How to Find and Stop Fraud Within Your Organization
This article is by Craig Hirsch, a manager in the forensic and regulatory compliance consulting practice at the CPA firm Kaufman, Rossin. He specializes in forensic accounting, anti-money laundering and counter terrorist financing, financial intelligence, corporate investigations, dispute consulting, and fraud risk assessments, and can be reached at email@example.com.
The Association of Certified Fraud Examiners tells us that the typical organization loses 5% of its annual revenue to fraud. You might think, in response: “Not us. We’re so small there’d be no way to hide it.” Or, “Not us. Our employees have been with us forever. They’d never do anything to hurt us.” Or, ”Not us. Our auditors are as thorough as they come. They would have noticed.”
But that is wrong, and it puts your business at risk. Actually the ACFE’s research has consistently shown that small companies are equally victimized by fraud; fraud is frequently perpetrated by loyal, long-tenured employees; and, shockingly enough, external audits detect frauds only a fraction of the time (4.6%). In fact, 40% of frauds that are detected are found because of a tip. Yet despite the importance of tips, the least frequently implemented anti-fraud control is rewards for whistleblowers (7.4%), and hotlines are not ranked as leading anti-fraud tools. Why?
Whistleblowers have a history of being treated with less than dignity and respect, considering their courage and bravery. Consider a recent case where a federal judge limited the definition of a whistleblower. An accounting employee at a public company had worked for 31 years in the accounts payable department. When he refused to process event expenditures because he considered them improper, he soon became the target of an internal investigation and told not to bother with his scheduled performance review. Interestingly enough, the company’s tax department later declared that some of the event costs had been improperly categorized as business expenses. The accounting employee sued the company, alleging that it had retaliated against him. But a Federal judge ruled that he failed to qualify for whistleblower protection because his complaint focused on tax treatment and internal company procedures, noting that the complaint never alleged that the fraud was one that would harm investors.
After reading about such a case, why would anyone risk their career to report wrongdoing to management? The Dodd-Frank law makes it even more complicated for public companies. It puts significant rewards in place to encourage whistleblowers to report their tips to the Securities and Exchange Commission—up to 30% of monetary sanctions in $1 million-plus matters—and adds protection from retaliation. The SEC allows whistleblowers to internally report matters and still be eligible for SEC rewards (assuming they report to the SEC within 120 days), but a volatile environment for whistleblowers has now become even more complicated.
What can companies do differently to encourage employees to come forward with tips without fearing retaliation? I have three recommendations.
First, change the perception. A common problem with current hotlines is their stigma and negativity. Employees are concerned about being labeled tattletales or snitches. So why not expand the hotline’s purpose? A recent article in Fraud Magazine suggests having them encompass process improvements, safety issues, quality control enhancements, human resource suggestions, vendor comments, general complaints, and general employee suggestions. Remove the stigma and make the hotline more appealing.
Next, add a reward. If you sincerely want to change the perception of a hotline, put your money where your mouth is. Consider offering cash rewards for tips that save money through process improvement, as well as for tips that identify fraud, waste, and abuse. Monetary rewards can be a percentage of the savings, but companies can get creative with other reward ideas, too, such as extra days of vacation, tickets to sporting/recreational events, or even donations to the charity of the employee’s choice.
Finally, remember that it starts at the top. The Olympus case has made, and continues to make, blockbuster headlines. Michael Woodford worked for Olympus for 30 years, moved up from salesman to chief executive, and was fired two weeks later. He had become aware of articles published in a little-known Japanese publication that questioned exorbitant fees Olympus paid consultants and the extravagant purchase prices of three small companies. There were allegations that Olympus was involved with a deceptive accounting practice known in Japan as “tobashi,” where companies hide losses by selling bad assets (e.g., investments that went sour) to other companies (often ones owned by the parent company), then buying them back in good times, perhaps using “advisory fees.” When Woodford confronted Chairman Tsuyoshi Kikukawa and Executive Vice President Hisashi Mori about the allegations, he didn’t get encouraging responses. He wrote several e-mails to them, to the entire board of directors, and even the outside auditors, expressing his concerns.
In October 2011, Woodford asked for Kikukawa and Mori to resign, but instead the board fired Woodford. In November 2011, new president Shuichi Takayama admitted that the company’s accounting practice had been “inappropriate” and that money had been used to cover losses on investments dating back to the 1990s, culminating in a nearly $1.7 billion dollar fraud. Olympus blamed the inappropriate accounting on Kikukawa, Mori, and former auditor Hideo Yamada.
It all begs a question: If the CEO can’t be a respected whistleblower, who can? It starts at the top. If the board of directors and chairman are not interested in legal and ethical practices, hotlines and whistleblowers serve no purpose. It is only when there is commitment to integrity from the highest possible places that a company will be effective in its implementation and use of hotlines.
It is clear from the research that hotlines can help many more companies protect themselves from fraud. The question is: Is your business willing and able to make the changes that allow a hotline to be effective?