None of the executives we interviewed had full confidence in all aspects of their fraud and corruption risk management strategies, and most had more confidence in the other functions than they did in themselves.
Having managed through the financial crisis of the last two years, many companies are beginning to focus on growth.
Achieving growth often means planning expansion into new international markets or looking again at potential acquisition targets. Both of these may mean doing business in new geographies, some of which may bring particular fraud, bribery and corruption risks.
Establishing a robust compliance environment to mitigate these risks requires real investment — in leadership time, people, technology and training.
Demonstrating that all of this effort is making a difference — that the firm itself is committed to ethical growth — is a critical business imperative.
Our experience with corporate clients, however, suggests that this is not a simple undertaking.
Developing a code of conduct is one thing, but actually putting it into practice is a much more challenging exercise.
Embedding a strong compliance mentality within the organization requires substantial training and investment, as well as sensitive handling of different cultural practices. Harder still, staff operating in local markets need to understand that their actions must comply with the standards set by remote, less culturally-sensitive regulators.
Responding to fraud or corruption allegations can create further difficulties. Companies need to react swiftly — often within 24 hours — to gauge the impact of the allegations, to establish an effective crisis management approach, and to identify and secure the relevant evidence.
Careful consideration also needs to be given as to how to handle a whistle-blower and what immediate steps to take to substantiate the allegations.
Any subsequent investigation will likely introduce additional complications. For example:
- Who should be involved — legal, human resources, finance, internal audit, security, the board?
- What is the division of responsibility between these functions?
- At what stage should regulators and auditors be informed?
- If the allegations relate to third parties, what further steps need to be taken?
As the new UK Bribery Act demonstrates, regulators are being given new tools to scrutinize companies and executives historically outside their jurisdiction and impose tougher sanctions where necessary. Companies therefore need to consider possible cross-border investigations and parallel proceedings when designing a response plan.
The 11th Global Fraud Survey
With these issues in mind, EY undertook the 11th Global Fraud Survey.
We sought out chief financial officers (CFOs) and heads of legal, compliance and internal audit to get their views on how companies are managing the risks associated with fraud, bribery and corruption.
More than 1,400 interviews were conducted in 36 countries, and the results make for important reading.
Despite the significant time and money already spent by many companies, our respondents' confidence in the effectiveness and level of adherence to internal compliance programs varied widely, both by geography and role.
None of the executives in the functions interviewed had full confidence in all aspects of their fraud and corruption risk management strategies, and most had more confidence in the other functions than they did in themselves.
However, those interviewed were more consistent when it came to concerns for the future.
Many of these concerns relate to corruption and competition risks arising from the drive for growth.
Due diligence is obviously key to managing the risks arising from acquisition.
But both these risks and the confusion that seems to permeate so many compliance regimes can be mitigated by clear communication from the top. A strong commitment to ethical growth will encourage employees to live the values of the company and will better position the company to deter fraudulent schemes taking hold when growth returns.
It will also send a message to third parties, regulators and the public that the company takes its responsibilities seriously and is willing to take appropriate action to deal with aberrational behavior.
The survey was conducted in 2009 and 2010 on behalf of EY's Fraud Investigation & Dispute Services practice. We would like to acknowledge and thank all respondents for their time and insights.