PHorensically Speaking

In this episode two of a two-part podcast series on Phorensically Speaking, Jonathan Marks looks at corporate governance approaches to consider when evolving your leadership and creating or enhancing your Board. Corporate governance encompasses systems and processes that support sound decision making and prevent or dissuade potentially self-interested persons from engaging in activities detrimental to the welfare of stakeholders. Learn about the key elements and here commentary about why corporate governance helps in deterring fraud.

In this episode of Phorensically Speaking, Jonathan Marks looks at corporate governance approaches to consider when evolving your leadership and creating or enhancing your Board. The health of our capital markets depends, as it always has, on individuals practicing in an ethical way...on us being able to trust the words and deeds of others... and especially, on the integrity of corporate financial information.  Business Practices & Ethics drives the other components of the Governance Framework. It requires a continuous effort, reinforcement, and on-going training. Without it, you could and probably will fail because everyone believes they’re ethical, no matter what they’re doing. Corporate governance encompasses systems and processes that support sound decision making and prevent or dissuade potentially self-interested persons from engaging in activities detrimental to the welfare of stakeholders. Learn about the key elements and here commentary about why corporate governance helps in deterring fraud in this Part 1 of a two part podcast series.

Some of the biggest mistakes made when handling a crisis are not dealing with the problem head on, thoughtless or insincere comments, lack of communication with stakeholders, unprepared spokespeople, getting defensive after receiving backlash, or, sitting back and letting the problem grow. Domino's, Sony, Samsung, BP, United Airlines, Equifax, KFC, are all good examples of companies who stumbled with crisis management.  Organizations should study these crises and learn from the mistakes!  In this podcast Jonathan Marks provides an overview of crisis management and its elements - prepare, respond, contain, recover, and remediate. He also discusses the board of directors role.

In this episode, Jonathan Marks considers both tone and conduct from the top of an organization. The nature of a corporate culture can be the difference between a thriving and a beleaguered organization, and it all starts at the top! The control environment – that is, the overall attitude, awareness, and actions of directors and management regarding the internal control system and its importance to the organization – is the key to setting the tone of the organization because it influences the “control consciousness of its people.” Factors that contribute to the control environment include, but are not limited to –

·      Integrity and ethical values communicated by executive management in speaking and writing and demonstrated by action;·      Responses to incentives and temptations – clear policies and actions that prohibit the acceptance of inappropriate gifts, for example;·      Moral guidance, as communicated through a code of business conduct and ethics;·      A commitment to competence, as demonstrated by robust human resource policies and clear job descriptions for the purpose of hiring and retaining qualified people;·      A board of directors and audit committee that are engaged, ask questions, and take appropriate action;·      A management philosophy and operating style that place high value on risk assessment and internal control;·      A well-defined organizational structure that is appropriate to the company’s size and complexity;·      Appropriate assignment of authority and responsibility, with well-defined authority and duties that are appropriately segregated to prevent or detect error and fraud;·      Human resource/capital recruiting and retention policies and practices to ensure that human capital is valued; and,·      Ways to settle internal differences, such as a forum to discuss and settle differences of opinion between management and employees.

In any organization, the buck stops with the CEO: He or she has ultimate responsibility for the internal control system. For additional reading see the article Tone from the Top, It Dissipates!

The board of directors, in concert with the CEO and others, set the tone and conduct for corporate behavior throughout the organization, and is the most important element for promoting honesty in a company. In this episode, we’re talking about tone and conduct from the top. 

Trends 

Corporate greed at the executive level has destroyed hundreds of companies. Many CEOs over the years have been sued over white collar crimes, and this sends a clear — though perhaps unintentional — message to their employees that committing fraud is acceptable, so long as it makes the company seem acceptable. 

That’s simply not the case, and is a prime example of setting the wrong tone and conduct from the top. At the same time, there are no regulatory rules or accounting standards that define exactly what the tone and conduct at the top should be. 

So we need to be mindful. When our companies are doing really well, we might slip into “Perfect Place Syndrome," and all the hard work and effort you put into building a company culture that is mindful of ethical breakdowns could be wiped out in an instant. 

Gaps

The control environment: This is key to setting the right tone and conduct of the organization, because it influences the control consciousness of its people. For example, do you have a Code of Business Conduct and Ethics? 

A commitment to competence: Don’t take shortcuts, and don’t hire people that don’t fit within your organization. 

Board of Directors and audit committees: Are they engaged? Do they ask questions and take appropriate action?

Management philosophy and operating style: This needs to place a high value on risk assessment and internal control and, more importantly, encourage a “speak up” environment. If people feel like what they’re going to say will fall on deaf ears, they may not speak up at all.

Well-defined organizational structure: Do people know what their roles and responsibilities are? How about their reporting channels and the communication protocols? 

Appropriate assignments and authority and responsibility: Are there well-defined duties that are appropriately segregated to prevent and detect errors or fraud? 

Human resources: Your recruiting and retention policies and practices should ensure that human capital is valued. 

Chief Executive: The buck stops with them. They have the ultimate responsibility for the internal control system, and a positive control environment is a big part of maintaining effective internal controls. 

Challenges

It is crucial for company success for executives and management to set an example of ethical behavior on the job, otherwise, they are creating an entire organizational culture of fraud. 

ABC Theory of Fraud: You have one bad apple, you create a bad bunch, and the next thing you know, you have a bad crop. So what should have been an isolated incident may manifest itself in other parts of your organization. When employees are under pressure to meet unrealistic goals, they’re often faced with a choice of whether or not to do whatever it takes, no matter how improper, to achieve those goals. 

Solutions 

Personnel changes are not always warranted. Education and formal training in some cases might accelerate the general adoption of a more ethical corporate culture in an organization. It is really important that senior management position themselves to communicate to employees what is expected of them, lead by example, and provide a safe mechanism for reporting violations and rewarding integrity. Employees need to see management demonstrating a commitment to their ethics principles. The message must be communicated consistently and reinforced with actions.

On this episode, we’re putting Freud to fraud and getting inside the minds of crooks. Today’s white collar criminals have decades of technological evolution at their fingertips, creating new opportunities for fraudsters to inflict crippling loss to organizations. Which means it’s time to update and expand the elements of the traditional Fraud Triangle, to account for this new and vastly different world.

The Fraud Pentagon

Donald Cressey created the original concept of the Fraud Triangle way back in the 1950s to explain why someone might decide to commit fraud. The three original elements of the triangle are Pressure, Opportunity, and Rationalization, but we need to be gravitating more toward the advanced meta-model of fraud which also considers the act of concealment strategy and the conversion piece.

This introduces two new elements to the Fraud Triangle, expanding it into the Fraud Pentagon: 

Arrogance, especially unchecked arrogance, enables individuals to see themselves as superior or entitled to the point where policies and laws simply do not apply to them.

Competence contributes in two ways: a greater understanding of procedures expands on the Fraud Triangle’s Opportunity element, but it also enables them to create a wall of trust that shields them from suspicion.

Get inside the mind of a fraudster 

Let’s take a look at Sam Antar, the CFO of Crazy Eddie. 

For Antar, arrogance was not only the foundation on which Crazy Eddie was built, it was the soil on which the seeds of fraud were planted. Most people aren’t willing to start a public company for the main purpose of defrauding the public, and as far as this fraudster goes, it takes a real amount of arrogance to do that. 

His actions also perfectly represent the two ways a fraudster can use competence to steal. He knew the business of accounting and how to socially control the situation to Crazy Eddie’s advantage. He was a nice guy. He knew he had to get people to like him, trust him, and respect him to lower their levels of skepticism. If you’re nice to people, they’ll be nice to you — like looking away or not asking the tough questions. 

What you can do

By utilizing all five elements, you’re going to be more able to identify potential risks beyond legitimate individuals who simply have arrogance and competence as part of their persona. 

First, start with a hands-on cultural assessment to determine the ethical pulse of your organization. Next, make it known to your board and ethics team that you have zero fraud tolerance within the organization, including at the top. Finally, make periodic checks to monitor the pressure points and values that affect individual behaviors. 

Final thoughts

We need to pay more attention to the human element of fraud. In doing so, we’ll understand fraud a lot better and be able to build more effective controls. 

Corruption can take many forms, but its root causes often include a conflict of interest and possibly some type of collusion. In this episode, we’re illustrating these concepts and how they intertwine, and what you can do to proactively make sure your organization is secure.

Where there is collusion, there may also be a conflict of interest

While this type of fraud doesn’t necessarily involve a third party, it does involve the employee. In this case, they’re using their role as an employee, but acting outside their capacity to collude with another party for their personal benefit.

Fraud generally involves an act of concealment, but frauds that include collusion usually occur off the books. There’s nothing to conceal as there is nothing on record. In this instance, the concealment is in not disclosing the potential conflicts of interest — which can present significant fraud risks.

There are guidelines for this, like the ICC Guidelines on Conflicts of Interest in Enterprises, that recommend close monitoring and regulation of actual or potential conflicts of interest. The guidelines have examples, a discussion on communication and training, and four dilemma scenarios that are fantastic to use as a training aid.

Some common conflict of interest schemes

The Purchase Scheme involves overbilling a company for goods and services by a vendor in which an employee has an undisclosed ownership or financial interest.

The Sales Scheme involves the underselling of company goods and services by an employee to a company in which the employee maintains a hidden interest.

Activities that can create a possible conflict of interest

Nepotism:the practice of giving favors to relatives and close friends (e.g. by hiring them)

Cronyism: the appointment of friends and associates to positions of authority without proper regard to their qualifications

Self-dealing: when someone in a position of responsibility has an outside conflict of interest and acts in their own interests rather than the interest of the organization

Code of Conduct

The Sarbanes-Oxley Act Section 406c requires that all US-listed companies maintain a code of conduct, and the New York Stock Exchange Corporate Governance Rules requires companies to adopt and disclose its corporate governance guidelines and code of business conduct and ethics. So if you’re a publicly traded company, your code of conduct must define conflicts of interest — a good policy, regardless.

Final thoughts

Conflicts of interest can be problematic if not understood and managed appropriately. They increase the risk of bias and poor judgment, and usually never end well. When it comes to fraud risk management, Compliance and Internal Audit need to understand conflicts of interest and address them accordingly. All conflicts of interest must be documented in writing and make sure there is proper monitoring in place, so that your company is proactively dealing with these issues.

Resources

ICC Guidelines on Conflicts of Interest in Enterprises

The Sarbanes-Oxley Act of 2002 

Sections mentioned:SOX Section 302SOX Section 906SOX Section 404 SOX Section 406SOX Section 406cNew York Stock Exchange Corporate Governance RulesCheck: Provision 10