Where There's Smoke There's Fraud

Embed Size (px)

Citation preview

  • 7/31/2019 Where There's Smoke There's Fraud

    1/4

    Print this article | Return to Article | Return to CFO.com

    Wh ere The re ' s Sm oke , The re ' s FraudSarbanes-Oxley has done little to curb corporate malfeasance. Therefore, CFOs should implement a range of fraud-

    prevention measures.Laton McCartney, CFO MagazineMarch 1, 2011

    As a convicted felon, Sam E. Antar, the former CFO for the now-defunct consumer-electronics chain CrazyEddie, no doubt has regrets. Among them: he is no longer in the game at a time when corporate fraud isexperiencing a resurgence. "If I were out of retirement today, I'd be bigger than Bernie Madoff," he boasts.

    In conjunction with CEO Eddie Antar (his cousin), Sam Antar helped mastermind one of the largest corporatefrauds in the 1980s, bilking investors and creditors out of hundreds of millions of dollars. Today, he makes aliving lecturing about corporate fraud (and shorting the stocks of companies he thinks may have inflatedearnings).

    Antar says that despite the antifraud provisions of the Sarbanes-Oxley Act of 2002 and the recently enactedDodd-Frank Wall Street Reform and Consumer Protection Act, it remains as easy today for bad guys, both

    internal and external, to loot corporate coffers as it was during the Enron and WorldCom days. "Nothing'schanged," he says. "Wall Street analysts are just as gullible, internal controls remain weak, and the SEC isunderfunded and, at best, ineffective. Madoff only got caught because the economy tanked."

    Antar won't get much of an argument from organizations that monitor corporate fraud. In fact, the consensustoday is that financial shenanigans are markedly on the increase. "There's a lot more employee fraud andembezzlement today then there was 10 years ago, and this past year there was much more than a year ago,"says Steve Pedneault of Forensic Accounting Services. "People blame the economy, but much of the fraud andembezzlement that's coming to the surface now was in the works for 4 or 5 years before the recession hit."

    Last year, the Committee of Sponsoring Organizations of the Treadway Commission's report on corporatefraud concluded that fraud continues to increase in depth and breadth despite Sarbanes-Oxley; the methodsof committing financial fraud have not materially changed; and traditional measures of corporate governancehave limited impact on predicting fraud.

    Page 1 of 4Where There's Smoke, There's Fraud - CFO.com

    4/5/2011http://www.cfo.com/printable/article.cfm/14557373

  • 7/31/2019 Where There's Smoke There's Fraud

    2/4

    In other words, same old same old, only worse: in its 2010/2011Global Fraud Report, risk consulting firm Kroll found that business losses due to fraud increased 20% in thelast 12 months, from $1.4 million to $1.7 million per billion dollars of sales. The report, based on a survey ofmore than 800 senior executives from 760 companies around the world, also found that 88% of therespondents reported being victims of corporate fraud over the past 12 months. If fraud were the flu, thiswould qualify as a pandemic.

    The most likely targets by industry are financial services, media, technology, manufacturing, and health care.Small and midsize companies are also more vulnerable. "Many of these organizations typically rely on a small

    accounting department, especially in today's economy," says Pedneault. They simply don't have the resourcesto catch fraudsters.

    That challenge becomes all the more daunting when one considers the many varieties of fraud that exist.Aside from various forms of embezzlement and outright theft, and the growing risk of information theft (thinkhackers), two other kinds of corporate malfeasance have come to the fore in recent years: fraud in thebusiness model and fraud in the business process.

    The former is defined by a company selling illegal or worthless wares. "If the pharmaceutical industry sellsalleged off-label drugs that have not been approved by the FDA, or the financial-services industry is offeringworthless subprime mortgages, that can constitute business-model fraud," says Toby J. F. Bishop, director ofthe Deloitte Forensic Center for Deloitte Financial Advisory Services.

    Fraud of the business-practice variety, Bishop explains, can range from corporations ignoring or turning ablind eye to environmental or safety laws to the ever-popular practice of engaging in "window dressing" at the

    end of the quarter.

    An Act ion P lan With fraud on the rise, and with all parties that could possibly be tempted feeling more pressure to cross theline, how should companies respond? First, the bad news: "Most fraud today is uncovered by whistle-blowers,or by accident a tip, a rogue piece of mail, or by happenstance," says Tracy L. Coenen, a forensicaccountant and fraud investigator who heads up Sequence, a forensic accounting firm.

    In a sense, companies (at least those that are publicly traded) were supposed to self-insure against fraud byimplementing, at great expense, the controls framework included in Sarbanes-Oxley. But a framework stillrequires an enforcer, and at many companies there is none. "There's often no single entity for oversight," saysDeloitte's Bishop. "Many companies have no compliance or risk management at all."

    Even when they do, there's the issue of how effective it can be. It's not a job that wins friends and influencesfellow workers. "The compliance officer is the most hated person in the company," notes Thomas Quilty, CEOof BD Consulting and Investigations. "Companies often retaliate against them," adds Antar.

    "Compliance staff frequently end up pushing paper [just] so it looks like the company has tried to do the rightthing in case there's an investigation," says Coenen. "They're not effective."

    As for what to do, while no one has yet come up with a silver bullet, experts point to seven useful steps thatall companies can take:

    1 . St a r t a t t he t op . "It's critical for both the board of directors andexecutive management to set the tone forthe corporation and its operating units," says James Davidson, managing director at Avant Advisory Groupand a certified fraud examiner. In fact, this may be the most important component of the control environmentnecessary for deterring fraud and fostering transparency. Plenty of lip service has been paid to the importanceof tone at the top, of course, and it is often cited as the key to the success ofwell, almost everything. Butwhen it comes to curtailing fraud, it really does matter, because without it, an "entire culture of workplacefraud" can take root, according to the Association of Certified Fraud Examiners (ACFE).

    2. Educate em ployees. The ACFE also maintains that employee education is the foundation for preventingand detecting occupational fraud (defined as "the use of one's occupation for personal enrichment through thedeliberate misuse or application of the employing organization's resources or assets"), because employees area company's top fraud-detection resource. They must be trained in what constitutes fraud, how it hurtseveryone in the company, and how to effectively report any questionable activity.

    3. Change t he cu l t u re ASAP. After it was hit by a $550 million fine by the Securities and ExchangeCommission last July for its role in the collateralized-debt-obligation debacle, Goldman Sachs, which has areputation of functioning as a "black-box" organization, recently announced plans to change its culture. Theinvestment-banking firm claims it will become more transparent and ensure its business processes put

    Page 2 of 4Where There's Smoke, There's Fraud - CFO.com

    4/5/2011http://www.cfo.com/printable/article.cfm/14557373

  • 7/31/2019 Where There's Smoke There's Fraud

    3/4

    customer interests first. That's easier said than done, however. "It's difficult to bring about a far-reachingcultural change in well-established companies," says Quilty of BD Consulting and Investigations. "That's nottrue, however, for first-generation or even second-generation companies, where the employees have a stakein the company and are more motivated to protect it from fraud." More-established companies face a largerhurdle. "Current employees didn't build the company," Quilty says, "so they're less interested in protecting itagainst fraudsters."

    4 . Su rp r i se ! We ' re hav i ng an aud i t . Another effective, yet underutilized, tool in the fight against fraud atleast according to the ACFE is surprise audits. Fewer than 30% of victim organizations in the ACFE's recent

    studies conduct surprise audits. Those that do, however, tend to have lower fraud losses and detect fraudmore quickly. While surprise audits can be useful in detecting fraud, their most important benefit is inpreventing fraud by creating a perception that it will be detected. Generally speaking, occupational-fraudperpetrators commit fraud only if they believe they will not get caught.

    5 . Check ( and doub le -check ) emp loyee backg rounds . Due diligence is essential in evaluating thecredentials and competence of new hires and becoming aware of any issues regarding personal integrity. Thatmeans, at a minimum, that companies should confirm an applicant's work history and education as detailed onhis or her rsum and follow up thoroughly with all references provided. Any embellished or false informationor undisclosed history may be a red flag. The same scrutiny should be applied to new and existing suppliers,customers, and business partners, Deloitte's Bishop says. (A number of outside security and risk-managementfirms, such as Kroll, will perform extensive background checks on a company's behalf.) Finally, the ACFErecommends that after someone joins your staff, an evaluation of the new employee's compliance withcompany ethics and antifraud programs should be incorporated into his or her regular performance reviews.

    6. Prepare a da ta-b reach response p lan . With information loss and data breaches now the most commonform of fraud, according to Kroll, it's essential to establish a comprehensive response plan that will enabledecisive action and prevent operational paralysis when a data breach occurs. Disseminate this plan throughoutthe company to ensure that everyone knows what to do in the event of a breach. In preparation, consider thefollowing: Who will have a role in reviewing the policies and procedures on a predictable timetable? What arethe physical security elements? When and how will they be tested? As additional motivation, consider that newregulations now impose severe penalties on firms that don't have this aspect of security nailed down.

    7 . Make su re t he boa rd o f d i r ec t o rs p l ays it s ro l e . "Corporate governance is the joint responsibility ofboth the board of directors and management," says Davidson of Avant Advisory Group. Now that the SEC hasmandated greater board involvement in risk management, apprising the board of fraud risk and responsesbecomes a top priority for the CFO. It won't be fun, and, as Davidson notes, if board directors are at the top oftheir game they will push back and demand even more information. But that kind of dialogue can beinvaluable in uncovering vulnerabilities.

    What Doesn ' t Work The value of implementing those kinds of organizational changes often fails to register with CFOs who, withsome reason, have tended to rely on more-formal forms of enforcement: audits from the inside andinvestigations from the outside.

    The ACFE maintains that audits are ineffective. "External audits were the control mechanism most widely usedby the victims in our survey, [yet] they ranked comparatively poorly in detecting fraud and limiting losses," itnoted in last year's study. But the group did acknowledge that audits can be of value when they are combinedwith management reviews, job rotation, the creation of a code of conduct, surprise audits, and hotlines. Inshort, the same sort of holistic approach spelled out above.

    As for external help, only 347 fraud cases were prosecuted by the SEC in what might be thought of as theMadoff Era, 19982007. In 2009, President Obama appointed Mary Schapiro to head the SEC, and shepledged to "reinvigorate a financial regulatory system that must protect investors andenforce the rules."That pledge got a booster shot from the Dodd-Frank Act, which will, in theory, double the SEC budget to$2.25 billion by 2015. Schapiro has already indicated that she wants to invest in a technology upgrade, thehiring of 800 employees, and the leasing of one million square feet of new office space.

    Yet no new funds have actually been dispersed, and the SEC has had to back out of the lease for new officespace, isn't hiring as planned, and won't be getting the new technology it needs for enforcement,examination, risk assessment, and market oversight. It has even cut back sharply on travel by its currentinvestigators.

    It's no wonder Sam Antar muses about getting back in the game.

    Page 3 of 4Where There's Smoke, There's Fraud - CFO.com

    4/5/2011http://www.cfo.com/printable/article.cfm/14557373

  • 7/31/2019 Where There's Smoke There's Fraud

    4/4

    Laton McCartney is a freelance writer based in New York.

    Just Wh i s t l e?

    There is one potential bright spot within the Dodd-Frank Wall Street Reform and Consumer Protection Act

    regarding fraud prevention: the law contains provisions that generously reward whistle-blowers. According toToby J. F. Bishop, director of the Deloitte Forensic Center for Deloitte Financial Advisory Services, theSecurities and Exchange Commission has already set aside more than $400 million for that purpose. The actalso provides strong protective measures, expressly prohibiting employers from retaliating against employeetipsters. "The IRS set up a similar whistle-blower reward program three years ago," Bishop notes, "but ithasn't paid out anything to date, because it is waiting for all the appeals to be exhausted."

    News of the SEC fund appears to have triggered a strong uptick in whistle-blowing, which, in turn, has had atleast one unintended consequence: it has created confusion regarding the internal-controls provisions ofSarbanes-Oxley, which required a mechanism by which employees and third parties could, and should, reportclaims of fraud to management. If a whistle-blower is now bypassing compliance and sending reports of frauddirectly to Washington, what's the point of having internal ethics and compliance programs?

    This is a question being posed by, among others, the National Association of Corporate Directors, which has

    decried the "chilling effect" of the SEC whistle-blower provisions in Dodd-Frank. "Unless the [provisions] aresubstantially altered, the collateral damage to corporate internal compliance programs and ultimately theethical culture that companies strive to obtain could be harmed. These provisions offer too many incentivesfor a wide range of potential whistle-blowers to ignore a company's existing internal reporting system andinstead go directly to the SEC. Indeed, [such] enticementwill substantially damage the very systems thatserve as the backbone for ethical corporate culture in companies today." L.McC.

    CFO Publishing Corporation 2009. All rights reserved.

    Page 4 of 4Where There's Smoke, There's Fraud - CFO.com

    4/5/2011http://www cfo com/printable/article cfm/14557373