15 June 2011 - Senior executives are committing more fraud according to a global KPMG survey, which found that CEOs were involved in 26 per cent of cases – up from just 11 per cent in a similar 2007 survey.
The “Who is the typical fraudster?” study analyses characteristics of frauds based on 348 cases investigated by KPMG across 69 countries.
Jimmy Helm, Head of Forensic at KPMG in Central and Eastern Europe, comments: “The increase in senior management involvement in fraud is a wake-up call to companies everywhere. The effects of the recession and concurrent pressure to meet performance targets may be placing a significant strain on management, resulting in the manipulation of financial results.”
The global research found that the ‘typical’ fraudster is a male between the ages of 36 and 45 years, who works in the finance function or a finance-related role, has been with the company for more than 10 years, and holds a senior management position. Often such individuals will be better able to override controls and may have accumulated a good deal of personal trust. They are most likely to engage in embezzlement or procurement fraud.
Richard Perrin, Partner in Advisory, Romania notes that “in Romania the ‘typical’ fraudster most commonly works in the procurement or sales function. The finance function often plays the role of ‘policing’ these functions. We also note that in Eastern Europe, some 89 per cent of persons investigated, had been employed at the company for more than 3 years (of which more than half had been employed for longer than 6 years) and 52 per cent of the frauds had run for more than 3 years before they were detected.”
The typical fraudster does not work alone
The global survey indicates that in 61 per cent of the cases, the fraudster colluded with either an internal or external third party. The Eastern European cases follow this trend, with 63 per cent. This characteristic is further supported by a review of reported cases in Romania resulting in convictions, which indicates that in more than 50 per cent of cases there was collusion.
Red flag warnings are being ignored
The survey also found that ‘red flag’ warnings, such as an employee who rarely takes holidays or whose lifestyle appear excessive for their income, are commonly being ignored by companies. Just 6 per cent of fraud cases in the 2011 survey had initial red flags that were followed up, compared with 24 per cent in 2007 – a substantial drop. In Eastern Europe the position is a little more positive, with some 11 per cent of red flags being acted upon. However, 43 per cent of red flags were not acted upon in Eastern Europe: lower than the global average of 56 per cent, and comparable with the 2007 average of 45 per cent.
Michael Peer, Partner Forensic Services CEE, comments: “It is surprising that companies continue to ignore warning signs, particularly in light of the recession. While cost-cutting initiatives associated with the downturn may have played their part in the observed shift, such cuts may prove a false economy. While defences are down, the fraudster sees the opportunity to capitalise. The need for companies to be vigilant has never seemed more important.”
In 46 per cent of the cases investigated in Eastern Europe, there were no red flags. This is consistent with the global average of 44 per cent. Michael Peer comments: “78 per cent of the cases polled in Eastern Europe show that weak controls were exploited in the commission of the fraud. This, coupled with the finding that more than half of the frauds investigated in Eastern Europe ran for more than 3 years before detection, indicates that controls are either inadequate or have not been revised and updated to deal with new threats. This highlights the need for regular fraud risk assessments as part of an overall operational risk assessment strategy.”
Communication of the fraud
The global average indicates that only 23 per cent of the frauds detected were publicly reported and 46 per cent were communicated internally. In Eastern Europe, less than 30 per cent of the fraud incidents were reported internally and only 11 per cent were reported externally - only in India were less cases reported. Full disclosure to the authorities only occurred in 2 per cent of the cases in Eastern Europe, compared to the global average of 13 per cent.
Disciplinary action was the most common response to fraud in Eastern Europe. Such action was taken in 33 per cent of cases and resignation/voluntary retirement occurred in 24 per cent. However, enforcement action was taken in just 17 per cent of cases and civil recovery in 2 per cent.
Jimmy Helm comments: “These findings suggest that companies are not taking the opportunity to leverage learning points or to instill a corporate culture of zero tolerance towards fraud. Effective communication of a fraud incident provides the opportunity to send the organization and its business partners a clear message from management that fraud will not be tolerated. A further consequence of the failure to take strong action against the perpetrator is that the fraudster is able to move on to another unsuspecting company with their reputation intact.”
Richard Perrin concludes: “The importance for companies in Romania to have a strong control environment has never been greater. By adopting measures to prevent fraud or detect it early, businesses can limit the opportunities they present to a would-be fraudster. While fraudsters are using more sophisticated techniques to commit their crimes and cover their tracks, often the underlying fraud remains quite simple. The challenge is how to see through the ‘ordinary’ disguise of the fraudster; enhance fraud prevention and detection; and, respond more often and more rapidly to red flags.”