Fraud? What fraud?
The fact that only 54% of organisations globally in our 2018 Global Economic Crime and Fraud Survey said they had conducted any kind of risk assessment for fraud or economic crime is clearly worrying. But arguably even more concerning is that only one third (33%) had conducted an assessment of anti-bribery/anti-corruption risk. This statistic is shocking, given how impactful and expensive bribery and corruption crime has become around the world, in both regulatory and financial terms.
Yet even when organisations do conduct fraud risk assessments, that’s only half the battle. There’s a natural tendency to focus on the more obvious and familiar areas – ‘the devil you know’ – rather than seeking out those where the risk of impact may be far greater. Picture the scenario of a retailer that focuses its assessment on asset misappropriation at the checkout counter or warehouse, and misses a cyber-attack that steals its customer data. As the animated graphic below shows, no area of any business is immune to fraud.
The buck stops with the CEO
Alongside the need for proactive fraud risk assessments, a further recurrent theme of our study is that tackling fraud is now decisively a top-level issue for the CEO and board. This is hardly surprising, given the scale of its financial impacts: when asked to quantify the direct financial loss caused by its most disruptive crime over the past two years, 64% of respondents said the loss could reach up to $US1 million, and 16% said between $US1 million and $US50 million.
Add in secondary costs such as investigations and interventions, and the overall expense balloons: 46% had spent the same or more as the amount lost through the crime itself. That’s even before knock-on impacts on reputation, staff morale and business relationships are taken into account.
Given such impacts, it’s not surprising the buck stops with the CEO – who’s increasingly seen as the personal embodiment of an organisation. When ethical or compliance breakdowns happen, business leaders are often held personally responsible, both by public opinion and, increasingly, by regulators. Some 91% of respondents said their most serious incidences of fraud had been brought to the attention of senior management. When fraud strikes, the C-Suite can no longer claim ignorance as an excuse.
Key takeaway questions for organisations
- Do you have a crisis response plan?
- Have you demonstrated a plan to all the appropriate stakeholders?
- What compliance exercises have you done to test the company’s ability to manage the crisis?
- Are you confident in your ability to react in a timely fashion when a crisis hits?
