by Cesar Bacani, 01 August 2011

Here’s food for thought for senior finance executives in Asia and elsewhere. The CFO, finance controller or finance manager you’re working with is potentially a fraudster.
 
According to a global study by KPMG, the typical company fraudster works in the finance function or is in a finance function role. In addition, this fraudster is usually:
    Male
    Aged 36 to 45
    Holds a senior management post
    Works in collusion with another perpetrator
    Targets his own employer
    Has been working for that same employer for more than ten years

In “Who Is a Fraudster?,” KPMG analysed 348 actual fraud investigations carried out by its member firms’ forensic specialists in 69 countries from January 2008 to December 2010. Each case is a ‘white collar’ crime where a clear perpetrator has been identified.
 
The frauds examined included material misstatement of financial results, theft of cash and/or other assets and abuse of expenses. The study excluded cases of no material value, acts of misconduct and those lacking in sufficient detail.
 
Wherever possible, the latest findings are compared with a predecessor fraud study released in 2007 on the Europe, Middle East and Africa region. North America and Asia Pacific were not part of that study.
 
Fraud in Asia
One worrying finding is that the money lost to fraud in Asia is the largest in the world. The average loss per case in the region is US$1.5 million, which is higher than in North America (US$1.2 million), Western Europe (US$900,000) and South America (US$800,000).
 
“The value of fraud keeps going up in Asia Pacific and that, I believe, is because the economy is booming here,” says Rohit Mahajan, executive director of KPMG’s forensics practice in India. “However, companies are too focused on the front end [of growing the business] . . . so red flags get ignored or treated as one-offs.”
 
The result is that fraud in Asia Pacific tends to go on for years and years before it is discovered. By then, “the value of the deception has multiplied,” says Mahajan.
 
According to the KPMG analysis, the duration of a fraud in Asia is five years on average, the longest in the world. About 16% of the cases are not detected until ten years or longer. In Western Europe and North America, only 3% of fraud goes undetected for ten years or more.
 
In South America, Africa and the rest of Europe, none of the instances of fraud investigated by KPMG forensics lasted more than ten years. In South America, the average time from inception to detection of fraud is 2.1 years.
 
“This is possibly because employees in Asia tend not to challenge their superiors or to rock the boat as much as in Western Europe or North America,” the report speculates.
 
The long lead time from the start of the fraud to its detection also raises questions about the effectiveness of controls, management oversight and responses to red flags in Asian firms.

Why Commit Fraud?
The recently passed (and possibly about to recur) global financial crisis appears to be a factor in the recent incidence of fraud globally. “In more austere times,” observes KPMG, “formerly trustworthy employees affected by adverse changes in their personal circumstances might be more tempted to commit fraud when they spot an opportunity.”  
 
The primary type of fraud detected from 2008 to 2010 is misappropriation of assets. Four out of ten cases related to misappropriation, including embezzlement and procurement fraud, which is about the same level as in the 2007 analysis.
 
The second type of fraud is fraudulent financial reporting, which is linked to attempts to conceal losses or poor performance. This may “possibly be due to pressures to meet budgets and targets, to enhance bonuses or to safeguard against loss of employment,” KPMG theorises.
 
“Companies that fall victim to misreporting and other types of fraud should consider whether they set too onerous targets and exert excessive pressure on employees to achieve them,” the report suggests.
 
“Faced with criticism about underperformance or concerned by the threat of a reduced bonus or loss of employment, staff might be tempted to hype up their performance by misstating results or to guard against potential financial hardship by defrauding the business.”
 
KPMG believes that companies which “set realistic and achievable targets for employees” tend to experience fewer cases of fraud. This is also true of organisations that make intolerance of fraud part of the corporate culture.
 
Hotbeds of Fraud
The analysis shows that 32% of the fraud cases examined were perpetrated by someone in finance (2007: 36%), which is the highest proportion. The other hotbeds of fraud are the CEO’s office (26% versus 11% in the 2007 analysis) and operations and sales (25% versus 32% in 2007).
 
Surprisingly, only a few fraudsters worked in procurement (8% versus 9% in 2007). The unit most likely to be free of fraudsters is the legal office (0% versus 2% in 2007).
 
KPMG attributes the tendency for fraud to occur in finance to “significant temptation and opportunity to commit and conceal acts of fraud” that is possible in this key department, which gives staff “access to and responsibility for corporate assets, financial reporting and credit lines.”
 
Across the globe, a fraudster is more likely to be a man (87% versus 85% in 2007) than a woman. Comparatively, however, the chances that a woman will commit fraud is relatively higher in Asia (23%) and North and South America (22%) than in Europe, Middle East and Africa (8%).
 
This gap seems to reflect the gender make-up of companies in general, KPMG concludes. There are fewer women in senior positions in ‘old Europe’ and Africa compared with other regions in the world, which means women have fewer opportunities in these places to commit fraud.
 
A fraudster is more likely to be found among the ranks of senior management than in junior posts. “People most often entrusted with a company’s sensitive information and able to override controls are statistically more likely to become perpetrators,” says the report.
 
A third (35%) of all fraud cases KPMG examined were perpetrated by someone in senior management, the highest proportion. Middle managers came next (29%), followed by ordinary staff (18%).

Interestingly, the proportion of senior managers found to be involved in fraud is now lower than it was four years ago, when the 2007 analysis found that nearly half (49%) of all cases studied involved senior management.
 
“In part, this is connected to the fact that fraud prevention programs have been launched at the senior management level in many places,” says Anne van Heerden, Head of Risk & Compliance at KPMG Switzerland.
 
Finally, length of service appears to be a factor in fraud. Six out of ten fraudsters had worked at the company for more than five years before their misdeeds were uncovered. A third – 33% -- had been with the organisation for more than ten years.
 
KPMG does not believe that the fraudster joined the company with the intent to commit fraud because the average fraud has been perpetrated for over three years by the time it is discovered, whereas the fraudster has been with the company for more than five years.
 
“Changes in personal circumstances or pressures to meet aggressive work targets may influence the onset of fraudulent activity,” says the report. Employees may turn to fraud “once they have gained the trust and respect of colleagues and have identified weak controls and opportunities to exploit the business.” 
 
Flapping Red Flags
Based on its analysis and the experience and expertise of its forensics specialists, KPMG compiled a checklist of organisational characteristics and employee behaviours that represent red flags for potential fraud. They include:
 
Organisational characteristics

    Difficult relationships and a possible lack of trust between the business and the internal/external auditor
    Excessive secrecy about a function, its operations, and its financial results
    Some practices within a function do not appear to be straightforward and may even be illegal or unethical
    Excessive pressure is exerted on employees to meet high expectations for the business
    Excellent business performance while other industry players are struggling
    Profits are reported to be increasing but cash flows are not
    Multiple banking relationships, which tend to reduce the transparency of finances
    High staff turnover within a function
    Complex/unusual payment methods, agreements with certain suppliers/customers

 Employee behaviours

    Has opportunities to manipulate personal pay and reward
    Refuses or not seek promotion, giving no reasonable explanation
    Rarely takes holidays
    Does not or will produce records/information voluntarily or on request
    Self-interested and concerned with own agenda
    Volatile and melodramatic, arrogant, confrontational, threatening or aggressive when challenged
    Surrounded by ‘favourites’ or yes men and women
    Micromanages some employees; keeps others at arm’s length
    Bullies or intimidates colleagues
    Cuts corners or bends rules
    Vendors/suppliers deal only with this individual
    Lifestyle seems excessive for income
    Persistent rumours/indications of personal bad habits/addictions
    Suspected to have overextended finances
    Unreliable and prone to making mistakes, poor performance
    Tends to shift blame and responsibility for errors to others
    Seems unhappy at work and is poorly motivated
    Seems stressed and under pressure

Execution Blues
But how often do companies take action when red flags are flapping? KPMG’s analysis found at least one red flag was present in 56% of the fraud cases examined. However, companies acted only on 6% of those initial red flags.
 
That’s disturbing. “Companies are failing to read and to act quickly on warning signs,” warns the Big Four firm. “Ignored red flags are a license for perpetrators to carry on operating and a missed opportunity for the business to detect or prevent fraud and reduce losses and associated costs.” 
 
When fraud is finally detected, only 3% took no action or sanction. The majority took enforcement action, including regulatory, legal and police (45%), disciplined the errant employee (40%), embarked on civil recovery (23%), accepted the perpetrator’s resignation/voluntary retirement (17%) or settled out of court (6%).
 
At 28%, Asia has the highest incidence of having the fraudster resign or take voluntary retirement. Enforcement action was taken in 40% of the Asian cases examined – compared with 65% in Africa and 63% in North America.
 
Like their peers elsewhere, companies in Asia do not communicate the details of the fraud internally, much less to the outside world. Globally, the details of 54% of the fraud cases examined were not revealed to others in the company, although the information presumably filtered down through the office grapevine.
 
Are Asia’s companies too lax in dealing with fraud? It appears to be the case. Allowing fraudsters to resign and keeping mum about the fraud may save face, both for the perpetrator and the company itself.
 
But in so doing, the board and management are telling would-be fraudsters that there’s a good chance they would get only a slap on the wrist if they are caught. That’s a message companies should not be sending in an environment of slowing GDP growth – and possibly the return of the Great Recession.