Please note…

You are now on the ey.com Global site. To return to the ey.com United States site or other country site, click on the Global (English) link on the upper right of this page, and select your preferred country site.

x
Skip to main navigation

11th Global Fraud Survey - Combating fraud: doing more with less - Ernst & Young - Global

11th Global Fraud SurveyCombating fraud: doing more with less

Just as anti-fraud and anti-corruption initiatives gained traction, the downturn eroded the resources needed to support them.

The novelty of fighting fraud and corruption may have worn off, and so too, perhaps, has the sense of urgency.

Our 10th Global Fraud Survey indicated that the issue was already a high-profile item on corporate agendas, causing concern for middle managers and directors alike.

Widespread awareness of the reputational, legal and commercial risks led many companies to put in place the basic elements needed to detect fraud and ensure compliance with anti-corruption statutes. But a robust, sustainable fraud and corruption risk management framework still eludes the majority of companies.

Recent experiences of fraud

Many companies are still falling victim to fraud.

16% of respondents to the present survey reported that their company has experienced a significant instance of fraud in the past two years. In Western Europe, home to more than a quarter of our survey respondents, this number increased from 10% to 21%

Given the credit crunch and the ensuing recession in most economies over the last two years, perhaps this is not surprising.

The financial crisis has increased the pressure on those at the top of major companies to maintain corporate results in ever more difficult conditions. The financial crisis has also caused companies to look more closely at their costs and the quality of their earnings, which has led to more pre-existing fraud schemes being detected.

Tightening budgets weaken anti-fraud programs

Yet just as anti-fraud and anti-corruption initiatives gained traction, the downturn eroded the resources needed to support them. More effort is now expected from in-house resources, particularly internal audit groups, just as many entities are forced to make cuts in personnel, site visits and other vital elements of an anti-fraud program.

Personnel reductions are particularly significant, as many of those cut are middle managers or other functions that are core to an effective control environment. Without them, the separation of duties and other key internal control systems will suffer.

The greater effort now expected from the remaining resources has complicated the move from awareness to action that is fundamental to managing fraud and other enterprise risks.

Compliance and reporting fraud

Many corporations are realizing that putting an optimal compliance program in place may take more than a single budget cycle. The response by companies to the heightened risk of fraud appears generally patchy and disjointed.

Types of response to the first
report of fraud and bribery

This can partly be explained by the impact of budgetary constraints on the appetite for taking appropriate procedures to mitigate fraud risk. In many cases it reflects initial support for initiatives that is not backed up by sustainable top-level commitment to complete the task and create a lasting program.

This may be less a matter of money than structure and discipline.

When we asked how companies typically respond to an initial report of fraud, around half picked four of the five options offered. But all five are part of a robust response —

  • a clear reporting structure
  • well-defined roles for the different investigative functions involved
  • clear disciplinary procedures
  • processes for analyzing the root causes of the incident
  • a documented response plan.

Our North American respondents come closest to appreciating this, but Western Europe, where instances of fraud have doubled over the last two years, still has some way to go toward deploying all of the components of a robust response program.

Tick-box mentality leads to missed opportunities

Another aspect of failing to implement a robust anti-fraud program might be called a tick-box mentality.

Here, the elements are put in place but not properly embedded within the overall culture of the organization.
One example is the whistle-blower hotline.

More than half of the companies with a whistle-blower hotline in place told us they have seen usage rise over the last two years, yet it is not always clear who has responsibility for evaluating and responding to these reports.

Even the obvious elements of a strong anti-fraud program are often missing.

A database of fraud incidents and investigations can be crucial for detecting shortcomings in current policies and procedures. Yet only 52% of our respondents from internal audit and compliance said their company maintained such a database.

Failing to take the time to draw lessons from previous incidents to strengthen current policies and monitoring approaches results in a missed opportunity to maximize available resources in a time of constraint.

Assessing fraud risks should not be optional

While two-thirds of companies have carried out a fraud risk assessment in the last year, there remains a core group of companies that have never formally assessed fraud risk

Frequency of fraud
risk assessments

Performing such an assessment will help to prioritize actions to deal with the most significant fraud risks and is therefore fundamental when budgets and resources are scarce.

Other proactive measures should be designed to engage everyone in the organization. Introducing a formal code of ethics and organizing regular compliance training for all staff will help drive key messages.

The training can be tailored by grade or role but should be designed to ensure that all employees are familiar with the issues and are aware of their responsibilities both to act appropriately and report any fraud or corruption suspicions.

As many national anti-corruption statutes also cover third parties’ and agents’ activities, companies should consider reviewing these entities’ code of ethics and training programs, too.

Performing due diligence

In high-risk industries or geographies, we also encourage management to contemplate performing due diligence and/or mandating rights to audit compliance before entering into any additional third-party relationships. Continuing to assess their compliance on an ongoing basis is also important.

To reinforce this message of shared responsibility, employees and related parties could be required to sign off annually that they are aware of their responsibilities and have complied with the relevant internal policies.

Similarly, statements from the board that inappropriate activity will not be tolerated will help to instill a collective culture of fraud and corruption risk management.

Menu

Contacts

Download

Feedback

Back to top