View
660
Download
4
Tags:
Embed Size (px)
DESCRIPTION
A report based on a survey conducted to understand the fraud scenario in India. This study aims to understand how businesses have coped with increasing fraud and corruption risk last year, what the emerging fraud risks in the industry are and the measures taken by various organizations to mitigate these risks. For further information on EY's fraud investigation and dispute services, please visit: http://www.ey.com/IN/en/Services/Assurance/Fraud-Investigation---Dispute-Services
Citation preview
Fraud and corporate governance:
Changing paradigm in India
Findings from India Fraud Survey 2012
Page 2
A report based on India fraud survey 2012
► What lies beneath
► Fraud scenario in India — ground reality ► Cost of fraud — more than monetary
► Discovery of fraud — methodical and accidental
► Current practices — inconsistent with globally accepted norms
► Growing greed — profile of a fraudster
► Areas of concern ► Data and information theft – managing insider threat
► Management’s overriding controls
► Bribery and corruption – the perpetual challenge
► Changing regulatory landscape
► Tools for fighting fraud ► Role of technology
► Whistle-blowing
► Fraud response plan
► Third party due diligence
► Independent directors — a strong influence
What lies beneath
Page 4
Some statistics
1. ―Global Peace Index,‖ Institute for Economics & Peace, 2011, p. 8
2. “2010 Report to the Nations,” Association of Certified Fraud Examiners (ACFE), 2010
3. “Doing business in a more transparent world: Economic profile India,” World Bank and International Finance Corporation report,2012
4. ―Corruption Perceptions Index 2011,‖ Transparency International, December 2011
A typical organization loses 5% of its annual
revenue to fraud. This figure translates to a
potential global fraud loss of more than
$2.9 trillion
India is ranked at 132 out of 183 countries
on Doing Business Index, which is lowest
among BRIC countries
India's political stability
rating is weak and
therefore a risk to
development projects.
India is ranked 135
among 153 companies
on Global Peace Index
Corruption perception index – India ranked low at 95 out of 183 countries
Page 5
Changing scenario: increasing awareness
From your understanding of recent scams and large-scale corporate fraud, which of the following options have
most significantly contributed to the detection of fraud? ?
According to more than three-fourths of the respondents, the incidence of fraud has
increased in the country in this last one year. But the fact that around two-thirds of the
respondents said that scams and corporate frauds were unearthed because of legislations
such as the Right to Information Act (RTI) and Public Interest Litigation (PIL) speaks volumes
about public awareness in India.
68% 61%
54%
25%
0%
10%
20%
30%
40%
50%
60%
70%
80%
Whistleblowing
Legislations such as the Right to Information Act and PIL
Independent media
Public driven initiatives
Multiple Answers Allowed
Fraud scenario in India — ground reality
Page 7
Increasing incidence of fraud
Do you believe the incidence of fraud has increased in the last one year in your industry? ?
Nearly three out of five respondents revealed that their companies had been subjected to fraud
during this last one year. In addition to industries such as banking, Non Banking Financial
Companies (NBFC), real estate and telecommunications, which are generally perceived as being
highly fraud prone, around 50% of the respondents from infrastructure, IT/ITeS and consumer
product companies also indicated that fraud incidents have increased in their segments.
85%
67% 60%
50% 50% 50%
0%
25%
50%
75%
100%
Banking & NBFC
Real estate
Telecom Infra IT/ITES Consumer products
Yes
Page 8
Changing paradigm
Internal
Controls
Internal and External
Pressure
Pressure on earnings
Layoffs are increasing,
stock prices are
declining, credit crisis
and other external
factors are increasing
Opportunity to
Commit Fraud
Influence of Technology
As business processes
such as accounting,
procurement etc. are
moving to IT systems, and
slowly to cloud computing
so are the related frauds
Pressure
Opportunity
Rationalization
Less focus on corporate
governance/ethics
With Increased pressure
and decreased internal
controls – People will
explore more opportunities
to commit fraud
Page 9
Top five fraud risks
Which of the following types of fraud do you believe could pose the biggest risk to your industry? ?
1. Data or information theft and IP infringement
2. Bribery and corruption
3. Fraud by senior management and conflict of interest
4. Vendor fraud or kickbacks
5. Regulatory non-compliance
20%
15%
13% 12%
10%
9%
9%
4% 3%
3% 2%
Data and information theft, IP infringement
Bribery and corruption
Vendor fraud, kickback
Fraud committed by senior management
Regulatory non-compliance
Accounting fraud
Procurement fraud, favoritism
Money laundering
Asset misappropriation
Management conflict of interest
Others
Page 10
Cost of fraud- more than monetary
How would you rank the following six forms of collateral damage (actual or potential) stemming from fraud? ?
Loss of reputation emerged as the biggest and severest collateral damage caused by fraud.
For companies, public perception can have a dramatic impact on their business. According to
more than three-fourth of the respondents, loss of reputation is the most serious collateral
damage (actual or potential) stemming from fraud.
5.27
3.66 3.36 3.27 3.03 2.41
0
1
2
3
4
5
6
Damage to reputation of brand
Damage to external business relations
Monetary loss
Decline in employee morale
Strained relations with regulators
Negative impact on share price
Page 11
Discovery of fraud – methodical or accidental
Has your company experienced any incident of fraud in the last one year? If yes, which one of the following
methods of detection were employed? ?
Only 14% of the respondents attributed detection of fraud to automated surveillance systems.
It seems counter-intuitive that we still detect most cases of fraud by being tipped off or by
accident, even with advancement in technology and heightened regulatory activity.
62%
41% 34%
14% 12% 9% 5% 7%
0%
10%
20%
30%
40%
50%
60%
70%
Method employed in the company for detection of fraud
Whistleblowing mechanism
Internal audit/Corporate security
Proactive fraud risk management
Automated detection/Surveillance systems
Rotation of duties/personnel
External audit
By accident
Others
Multiple Answers Allowed
Page 12
Weak anti-fraud measures
Does your company have any of the following anti-fraud measures in place? ?
Reliance on internal and external audit, and code of conduct is high
Or
Companies still using internal/statutory audit to detect fraud
93 91 90
71 69 67 59
7 9 10
29 31 33 41
0%
25%
50%
75%
100%
Internal Auditing
External Auditing
Code of conduct
Vendor/ Third-Party due
diligence
Whistleblower Mechanism
Anti-bribery/ corruption and ethics training
Proactive fraud risk management
No
Yes
Page 13
Lack of action against the fraud perpetrator
― Companies are generally interested in
recovering the defrauded money rather than
getting the culprit punished under the law of
the land as it is not legally binding on them.
Section 39 of the Code of Criminal
Procedure, 1968, imposes no legal binding
on any person to report cases of economic
offences under the IPC, such as theft,
dishonest misappropriation of property,
criminal breach of trust, cheating and
dishonestly inducing the delivery of property,
forgery for the purpose of cheating, using as
genuine a forged document and other
offences of corruption and bribery, to the
police. ‖
According to most survey respondents, “He is an internal employee of a company, who is in
his 30s and is far from retirement. He is in the middle management cadre, working in the
procurement or sales department.”
Page 14
Changing profile of a fraudster Managing insider threat
Companies are reluctant to take legal recourse against employees responsible for committing
fraud. Only 35% of the respondents said that their companies take legal
action against any employee responsible for committing fraud.
Some possible reasons:
►Lifestyle not commensurate with income
►Young people more tech-savvy, and tend to
use their knowledge for fraud vulnerabilities
► Lack of controls in rapidly growing
organizations, and fraud over-looked as cost of
doing business
►For faster career growth and image projection
in a sluggish economy
►Employee handling multiple responsibilities,
esp. conflicting
►Employee being a star performer in financial
targets but not in compliance
►Compensation is linked to short term
performance
►Low morale and motivation among employees
Areas of concern
Page 16
Technology frauds: a changing world
Source: Technology frauds: a changing world, Ernst & Young, 2011
― 74% of the respondents strongly perceive
IT fraud as a serious risk for the
organization ‖ ― One-third of the respondents were
unaware of the IT Act 2000 and its
amendments. We also observed minimal
awareness of the Indian Evidence Act and
the new data privacy law. ‖
― An alarming number of respondents (61%)
revealed that their companies rely on
basic spreadsheet software for IT fraud
investigations ‖ ― 31% of the survey respondents are aware
that IT data breach investigation and its
prevention gets covered in the overall
compliance audits in a company ‖
Page 17
Management overriding controls Pressure on earnings
According to 15% of the respondents, management conflict of interest poses the highest fraud risk.
Inability to achieve the projected level
Management over-ride of Controls
Mis-statement of Financials
On achieving projected levels
Management over-ride of Controls
Diversion of Funds
Overstatement
of
Assets
Understatement
of
Liabilities
Inflation
of
Income
Inflation of
Expenses/
Deferral
Project unrealistic
CAGR & future
cash flows
Bribery and corruption – the perpetual
challenge
Page 19
Increased awareness of local laws, but low awareness of global ones
Are you familiar with the following acts or regulations? ?
After the recent scams, there seems to be an increased awareness of anti-graft laws, and nearly
three-fourth of the respondents indicated that they were aware of anti-corruption legislation in
India — the Prevention of Corruption Act. However, although three-fourth of the respondents
represented MNCs, less than half of them were aware of important anti-graft legislation such as
the US FCPA and the UK Bribery Act, both of which have extraterritorial reach.
70%
49%
35% 32%
0%
10%
20%
30%
40%
50%
60%
70%
80%
Prevention of Corruption Act
Foreign Corrupt Practices Act (FCPA)
UK Bribery Act (UKBA)
OECD regulations
Multiple Answers Allowed
Page 20
What corporate think about bribery and
corruption risk?
Cash seems to be the most popular mode of
paying bribes.
Around 33% of the respondents
said that lack of an effective
regulatory and compliance
mechanism, and weak law
enforcement are equally
responsible for facilitating
corruption.
Perceptions
and ground
realities
Kickbacks to win or retain business
To get routine approvals from
government agencies
Influence people in making favorable
decisions
Nearly 40% of the respondents indicated that the
inherent nature of the industries in which their
companies operated was responsible for
facilitating corruption; 34% respondents said that
it was due to the ―weak tone at the top.‖
Continuing bribery and corruption
risk
Changing regulatory scenario
Page 22
Changing Indian Regulations*
Regulator/ Law Salient features
The Public Interest Disclosure (Protection
of Informers) Bill, 2010
• Expected to encourage disclosure of information in public interest, but the private sector is
excluded
• Provides limited protection to whistleblower
• Investigation not time bound
The Prevention of Bribery of Foreign
Public Officials (FPO) and Officials of Public
International Organizations (OPIO) Bill
2011 (India’s FCPA equivalent)
• Criminalizes acceptance or solicitation of bribes by FPOs and OPIOs
• Criminalizes offers or promises to give bribes to FPOs and OPIOs for obtaining or retaining
business
The Prevention of Corruption Amendment
Act, 2011
(proposed amendment to the PCA, 1988)
• Includes new sections that empower the Act to deal separately the offence of violating the norms
of the Constitution, for using undue influence on public servants, misusing official powers and
causing loss to the government exchequer
• Empowered to seize, attach and confiscate the property of convicted persons, who have
amassed ill-gotten money
Companies Bill 2011 • Serious Fraud Investigation Office (SFIO): has powers to probe companies suspected of fraud
• SFIO’s report filed in a court for framing charges to be equivalent to a police report under the
Code of Criminal Procedure, 1973
• To have the power to arrest persons for suspected fraud; SFIO to coordinate its operations with
those of other investigating agencies such as the Central Bureau Of Investigation or Enforcement
Directorate
Data privacy laws • To prevent use or gathering of personal information without the knowledge of the concerned
persons
• To protect personal information, financial information such as bank accounts, credit or debit card
or other payment instrument details
The Competition Act
• Anti-competitive agreements
• Abuse of dominant position.
• Regulation relating to combination * This information is intended to only provide a general outline of the subjects covered. It should neither be regarded as comprehensive nor sufficient for making
decisions, nor should it be used in place of professional advice.
Tools for fighting fraud
Page 24
Proactive fraud risk management Role of technology
Is your company familiar with any of the following fraud-prevention/detection tools? ?
Less than 50% of the respondents are aware of fraud-prevention and detection tools
46% 43%
34%
26%
38%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50% Software for continuous monitoring of business transactions
IT-based tools for retrospective identification of fraudulent payments or other abusive activity
Software for continuous monitoring of business communications (i.e., key words within emails to addresses external to the company)
IT-based tools for identification of unethical behavior based on social network analysis
Cannot say
Multiple Answers Allowed
Page 25
Whistle-blowing What makes whistle-blowing ineffective in Indian companies?
Nearly 50% of the respondents representing Indian companies revealed that their organizations
do not have a whistle-blowing mechanism, while 75% of the respondents from Indian MNCs
claime to have one.
Absence of a telephone (hotline) as reporting medium Less than 50% of the respondents reported that their companies have a telephone (hotline)
for whistle-blowing.
Operating hotline internally Around 90% of the respondents, who reported that their companies had a whistle-blowing
mechanism, revealed that these hotlines are operated internally.
Lack of awareness 71% of the respondents said that only 10% of the complaints received through the
mechanism require further investigation.
Page 26
Fraud response plan
Which of the following, if any, apply to your company's response to the first reporting of a possible case of fraud,
bribery or corrupt practice? ?
According to 63% of the respondents, their companies have well-defined roles within their
internal audit, compliance, risk and legal functions in the event of investigations, and 55%
said that their companies had in place a clear procedure for reporting incidents, but
only 32% have documented response plans.
63% 55%
46% 44%
32%
16%
7% 0%
10%
20%
30%
40%
50%
60%
70%
We have well-defined roles for different groups such as internal audit, compliance, risk and legal in any investigation.
We have a clear process for reporting incidents.
We have a clear process for determining consistent disciplinary outcomes of investigations.
We have a clear process for conducting root-cause analysis to understand how an incident occurred.
We have a documented response plan that involves those parts of the business with the requisite skills to handle an investigation
Cannot say
None of the above
Multiple Answers Allowed
Page 27
Third-party due diligence
Does your company conduct background checks on third-parties (vendors, consultants and suppliers, for
example) it engages? ?
Nearly two-third of the respondents said that their companies conduct due diligence on
ethics and integrity for third parties. This positively reinforces the fact that globalization and
the regulatory “push” is driving companies to proactively manage their fraud risk.
68%
32% Yes
No
Thank You
Arpinder Singh
Partner and National Director
Direct: +91-22-6192 0160
Email: [email protected]
About Ernst & Young
Ernst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 141,000 people are united by our shared values and an unwavering commitment to
quality. We make a difference by helping our people, our clients and our wider communities achieve their potential.
Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company
limited by guarantee, does not provide services to clients. For more information about our organization, please visit www.ey.com
© 2011 Ernst & Young Pvt. Ltd. Published in India. All Rights Reserved.
This publication contains information in summary form and is therefore intended for general guidance only. It is not intended to be a substitute for detailed
research or the exercise of professional judgment. Neither Ernst & Young Pvt. Ltd. nor any other member of the global Ernst & Young organization can accept any responsibility for loss
occasioned to any person acting or refraining from action as a result of any material in this publication. On any specific matter, reference should be made to the appropriate advisor.
Ernst & Young Pvt. Ltd.
Assurance | Tax | Transactions | Advisory