We understand the specialized markets in which you operate and provide tailored solutions to meet your unique business needs.
Our comprehensive suite of business services combines industry expertise, market knowledge and professional insights.
MNP is a leading national accounting, tax and business consulting firm in Canada.
Suite 2000, 330 5th Ave. S.W.
MNP careers are Different by Design. As an entrepreneurial firm, we truly believe there are no limits to where your career can go.
This article was originally published in The Bottom Line
Establishing a fraud policy in Canada is a little like making sure you own a warm jacket, a toque and a shovel to prepare for winter. You don’t know exactly when it’s going to come but you can be sure it’s going to arrive eventually, and when it does you’ll want to be prepared.
It’s the same with fraud. Nobody wants to see their systems compromised, but with the sophistication of hackers it’s not a matter of if they will break in, but when.
Corporate executives can’t control what people on the outside are doing but they can certainly influence their own employees, and developing an anti-fraud culture is a critical part of the fight.
A key element in that culture is a fraud policy — a document that sets out responsibilities and procedures to be followed to ensure the right decisions are made when the inevitable occurs. It also covers off how staff will be treated if they’re under suspicion and the requirements for employees to co-operate with investigators, or to report fraudulent activity when they come across it.
Experts say the fraud policy also needs to outline possible outcomes from an investigation’s findings, ranging from nothing to a reprimand to dismissal.
According to the Association of Certified Fraud Examiners’ 2012 survey, the mere existence of a fraud policy reduces corporate financial losses by 49 per cent. Nearly half of all victimized organizations don’t recover a dime from losses suffered due to fraud, and the typical company loses five per cent of its annual revenues to fraud each year. That works out to more than $3.5 trillion around the world — and how do you measure the embarrassment and brand damage when a company has left itself open to fraud?
The most effective fraud policies are well communicated by upper management and directors to show employees and stakeholders that the company has considered its fraud risks and taken a clear stance in its organizational values.
“You need to set a strong tone from the top that fraud won’t be tolerated,” says Greg Draper, Calgary-based national leader for investigative and forensic services for MNP. From there, a company needs to have a fraud “fire drill” so its people can figure out what to do once a breach has been discovered.
“Fraud issues in organizations are relatively rare but they can be very disruptive. There’s a significant breach of trust often with people who have been there for a long time. It’s a crisis mode. The policy maps out what needs to be done and by whom,” he says.
Perhaps just as importantly, the fraud policy should also specify who should not be involved in an investigation. You know, like the suspected fraudster.
Draper says he knows of a case where an employee was sat down by six different managers and told he was being accused of fraud. It didn’t take him long to figure out what his managers knew and didn’t know, what he had to destroy, and the need for a solid alibi.
“If the allegations aren’t true, this person now has six supervisors who think he’s a crook. You’ve created a toxic work environment and you’ll likely end up on the wrong side of a wrongful dismissal suit even if fraud never occurred,” he says.
About three-quarters of fraud incidents, according to the ACFE, are perpetrated by employees in six departments — accounting, operations, sales, upper management, customer service and purchasing.
In a typical example, a finance department employee would set up a company under their own name, create a vendor registration number with their employer and start submitting false invoices for the provision of fictitious goods and services. When the payments are approved, the embezzling is on, says Peter Dent, national leader of Deloitte’s forensic practice in Canada.
“Many larger organizations might have thousands of vendors. There’s a fairly rigorous process of how a company gets to be a registered vendor of another company but it can happen quite easily, especially when you have people in trust in the finance department. To process transactions and approve them, they’re going to engage in fraudulent activity. They understand what they can get away with. They’re in a very advantageous position to commit fraud in the first place,” he says.
Other common examples of fraud include outright stealing by forging expense reports, and manipulating financial statements that trigger bonuses. It could even involve the manipulation of stock prices by senior executives. When a company’s stock slips, management will sometimes look for ways to pump up revenue channels by bringing future sales back to the current quarter. Recognizing the revenue before
it is official — a process called “channel stuffing” — can enable a company to meet its current targets, which will impress industry analysts when the quarterly earnings are announced. That often causes the stock price to move up above the price of options held by many executives, who then exercise them and reap the windfall, says Jim Barbour, a certified fraud examiner at Crowe Horwath’ s risk consulting group in Toronto.
“The harm has been done. You’ve exercised the stock price because you’ve recognized revenue in the improper period and you’ve hurt other shareholders in the future,” he says.
A fraud policy can be even more effective if it’s linked to a code of conduct and whistleblower policy. These two initiatives are designed to “prevent, detect and respond,” Draper says.
“When you do that and management and the board are looking at it on a regular basis, you’ve got a champion for managing and implementing those policies as they need to be used,” Draper says.
It might seem obvious, but whistleblower programs need to be anonymous to truly encourage employees to sound the alarm about possible fraudulent activity. That means it can’t be done via a four-digit internal extension, but instead by calling a reporting line run by a third party. How this is all communicated to employees is critical, Barbour says.
“You must say, ‘nobody in the company will know you called, this is what we’ll do (in response). It will go to the legal department, where it will be evaluated and, if necessary, there will be an internal investigation.’ That helps employees feel they won’t be subject to retribution for trying to do the right thing. They’ll know there’s a commitment by the company to deal with allegations in a serious and direct manner,” Barbour says.
“When we rolled out the whistleblower program, we said ‘this is about good, honest people contributing to an ethical work place.’ It’s not about catching people doing bad things,” he says. “That minimizes pushback from people. You’re saying, ‘we’re putting this in not because we feel you’re a dishonest group but we want to keep this an honest workplace and we want you to be able to contribute to that.’”
Employees at different levels of the company require different levels of anti-fraud training, Dent says. The first is basic, skimming along the surface to cover off the definition of fraud and its components. It could be provided online over several hours, followed by a test.
“The company doesn’t have to spend a lot of money,” he says. The second level is more advanced and geared towards higher risk employees who have more access to and control over corporate finances, and therefore more capacity to commit fraud, or they could be the ones who are responsible for the detection and prevention of fraud.
An employee who has a signing authority of $50,000, for example, would fall into this category. They could take that much money at one time and have a good chance of getting away with it, Dent says. That’s the level of risk companies are prepared to take because if there were too many layers of approval, nothing would ever get done.
He warns that companies can be setting workers up for failure by not providing any training around a fraud policy. Employees might sign off on all corporate conduct policies, including a fraud policy, and can be held accountable if they don’t follow it.
“It’s sort of like when you go through an insurance policy. Do you read all of the fine print to get an understanding of what you’re signing? No, you don’t,” he says.
Whether the presence of a fraud policy could be the difference between winning or losing a contract is up for debate, but Barbour feels there is absolutely no downside to having one.
“Usually a fraud policy is an internal-facing document but many times companies will put it on their websites. ‘If you’re going to do business with us, we want you to abide by the following rules of conduct.’ Often those items are mirrored in the fraud policy. If I’m a supplier who is new to town and I know a company evaluates suppliers based on the merits of their goods and services and the competitiveness of their price, that keeps the playing field a bit more level for everyone,” he says.
“Companies take a big reputational risk if they don’t have this kind of foundational policies in place.” Draper agrees, and notes that customers and potential customers are looking at the depth of policies around fraud, ethics, compliance and governance.
“That’s becoming crucial. It’s the sign of a more sophisticated and safe bet,” he says.
Categories:Valuation, Forensics and Litigation Support
Suite 2000, 330 5th Ave. S.W.
Find an office near me