Fraud: It Can Happen to You
Helen Mallovy Hicks
Steven Henderson, a PwC Advisory Services partner and Sarah MacGregor, a director in PwC's Advisory Services practice, talk about ways in which a company's fraud risk may increase during a recession.
Dean: Welcome to Strategy Talks with Dean and Helen, part of the PricewaterhouseCoopers Managing in a Downturn podcast series. I'm Dean Mullett, co-head of our Restructuring and Distress Strategy Group, and a member of our Credit Crisis Task Force.
Helen: And I'm Helen Mallovy Hicks, a Partner in the Advisory Practice of PricewaterhouseCoopers in the Dispute Analysis & Valuations group.
Dean: The current state of the economy is understandably of great concern for most Canadian businesses. This series of audio podcast discussions with a variety of subject matter and industry guests are designed to help your business weather the storm by exploring some of today's hottest issues related to the economic crisis.
Helen: In today's episode we will discuss the relation between an economic downturn and a fraudulent activity and how an economic might make people more vulnerable. Today we are joined with Steven Henderson a partner and national leader of PwC forensic and investigation services practice, and Sarah MacGregor the director of the PwC forensic and investigation services practice. Welcome Steve and welcome Sarah.
Dean: Steve, there are many different perspectives on what actually constitutes as fraud. Maybe someone who is an expert in the field can give our listeners a bit of their perspectives on what constitutes as a fraud.
Steve: Fraud by definition is an intentional act, someone committing an act or an omission to deceive others for personal gain. It involves both the fraudulent act but most importantly it involves a guilty mind. Now these two aspects are very important to understand the area of fraud. We investigate allegations of fraud involving people from the mail room right through into the board room, so people from all walks of life.
Sarah: The types of frauds that we see in companies include things such as financial frauds, cooking the books, theft of assets and theft of money of investors. For example, Ponzi schemes or pyramid scams. Conflicts of interests, non compliance with regulations and laws, for example paying bribes in a foreign company, money laundering and forester planned bankruptcy a breach of privacy and an increase of identity theft or unauthorized network where people are hacking into your financial data.
Helen: Whoa, that is a huge range of frauds! How about in this economic downturn are you finding that there is any impact on fraud or how is the downturn impacting what you're seeing?
Steve: A downturn, and we've seen many over the years, becomes quite interesting. It's almost if a perfect storm develops for fraud. Generally, what you find is that there is greed and opportunity that leads to fraud, it's the motivation. But in an economic downturn, fraud of need becomes a prevalent. Need in itself becomes just a vacation for fraudulent behavior; it turns good people into doing bad things. It's a very different dynamic, it's difficult to detect and it's much more complicated than many other frauds to investigate. Fear of loosing one's job becomes a very powerful motivator and I said it turns good people into doing bad things.
Dean: Steve, on that — good people into doing bad things — I assume by that statement that a lot of people that get involved before have never done it before or at least have never been caught before and no one is aware of it.
Steve: That's right, these are generally good people, good honest people that are put in bad situations. In fact, over the past few months the downturn we've seen two significant developments. For some companies had to focus on short term measures to address the collapse. Their focus has been cost cutting and when cost cutting comes into play a lot of the controls that are into play they start to fall off the table. With other companies we've found new opportunities develop. They grow their business because their competitors are falling by the wayside; there are new businesses that open up and new opportunities either in the domestic market or most importantly in the merging markets. With cost cutting a lot of companies are moving to merging markets there is a whole new dynamic of potential fraud vulnerability.
Sarah: We've also noticed that actions from the past can come back to haunt a company. For example investment scams that were previously undetected. And as companies continue to cut costs and downsize, controls often break down and fraud detection tools often let go. For example cooking the books frauds can arise as companies look to overcome covenant breaches. Theft is on the rise as employees feel less loyal to their employer when they aren't getting their traditional salaries and bonuses that they've been accustomed to. As companies are expand into merging markets issues as foreign crutch and bribery are on the rise as well. Last but not least, organized crime tends to increase in an economic downturn. Due to an increase in unemployment people may be more easily compromised or drawn in as accomplices to organized crime because they need the money that is being offered to them. This has caused an increase in check and credit card fraud as well as identity theft.
Dean: This sounds something the stuff that movies are made of.
Steve: It is. We saw a rash of check frauds for example, where what one might believe is cloak and dagger type fraudulent activity actually becomes a reality as companies are circumvented by certain type of people that get their employees to do bad things. These are good employees but desperate for money.
Helen: So that's a really horrendous list of frauds that you have given us. Is there any one that is particularly concerning in the economy currently?
Steve: There is, the most concerning fraud that we see that generally leads to larger frauds is collusions. Collusions probably the most difficult type of fraud because it involves two or more people. It can often involve, for example a supplier and employer of a company, who collude to fix prices or win contracts, this is often off the books; so it's a more difficult fraud to investigate. We find when this happens, their controls that are either broken down, controls that are nonexistent or not enforced. Unfortunately in an economic downturn, this is what starts to happens with controls. The one thing that we do find is if you have a well functioning anti fraud regime, particularly for whistle blowing; whistle blowing is the key to insure that collusion comes to the forefront. I mean organizations are educating their employees as to what collusion is and people are watching for it. A hot line or as we refer to them, the reporting mechanism, is often the way to go about catching collusion.
Dean: Do you think it's important for companies to continue to task fraud as a priority?
Steve: Absolutely. It's critically important that companies continue to make fraud a priority. This is important given the global nature of this crisis that we're currently in. With tightening credit, increased regulations, increased oversight and transparency, fraud issues can have a very significant in far reaching implications for a company.
Helen: Sarah, have you seen or do you anticipate more fraud with the economic downturn? Especially considering the number of people who have been downsized? Are they a particular risk area?
Sarah: Definitely, we anticipate more fraud in this economic downturn, specifically with employee theft or embezzlement. As people are losing their jobs and those that have kept their jobs but feel more threatened in the workplace their pressure to commit fraud will increase. In an economic downturn companies will tend to take their eye off the fraud ball and their focus is just on survival. And as they may relax fraud prevention or investigations in an effort to cut costs on their short term, these short term savings can have a significant negative impact longer term on internal controls. For example, it could result in failing to segregate incompatible duties and also result in fewer resources dedicated to internal audit or compliance in anti fraud initiatives.
Helen: So you're talking about not only of people that have been downsized and what they might do like walking off with computers or other equipment or some other types of frauds so also then.
Sarah: Also those that remain...
Helen: Right, the results after they've gone.
Dean: Sounds like they're more like a risk area because obviously they still have access.
Dean: Any interesting, startling trends that we're seeing in the market place given with the current environment?
Steve: There is. We continue to be surprised by the fact that organizations often don't understand how much fraud is actually costing their business. Now it's not surprising that that's the case because if you're not quantifying and watching for how much fraud is actually being committed you wouldn't be in the position to determine to see how much it's actually costing you. What we do do is to look for surveys.
And most recent survey we looked at on fraud, at least 43 percent of Canadian companies reported a loss from fraud. In fact quite surprisingly the average direct loss report was 3.7 million dollars. These numbers have increased considerably in the last few years. Other surveys, ones that have come out recently in the economic downturn suggest that losses from fraud can be upwards to seven percent of the total revenue of a company. That number sounds exorbitant and to us it seems somewhat exaggerated depending again as we said earlier on the definition of fraud. The one thing that we do know is that if you're not actually quantifying the problem it's very difficult to know the magnitude of the problem.
Helen: That's two data points that you have given us. The first data point is the detected fraud where as the second data point is the potential total fraud.
Steve: That's absolutely true. The good thing is that if you have solid prevention systems in place you may never have to be tasked with quantifying what the losses might be. So it is somewhat of a difficult area to quantify for that very reason good companies with good prevention anti fraud regimes don't have the problem of having to report a large fraud. I sat with a company the other say and they say to me: "If we do what you say Steve, how much money are we going to save?" Because their values were discussed and with performance improvement people and we were all talking about this I responded, "How would I know? Until I know what your fraud is, and when we start quantifying and catching how can I give you a value on what you're putting in to prevent it?" We can only tell you to put these mechanisms in place and you may not be a victim of a large issue that might impact your reputation or potentially harm your company.
Dean: Do we see a difference in incidents of fraud and forget the actual dollar of the fraud between big companies and smaller private companies. Is it the same kind of stats that would apply to both? Or is it very different?
Steve: The dollar value is will differ considerably. And unfortunately the small business they don't have the systems in place to even track and wouldn't know that they would subject to fraud. So again we try to emphasize the anti fraud regimes, prevention is the best solution for fraud. And even with small organizations very efficient and inexpensive fraud techniques, or even on how you address fraud can be a significant motivation throughout the organization to deter that behaviour.
Helen: So in terms of fraud prevention, what type of the employee is most likely to steal?
Sarah: We've seen fraud committed in companies by both men and women of all ages and varying professional and educational backgrounds. According to our own recent fraud survey it was found that the most typical Canadian perpetrator was a man between the ages of 31 and 40, with a high school level education or less and been with the company six years or more. If was hard to put a face on the typical perpetrator but that was empirically what was found.
Dean: That sounds very specific.
Sarah: In our own recent experienced we have seen a rise of frauds involving middle aged women with a need for cash exceeding their own income capacity due to gambling addictions or excessive lifestyle.
Steve: Again, we should point out the statistics that come through surveys are global in nature. Reaching into all countries and all markets and that is the profile that comes through. But what we're reporting and hearing from the participants in the survey our experiences service has said locally, has quite interestingly, have found that we've had a number of middle aged women with gambling addictions, who have had the propensity to steal a significant amount of money from the companies.
Helen: So do you look at their lifestyles and is that sort of a way of detecting fraud? That their lifestyle is justified by their compensation?
Steve: We do, we look at a number of warning signs and we refer to them in the fraud areas as red flags. Generally, the red flags as we call them can be a good indicator in the areas that might require for their investigation. In our experience there are several. One as you said, exorbitant lifestyles of an individual, these are people that are living well beyond their means. As much as one might think that someone wouldn't be naïve to go around flaunting their wealth often you find that this might happen within organizations.
Other red flags that we see are dominant personalities, people who lead by intimidation; often you find that a profile of a fraudster is someone who intimidates other people who are willing to challenge them in an organization. Rewards systems in organizations are often red flags or indications of potential behaviors that might be more influenced by the fraud rather then doing the right thing, Customer complaints or vendor complaints are often good indications that there could be potentially be a problem with an employee, more along the lines about what we talked earlier we talked about collusion.
Accounts that are not reconciled and unexplained accounting entries are often an area for abuse and something that we have clients to pay extra attention to for potential areas for concern. One item that I should point out that I often emphasize to a lot of clients is if you're not receiving a lot of complaints through your incident reporting systems or whistle blowing facilities, if you will, internally or externally — that could be an indication of a problem. Most data tells us that generally you should be getting some complaints through your hotlines or your incident reporting systems. Albeit unwarranted and if properly investigated proved to be fruitless, however if you're not getting them there could have a problem within the organization. Perhaps the message is not getting out.
Helen: Steve you mentioned one of your red flags was reward systems. So are you saying that some reward systems actually promote fraud?
Steve: There could be situations where bonuses are contingent on financial results, particularly for those tasks with producing financial information and or the results are determined exclusively by a particularly dominant individual who leads with a heavy hand. That often leads to behaviors that perhaps are not conducive to an environment where someone might be more inclined to report problems to others in the organization.
Dean: What are people more apt to steal? Maybe there are some things that we should be nailing down so they don't walk away.
Sarah: We found that the most of the common type of theft is that of asset misappropriation and certainly since the economic downturn we have seen rise in that. That can cover things such as theft of cash or monetary assets, supplies, inventory or even intellectual property. In the past discussions around fraud and losses have tended to focus on cash and in tangibles specifically we now see a growing trend with more organization experiencing losses in personal data. I guess criminal organizations have for some time recognized the value of personal data. Things such as bank account details, personal information and as long as there continues to be a black market value for those types of information they'll continues to be a risk for an organization for that type of theft.
Dean: So I guess technology really does change the face of potential for fraud in any organization.
Helen: So I guess we're almost running out of time, just to sum up Steve and Sarah, what recommendations do you have for companies during these economic times?
Steve: Well in companies there are both enterprise wide and process level anti fraud controls that could be deployed. The enterprise wide level controls are particularly important and often include things such as governance. Governance is key, the tone in an organization is absolutely critical to ensure that there is a tone set with the employees and there is over side by the audit committee and the board. Fraud risk assessments are critically important to be performed to understand specifically what your risks are particularly in this changing environment. And as this turn down economically as we talked about earlier, new challenges present themselves either through cutting of costs or moving to new markets and new businesses. You need a solid code of conduct. A code of conduct that really describes to people what wrong doing is and what the responsibility is in regards to wrong doing. You need proper training and education to ensure that employees fully understand what fraud is and again their obligation to report it.
You need well functioning incident reporting systems and we talked about it before, particularly with collusion. If you don't have an incident reporting systems that employees buy into and believe and feel confident using, you may not hear about alarms or fraud risks within an organization or fraud allegations. A good hiring and promotion system is in place is critically important for new employees coming into the organization to make sure you're not employing criminals, people bringing problems into your backyard. Most importantly you just need overall management evaluations and testing on an ongoing basis to make sure your anti fraud regime is functioning appropriately.
Sarah: In addition, boards and audit committees should also be asking themselves and other stake holders in the organization some key questions. Such as, what steps have we taken to set the right tone regarding fraud in the organization? Do we have the right policies and procedures to detect, prevent and investigate fraud? Can we demonstrate that we adhere to best practices? What are our fraud exposures? Have we performed a fraud risk assessments? These are all key questions that boards and audit committees should consider as well.
Helen: Steve you've been quoted a number of times in the media and I think you're very well known for your famous quote. Can you share it with us and our listeners today?
Steve: The key to success and tone that should be set by leaders in an organization, to me there is no better control for fraud in an organization of 20 thousand people and 40 thousand eyes watching, knowledgeable of what constitutes fraud and taking obligation reporting seriously.
Dean: Steve and Sarah this has been very eye opening and I guess the message we can summarize to our listeners is that fraud, it can happen to you. Thank you very much for joining us today.
Steve: You're very welcome.
Dean: For more information on forensic investigation and fraud please visit out website on www.pwc.com/ca/ifs.
Voice Over: Join us next time on strategy talks where we will welcome guests Doug Frost, a former PwC mergers and acquisitions task services national leader and Janice Russell a partner in the corporate tax practice. They'll be speaking about different ways tax credits can save you money in a down economy. Here's a sneak preview of what they have to say:
Janice: It's always so important to make sure to have at least acknowledged the need to incorporate tax planning into any of your structuring.
Doug: Are their transfer pricing arrangements appropriate? Because suddenly the levels of profit aren't in the places you thought they'd be. So what can you do to change those and better manage the global profits and the global taxes?
Dean: This concludes this episode of Strategy Talks, part of the PricewaterhouseCoopers Managing in a Downturn podcast series. I'm Dean Mullett, thank you for listening.
Helen: And I'm Helen Mallovy Hicks. We hope you'll join us again soon for another episode. To download or to subscribe to this podcast series or to find more information on this topic, please visit our Managing in a Downturn website at pwc.com/ca/managinginadownturn.
The information in this podcast is provided with the understanding that the authors and publishes are not herein engaged in rendering legal accounting, tax or other professional advice or services. The audience should discuss with professional advisors how the information may apply to their specific situation. Copyright 2009, PricewaterhouseCoopers LLP. All rights reserved. PricewaterhouseCoopers refers to PricewaterhouseCoopers LLP, an Ontario limited liability partnership, or as the context requires, the PricewaterhouseCoopers global network or other member firms of the network. Each of which is a separate and independent legal entity.