This article is written by Ajay Parakkat, pursuing Diploma in Companies Act, Corporate Governance and SEBI Regulations, from Lawsikho.com.
The fraud risk management has become a major concern for both the corporates as well as the regulators worldwide. Every organization around the globe today has taken strong measures for early detection and prevention of corporate fraud. These fraud occurrences have a serious impact on the sustainability of the organization and will have a drastic impact on public reputation. The long-lasting legal battle from the bottom to the top in the hierarchy and sometimes in different countries especially in the case of MNCs could destroy the goodwill and can even bring down the company.
What is corporate fraud?
- When a company does an activity that is illegal and beyond its charter, it is referred to as corporate fraud.
- The corporate frauds can take different forms like window dressing of accounts, siphoning-off funds, forgery, etc.
- The Enron scam of 2001, Lehman Brothers’ in 2008, Satyam in 2009, and Wirecard in 2020 are some of the well-known examples of corporate fraud.
The corporate governance norms have been strengthened by the Companies Act, 2013, and the regulations of the Securities Exchange Board of India (SEBI) for listed companies’ where key emphasis is given to the frauds by recognizing it as a key risk and has placed the accountability of the effective risk management on the Board of directors and the senior management. In the case of listed entities, there is additional fencing by ‘Audit Committee’ where independent directors on the board of directors to have necessary checks and take pro-active measures of risk mitigation.
How can directors manage fraud risks?
The tone of corporate governance is set by the board of directors and the senior management whose duty is:
- Formulation and implementing business ethics policy;
- To understand and identify fraud risks;
- Design and implement an effective risk management program;
- Monitor the fraud risk management program;
- Establish and monitor internal controls;
- Conduct periodic review of the risk management program to assess its effectiveness;
- Engaging external experts for independent review; and
- Ability to showcase the evidence of active involvement by the board of directors and the senior management as a part of the risk management program.
Strategy for fraud risk management
An effective strategy for fraud-risk management involves a pragmatic approach to identify, mitigate and prevent the occurrences of fraud based on an organization-wide awareness program imbibed in the culture itself.
The 3 key determinants of an effective strategy for fraud-risk management are given below:
- Conducting surveys to understand ethical culture awareness among the workforce.
- Training programs for existing and new employees on fraud awareness.
- Periodical assessment of the effectiveness of whistleblowing mechanisms in place.
Application of Data and Technology
- Use of forensic data analytics tools to identify and flag suspicious transaction patterns.
- Use of computer forensics to collect evidence on instances of identified fraud transactions.
Organizational control mechanisms
- Use of Business Intelligence tools like SAP Business Objects, datapine, etc.
- Independent fraud investigation upon receiving preliminary evidence.
The term whistleblowing is used when a person, mostly an insider of an organization like an employee or consultant, makes a disclosure or passing of information of illegal activity or suspected wrongdoing, frauds, etc. in order to bring the attention of those who are in charge to investigate and resolve the same.
A strong whistleblower policy should be in place to protect the whistleblowers and to maintain the confidentiality of information. Adopting a dedicated hotline for whistleblowers which the employees can use to report any kind of probable wrongdoing or instances of fraud. Many companies today have integrated a whistleblower hotline with their fraud risk management strategy.
Your-Call is one of the widely used hotlines by many organizations today, fraud reporting, and the receipt of information from whistleblowers.
Timely and prompt investigation of suspected/known cases of fraud
A quick response protocol should be put in place by the board or a committee delegated by the board on how to respond to whistleblowing. Where the preliminary evidence supports a probable fraud by any employee regardless of the level they are at, a swift investigation should be launched to collect detailed evidence and to stop further reputational damage. Depending upon the severity and the loss of organizational resources, an external independent agency should be appointed to conduct a detailed scientific investigation to identify the loopholes in the system and to prevent such occurrences in the future.
Committee for fraud risk assessment
The regulatory mechanism in India has given the mandate of fraud mitigation and control to the ‘Audit Committee’ of the board of directors of the company. Further companies belonging to certain categories are required to form a committee called ‘Risk Committee’ with the sole and exclusive function of overseeing the risks management function of the organization.
These committees conduct a comprehensive review of the organizational risk management system, the effectiveness of internal control and systems. It is important that top-level management is involved in the process to ensure that the policies are implemented and reviewed and adapted as and when it is required.
Data analytic technology
Data analytics is analysing and gathering data from a large database using statistical methods. The use of Artificial Intelligence tools (AI) like Machine learning has made risk management more accurate and predictable using patterns. The current world is driven by bid data. The important advantage of bid data is the ability to process millions of data with cent percent accuracy. The use of forensic data analysis tools gives insights to the operations and projects areas that are more sensitive towards frauds and wrongdoings.
The analytics tools can help in fraud detection, prevention, and investigation strategies of the organisation through real time-based analysis and reporting. With the advancement in technology and the risks they carry, data analytics and its integration with the risk management strategy will be the key factor that would drive the future organisational risk management programs.
Formal policy for fraud prevention
Every organisation has to put in place a policy that will define how the philosophy of the organisation in dealing with corporate frauds. The policy will also act as the base document for all the organisational training programs for the employees and where one will look for what to do in a given situation. It is a comprehensive document that defines fraud, the measures for detection and prevention of fraud, and how it will be dealt with by the organisation.
An organisational policy sets the tone of the organisation and the anti-fraud policy shall be drafted in a way that it answers all the possible questions that an insider would have when it comes to fraud reporting and shall have a link towards the whistleblower protection.
Internal control system
The internal controls in an organisation attempt to detect any kind of wrongdoings, detect errors and frauds, and to safeguard the organisation’s resources. These controls should be dynamic which evolves and adapt to the changes in the business in order to respond effectively to fraud management.
A comprehensive review of risks has to be made by the management in order to strengthen the internal control systems. Though most organisations have an internal audit of control mechanisms, it is always advisable to engage an independent professional to check whether the internal controls in place are effective and does it have any drawbacks or requires improvement. Such an independent audit conducted on a periodic basis will give a true and unbiased opinion on the existing internal control mechanism which will prevent any potential chances of fraud.
The ideal fraud risk management approach shall have the following 3 basic features:
- Prevention of instances of fraud from occurring.
- Detection of instances of fraud when they do occur.
- Taking corrective action once it is established.
Every organisation has its own style and culture of functioning and there are no sets of activities that can be universally applied to every business. The risk management program has to be customised to meet the requirements of the organisation and the key factor here is the board of directors of the company. It is the body of decision making every company who has been bestowed with the responsibility of running the organisation in the best interest of the members as well. Ultimately they are answerable to the shareholders of the company for any failure on discharging their duties as directors of the company.
Another area that should be given importance is the corporate governance practices that are existing in the organisation and whether there is a due process for key decision making. While looking at the major corporate frauds across the globe, one can see that many of them happened at the top management itself and those who were the gate-keepers failed to act even after knowing the wrongdoings.
The directors have to understand the fast-changing business environment and shall be able to predict the probable instances of fraud and every extreme situation that could negatively affect the reputation of the organisation. With the right understanding of risks, an effective internal control mechanisms and continuous revisions and updating to the fraud management program will help the organisations to prevent the occurrence of fraud and to save the organisational reputation.
- Deloitte – De-mystifying fraud risk management For the board
- KPMG – Fraud Risk Management
- ICSI Publications
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skill.
LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: