Topic Gateway Series

Corporate fraud

Corporate fraud
Topic Gateway Series No. 57

1 Prepared by Helenne Doody and Technical Information Service May 2009

Topic Gateway Series

Corporate fraud

About Topic Gateways

Topic Gateways are intended as a refresher or introduction to topics of interest to CIMA members. They include a basic definition, a brief overview and a fuller explanation of practical application, and finally signpost some further resources for detailed understanding and research. Topic Gateways are available electronically to CIMA Members only in the CPD Centre on the CIMA website, along with a number of electronic resources.

About the Technical Information Service

CIMA supports its members and students with its Technical Information Service (TIS) for their work and CPD needs. Our information specialists and accounting specialists work closely together to identify or create authoritative resources to help members resolve their work related information needs. Additionally, our accounting specialists can help CIMA members and students with the interpretation of guidance on financial reporting, financial management and performance management, as defined in the CIMA Official Terminology 2005 edition. CIMA members and students should sign into My CIMA to access these services and resources. Chartered Institute of Management Accountants 26 Chapter Street London SW1P 4NP United Kingdom T. +44 (0)20 7663 5441 F. +44 (0)20 7663 5442 E. tis@cimaglobal.com www.cimaglobal.com

Topic Gateway Series

Corporate fraud

Corporate fraud
Definition
Fraud essentially involves using deception to make a personal gain for oneself dishonestly and/or create a loss for another. Although definitions vary, most are based around these general themes. The term fraud commonly includes activities such as theft, corruption, conspiracy, embezzlement, money laundering, bribery and extortion.

Context
In the current CIMA syllabus, students will study and may be examined on fraud in Paper 3, Management accounting risk and control strategy.

Related concepts
Corporate governance; risk management; internal control; information systems control.

Overview
Surveys are regularly carried out to estimate the true scale and cost of fraud to business and society. While findings vary and it is difficult to ascertain the full extent of fraud, all surveys indicate that fraud is prevalent within organisations and remains a serious and costly problem. Fraud may even be increasing due to greater globalisation, more competitive markets, rapid developments in technology and periods of economic difficulty. Despite the serious risk that fraud presents to business, many organisations still do not have formal systems and procedures in place to prevent, detect and respond to fraud. No system is completely fool proof, but business can take steps to deter fraud and make it much less attractive to commit. Management accountants, whose professional training includes information and systems analysis, have a significant role to play in developing and implementing anti-fraud measures within their organisations.

Topic Gateway Series

Corporate fraud

There are many types of corporate fraud, including the following common frauds: theft of cash, physical assets or confidential information misuse of accounts procurement fraud payroll fraud financial accounting mis-statements inappropriate journal vouchers suspense accounting fraud fraudulent expense claims false employment credentials bribery and corruption.

This topic gateway focuses on fraud perpetrated by those internal to the organisation. Businesses are also susceptible to fraud committed by outsiders, such as corporate identity theft, intellectual property fraud or cyber crime. The topic gateway is based on CIMAs publication Fraud Risk Management: a guide to good practice, which explores fraud risk management in greater depth.

Topic Gateway Series

Corporate fraud

Application
Internal fraud
There are three main categories of internal fraud that affect organisations. These are summarised in the following diagram.

Adapted from page 8 of Fraud Risk Management: a guide to good practice Further information on common types of internal fraud and methods of perpetration is included in CIMAs Fraud Risk Management: a guide to good practice.

Which businesses are affected?

Fraud is an issue that all organisations may face regardless of size, industry or country. If the organisation has valuable property, for example, cash, goods, information or services, then fraud is likely to be attempted.

The scale of the problem

There have been many attempts to measure the extent of fraud, but it is not easy to compile reliable statistics. One of the key aspects of fraud is deception, so fraud can be difficult to identify. Often survey results reflect only the instances of fraud that have actually been discovered. It is estimated that the majority of frauds go undetected. Some frauds may not be reported even when they are found. It is also often hard to distinguish fraud from carelessness and poor record keeping.

Topic Gateway Series

Corporate fraud

Although survey results and research may not give a complete picture, statistics indicate the extent of the problem. There is no doubt that fraud is prevalent within organisations and remains a serious issue. Some surveys put the proportion of companies suffering from fraud as high as 85%. Research shows that fraud is growing, with reported cases of fraud being much higher in 2008 than in 2007. Fraud is likely to continue to grow during economic difficulties. Organisations may need to keep a particularly close eye on their budgets during a recession, but organisations should see a return on their investment in fighting fraud. Surveys show that UK companies suffered average fraud losses of 1.75 million over a two year period. These figures exclude undetected losses and indirect costs to the business such as management costs or damaged reputation. Other research estimates that organisations lose as much as 7% of their annual revenues to fraud. Given the prevalence of fraud and the negative consequences, there is a compelling argument that organisations should invest time and resources in tackling fraud.

Fraud risk management

In order to manage the risk of fraud, organisations should periodically identify the risks of fraud within their organisation, using the process set out in the CIMA risk management cycle. The CIMA risk management cycle is an interactive process of identifying risks, assessing their impact, and prioritising actions to control and reduce risks.

Topic Gateway Series

Corporate fraud

Figure 2: The CIMA risk management cycle

Adapted from page 19 of Fraud Risk Management: a guide to good practice Fraud risks should be identified for all areas and processes of the business and then be assessed in terms of impact and likelihood. As well as the monetary impact, the assessment should consider non-financial factors such as reputation. Once the scale of risk has been assessed and understood, an organisation should implement an effective anti-fraud strategy for responding to fraud risks.

Topic Gateway Series

Corporate fraud

An anti-fraud strategy
An effective anti-fraud strategy has four main components: prevention detection deterrence response.

The following diagram summarises these components and the context within which an anti-fraud strategy sits. Figure 3: An effective anti-fraud strategy

Adapted from page 25 of Fraud Risk Management: a guide to good practice The training received by management accountants is a very good basis for implementing an anti-fraud strategy. Management accountants are expected to have a broad understanding of business processes. They also understand the systems and procedures that an efficient and effective organisation should have. A further asset is the ability to think and act logically, which is something the management accountant develops with experience.

Topic Gateway Series

Corporate fraud

The various components of an effective anti-fraud strategy are discussed in detail in CIMAs Fraud Risk Management: a guide to good practice. Some key points are summarised below. These anti-fraud approaches are generic and can be applied flexibly to different organisations and particular circumstances.

Fraud prevention
There are two main elements to fraud prevention: 1. A sound ethical culture. 2. Sound internal control systems.

Developing a sound ethical culture

In order to establish a sound ethical culture, CIMA recommends that organisations have: 1. A mission statement that refers to quality or ethics and defines how the organisation wants to be regarded externally. 2. Clear policy statements on business ethics and anti-fraud, with explanations about acceptable behaviour in risk-prone circumstances. 3. Management which is seen to be committed through its actions. 4. Fraud risk training and awareness for all employees and key business partners. 5. A process of reminders about ethical and fraud policies, for example, an annual letter and/or declarations. 6. Periodic assessment of fraud risk. 7. A route through which suspected fraud can be reported. 8. An aggressive audit process which concentrates on fraud risk areas.

Sound internal control systems

An internal control system comprises all those policies and procedures that collectively support an organisations operation. Internal controls typically deal with approval and authorisation processes, access restrictions, transaction controls, account reconciliations and physical security. These procedures often include the division of responsibilities, and checks and balances to reduce risk.

Topic Gateway Series

Corporate fraud

The number and type of internal controls that an organisation can introduce depends on its nature and size. Although fraud is prevalent across organisations of all sizes, sectors and locations, research shows that certain business models have greater levels of fraud risk than others. The control environment should be adjusted to fit with the degree of risk exposure. Where possible, internal controls should address warning signs and alerts to minimise fraud.

Fraud detection
It will never be possible to eliminate all fraud. No system is completely fraud proof because many fraudsters can by pass the control systems put in place to stop them. However, if an organisation pays greater attention to the most common indicators, this can provide early warning that something is wrong and increase the likelihood of discovering the fraudster. Fraud indicators fall into two categories: 1. Warning signs 2. Fraud alerts

Warning signs
Warning signs have been described as organisational indicators of fraud risk. Some examples are given below, categorised under the headings of business risk, financial risk, environmental risk and IT and data risk.

Business risk
Business risk can be indicated by the absence of an anti-fraud policy and culture, together with lack of staff management supervision. Bonus schemes linked to ambitious targets or directly to financial results can point to risky behaviour. Unusual staff behaviour patterns, for example, employees who do not take their annual leave allocation or who are unwilling to share duties, can also indicate business risk.

10

Topic Gateway Series

Corporate fraud

Other warning signs include: inadequate recruitment processes and no screening lack of job segregation no independent checking of key transactions inadequate access controls to physical assets and IT security systems poor internal control documentation large cash transactions.

Financial risk
Significant pressures on management to obtain additional finance can indicate a financial risk. Other signs include the extensive use of tax havens without clear business justification, along with complex transactions or financial products.

Environmental risk
This can occur when new accounting or other regulatory requirements are introduced. Highly competitive market conditions and decreasing profitability levels can also lead to environmental risk, as can significant changes in customer demand.

IT and data risk

Unauthorised access to systems gives rise to IT and data risk, as do rapid changes in information technology. Users sharing or displaying passwords is also highly risky.

Fraud alerts
Fraud alerts have been described as specific events, or red flags, which may indicate fraud. Some examples of fraud red flags are: . 11 discrepancy between earnings and lifestyle photocopied documents in place of originals missing approvals or authorisation signatures extensive use of suspense accounts inappropriate or unusual journal entries above average number of failed login attempts.

Topic Gateway Series

Corporate fraud

Fraud detection tools and techniques

Available tools and techniques for identifying possible fraudulent activity include: ongoing risk assessment trend analysis data matching exception reporting internal audit reporting mechanisms.

Fraud response
An organisations approach to dealing with fraud should be clearly described in its fraud policy and fraud response plan. The plan is intended to provide procedures which allow for evidence gathering and collation. In summary, a fraud response plan should include information under the following headings: purpose of the fraud response plan corporate policy definition of fraud roles and responsibilities the response the investigation organisations objectives with respect to dealing with fraud follow up action.

The fraud response plan should reiterate the organisations commitment to high legal, ethical and moral standards in all its activities, and its approach to dealing with those who fail to meet those standards. Organisations should be clear about how to enforce the rules or controls which are in place to counter fraud risks. They must also ensure that employees know how to report suspicious behaviour.

12

Topic Gateway Series

Corporate fraud

Reasonable steps for responding to detected or suspected instances of fraud include: clear reporting mechanisms a thorough investigation disciplining of the individuals responsible (internal, civil and/or criminal) recovery of stolen funds or property modification of the anti-fraud strategy to prevent similar behaviour in future.

There are lessons to be learned from every identified fraud incident. The organisations willingness to learn from experience is as important as any other response. Organisations should examine the circumstances and conditions which allowed the fraud to occur, with a view to improving systems and procedures so that similar frauds do not occur in future.

Fraud deterrence
It is clear from the diagram in Figure 2 that the various elements of an effective anti-fraud strategy are closely interlinked. Each plays a significant role in combating fraud, with fraud deterrence at the centre. Fraud detection acts as a deterrent by sending a message to likely fraudsters that the organisation is actively fighting fraud and that procedures are in place to identify any illegal activity. The possibility of being caught will often persuade a potential perpetrator not to commit a fraud. There should also be complementary detection to counter the fact that the prevention controls may be insufficient in some cases. It is also important to have a consistent and comprehensive response to suspected and detected fraud incidents. This sends a message that fraud is taken seriously and that action will be taken against perpetrators. Each case that is detected and investigated should reinforce this deterrent and act as a form of fraud prevention.

13

Topic Gateway Series

Corporate fraud

References
Report to the Nation on Occupational Fraud and Abuse. (2008). Austin, TX: The Association of Certified Fraud Examiners (ACFE) Available from: www.acfe.org [Accessed 12 March 2009] Fraud risk management: a guide to good practice. (PDF 1,238Kb). CIMA Technical Guide, January 2009, London: CIMA Available from: www.cimaglobal.com/fraud [Accessed 12 March 2009] Kroll Global Fraud Report Annual Edition 2008 /2009. Kroll and the Economist Intelligence Unit. (2008 /2009). Available from: www.kroll.com/about/library/fraud [Accessed 12 March 2009] Economic crime: people, culture and controls the 4th biennial global economic crime survey 2007. (2007). PricewaterhouseCoopers. Available from: www.pwc.com/crimesurvey [Accessed 12 March 2009]

Further Information
CIMA Publications
Iyer, N. and Samociuk, M. Rotten to the Core in CIMA Excellence in Leadership, 2007, Issue 2, pp 46-49 Turner, C. (2007). Fraud risk management: a practical guide for accountants. London: CIMA Managing responsible business. (2008). A survey which explores how companies are managing their ethical performance and how this will affect the finance function. (PDF 2MB). London: CIMA/Institute of Business Ethics. Available from: http://digbig.com/4ykrt [Accessed 12 March 2009] CIMA Fraud and Risk Working Group. (2002). Risk management: a guide to good practice. Oxford: Elsevier. (CIMA Research Series)

14

Topic Gateway Series

Corporate fraud

Articles
CIMA members can obtain articles on this topic from the Business Source Corporate database, which can be found in the CIMA Professional Development section of the CIMA website. www.cimaglobal.com/mycima [Accessed 12 March 2009] Burrowes, A. and Sipple, S. Corporate accountability and continuing fraud. Chartered Accountants Journal, November 2007, Volume 86, Issue 10, pp 70-71 Christie, J. Credit crunch sparks corporate fraud fear. Accountancy Age, 02/07/2008, p. 2 Dilger, K. Kroll: Corporate fraud is almost 100-per cent preventable. Manufacturing Business Technology, January 2008, Volume 26, Issue 1, p. 26 Finn, J. and Cafferty, D. Defence mechanism. CIMA Financial Management, September 2002, pp 26-27 Goldmann, P. Corporate fraud is here to stay. Internal Auditor, December 2006, Volume 63, Issue 6, p. 96 Hawser, A. Corporate fraud on the rise despite SOX. Global Finance, July/August 2007, Volume 21, Issue 7, p. 4 Langnan, C. and Weibin, L. Corporate governance and fraud: evidence from China. Corporate Ownership and Control, Spring 2007, Volume 4, Issue 3, pp 139-145

Books
Coenen, T. (2008). Essentials of corporate fraud. Hoboken, NJ: Wiley; Chichester: John Wiley [distributor]. (Essentials Series) Iyer, N. and Samociuk, M. (2006). Fraud and corruption: prevention and detection. Aldershot: Gower Luijerink, D. (2008). Corporate and financial fraud. Kingston upon Thames: Croner CCH Pickett, K.H. Spencer. (2007). Corporate fraud: a managers journey. Hoboken, NJ: Wiley; Chichester; John Wiley [distributor] Ramage, S. (2006). A comparative analysis of corporate fraud. New York: iUniverse Ramage, S. (2006). Fraud: the company law background. New York: iUniverse 15

Topic Gateway Series

Corporate fraud

Webley, S. (2003). Developing a code of business ethics: a guide to best practice including the IBE illustrative Code of Business Ethics. London: Institute of Business Ethics Wells, J.T. (2007). Corporate fraud handbook: prevention and detection. 2nd ed. Chichester: Wiley

Guides and Surveys

Economic crime: people, culture and controls the 4th biennial global economic crime survey 2007. (2007). PricewaterhouseCoopers. Available from: www.pwc.com/crimesurvey [Accessed 12 March 2009] Fraud Advisory Panel. (2006-2007). Ninth annual review 2006-2007: ethical behaviour is the best defence against fraud. Available from: http://digbig.com/4ykrw [Accessed 12 March 2009] Education, Events & Training Working Group, Fraud Advisory Panel. (February 2006). Fighting fraud: a guide for SMEs. (PDF 68Kb). 2nd ed. Available from: http://digbig.com/4ykrx [Accessed 12 March 2009] Education, Events & Training Working Group. Fraud Advisory Panel. (February 2006). Sample Fraud Policy Statements. (PDF 552Kb). Available from: http://digbig.com/4ykry [Accessed 12 March 2009] Institute of Internal Auditors, Association of Certified Public Acountants, Association of Certified Fraud Examiners. (2008). Managing the business risk of fraud: a practical guide Profile of a fraudster survey 2007. (2007). London: KPMG Available from: http://digbig.com/4yksa [Accessed 12 March 2009] Managing the risk of fraud. May 2003. London: HM Treasury Professional Accountants in Business Committee. (2006). Defining and developing an effective code of conduct. New York: IFAC

16

Topic Gateway Series

Corporate fraud

Websites
Fraud Advisory Panel Registered charity which raises awareness of the human, social and economic damage caused by fraud. Helps individuals and organisations to develop preventative strategies. Available from: www.fraudadvisorypanel.org [Accessed 12 March 2009] National Fraud Strategic Authority Part of the Office of the Attorney General formed to address the challenges of fraud. Available from: http://digbig.com/4yksb [Accessed 12 March 2009] Public Concern at Work (PCaW) Independent authority on public interest whistleblowing. Available from: www.pcaw.co.uk [Accessed 12 March 2009] Serious Fraud Office Government department and part of the UK criminal justice system. It exists to pursue and prosecute those who commit serious and complex fraud. Available from: www.sfo.gov.uk [Accessed 12 March 2009] Serious Organised Crime Agency (SOCA) SOCA is sponsored by, but operationally independent from, the Home Office. It exists to enforce the law and to reduce harm caused to people and communities by serious organised crime. Available from: www.soca.gov.uk [Accessed 12 March 2009] World Bank Anti-Corruption Resource Center Available from: http://digbig.com/4yksc [Accessed 12 March 2009]

17

Topic Gateway Series

Corporate fraud

Copyright CIMA 2009 First published in 2009 by: The Chartered Institute of Management Accountants 26 Chapter Street London SW1P 4NP United Kingdom Printed in Great Britain

No responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication can be accepted by the authors or the publishers. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means method or device, electronic (whether now or hereafter known or developed), mechanical, photocopying, recorded or otherwise, without the prior 18 permission of the publishers. Permission requests should be submitted to CIMA at tis@cimaglobal.com