbing, especially at this point in the economic cycle.
Evolution in the risk environment is creating new governance priorities, and articulating clear mandates around them is an all-important step; hence, despite significant progress, there is still work to be done. As organisational risks continue to evolve and grow, company/organisation boards need to step up their efforts to provide effective stewardship to anticipate and combat those threats. Experience suggests that entities that manage their risks proactively may be less vulnerable to having their reputations harmed.
Strong fraud risk management makes good business sense. In Deloitte’s experience, organisations that implement detailed fraud risk management processes can also experience related benefits that include:
- Reduced financial losses due to fraud;
- Reduced costs of responding to fraud (investigations, legal costs, and regulatory enforcements);
- Compliance with applicable regulations;
- Enhanced ethical culture (“tone at the top”);
- Improved employee sensitisation to and awareness of fraud;
- Increased reporting of potential frauds and other ethical issues;
- More effective corporate governance and the potential for improved governance ratings.
Executives need to consider how their entity manages its risk of fraud and corruption and whether today’s risk environment merits a more proactive approach. According to Deloitte, the following ten areas executives can evaluate that may help mitigate reputational risks of fraud and corruption:
- Integrating risk and strategy – Holding senior and operating management responsible for considering risks and balancing them with potential rewards can foster wise risk-taking. Management needs to consider risks in developing and implementing the entity’s strategies and business plans.
- Crisis management planning – This involves reviewing whether a crisis management plan to react to allegations of major fraud or corruption has been developed and whether that plan includes assigned responsibilities to help drive actions as well as communications that will sustain confidence.
- Comprehensive risk assessment – Risk assessment is the foundation on which effective antifraud and anticorruption processes are built. This assessment includes entities checking how often processes are reviewed, typically annually, and if management can explain arising fraud and corruption risks that may affect the entity’s reputation.
- Risk tolerance and mitigation planning - Having the board determine risk tolerance is not easy and the practice is not yet widespread. In instances where this has been done, board executives need to understand management’s level of overall risk tolerance for fraud and corruption – major incidents may indicate a gap between the risk tolerance level of the board and that of management.
- Managing performance and compensation – Holding senior executives and line management accountable for managing ethics, compliance as well as fraud and corruption risks within their area of responsibility is likely to be more effective when it influences their compensation, and there are objective measures that can be used to evaluate this.
- Evaluating the tone at the top – This involves management periodically evaluating employees’ perceptions of the tone at the top. For example, a professionally designed employee survey can serve as an early warning system.
- Whistleblower system benchmarking – A benchmarking analysis would help to identify an underperforming whistleblower system, enabling remediation. Below-average use most often arises in hotlines that are not effectively communicated to employees and other potential users or where users lack confidence that reports will be addressed appropriately without retribution.
- Leveraging transaction monitoring and data mining – These tools are valuable in entities with a large volume of transactions and potentially high-impact fraud and corruption risks. Today’s technology combined with skilled evaluation of anomalies can enhance deterrence and detection capabilities in this area significantly.
- Regulatory relationships – A cooperative relationship and strong record with regulators can help avert turning a serious allegation into a regulatory crisis.
- Investigative resources and protocols – Predetermining investigative resources and protocols can speed an investigation also helping to reduce the risk of ineffective investigations.
Executive management can be valuable in probing decisions regarding the appropriate level of sophistication of the processes to help mitigate the reputational and financial risks of fraud, bribery and corruption. Deloitte's belief is that the mere existence of risk management programmes and antifraud controls may give some companies a false sense of confidence. Now may be the time for organisations to re-evaluate their programmes and determine whether they are sufficiently detailed to withstand new complexities, new fraud risks, and external scrutiny.