New Study Finds Companies at Risk for Fraud
Protiviti, Utica College Survey Finds Lack of Proactive Fraud Risk Management Poses Significant Risk to Corporations
Majority of companies not prepared to conduct investigations, study finds
ContactChristine Leogrande, email@example.com
Utica, NY (01/14/2016)- According to a new joint study issued by global consulting firm Protiviti and the Economic Crime and Justice Studies Department at Utica College, companies are not well-positioned to prevent corporate fraud nor conduct investigations, creating a significant potential liability to their executives and shareholder value. These limitations, observed across the majority of respondents, also lessen the likelihood that those companies will receive full cooperation credit from the U.S. Department of Justice when seeking to negotiate a settlement stemming from a government investigation. The survey also found that nearly half of the companies surveyed (48 percent) fail to conduct a formal fraud risk assessment on at least an annual basis and a troubling 27 percent have never implemented a formal fraud risk assessment. Only a scant 6 percent of all respondents reported a high level of confidence in their organization’s vendor fraud and corruption risk oversight.
The 2016 White Collar Crime and Fraud Risk Study (www.protiviti.com/fraudsurvey) explores corporate crime and the fraud risk management practices used to combat that crime, based on a survey of more than 270 C-level executives, board members, audit directors and risk managers from a cross-section of industries. With the typical organization losing an estimated five percent of its annual revenue to fraud, organizations cannot afford not to take an urgent and strategic approach to fighting white collar crime and fraud.
“Good governance is mission critical, particularly as the demand from regulators and shareholders for more proactive fraud risk management programs intensifies and executives are held accountable,” said Scott Moritz, a Protiviti managing director and leader of the firm’s investigations and fraud risk management practice. “Despite the resource constraints that many organizations face, it’s essential, now more than ever, that they do away with the outdated reactive measures they have in place and embrace a proactive, preventative approach to fraud risk management. We find that too many executives who have a ‘no fraud here’ mentality learn the hard way that their company has been a victim of white collar crime.”
Challenges in Managing Fraud Risk
In response to the question, ‘Which of the following challenges does your organization face in managing its fraud risk proactively?’ survey participants responded as follows:
There is limited availability of internal resources to address fraud risk 47%
We lack proactive fraud risk management - our focus is on incident response when allegations arise 37%
We lack a unified fraud risk management strategy 31%
Fraud and misconduct is not considered a "high-risk" within the organization 29%
Proactive fraud risk management is not a corporate priority 26%
We do not have a member of senior management who is designated with ownership and responsibility for fraud risk management 22%
There is inadequate funding for anti-fraud program and initiatives 15%
Our organization has a "no fraud here" mentality 13%
Laws and regulations or cultural norms in our non-U.S. locations present unique challenges that we have yet to address 11%
Who Owns Fraud Risk Management
Responsibility for fraud risk management tends to fall to the CFO in most companies, as the survey findings reveal based on the question:
‘Who in the ranks of senior management is designated with ownership and responsibility for fraud risk management in your organization?’
Chief Financial Officer (CFO) 18%
No senior management professional is designated with ownership 14%
Chief Legal Officer (CLO) or General Counsel 13%
Internal Audit Director 13%
Chief Risk Officer (CRO) 13%
Chief Executive Officer (CEO) 10%
Chief Security Officer (CSO) 2%
Don't know 5%
While the majority of companies conduct ethics and fraud awareness training, fewer than half overall (46 percent) do so at the recommended frequency of at least once annually, and more than half of all organizations lack a fraud detection program (though the numbers are better for large companies). Additionally, while most respondents indicated that their company has a telephone hotline, website or electronic mailbox for employees to report fraud, only 13 percent regularly conduct surprise audits.
The survey also found that the most significant areas of concern for organizations to address with regard to COSO Principle 8 were “Safeguarding of assets” (22 percent) and “Management override of controls” (20 percent). The updated 2013 COSO internal control framework is the new governance standard for most publicly traded companies – and a foundational element of Sarbanes-Oxley compliance. It requires that companies consider the risk that individuals or entities may act outside the organization’s expected standards of ethical conduct.
“Fraud detection techniques, such as having a code of conduct set in place, employee background checks, awareness training, third-party due diligence and surprise audits, are crucial in not only detecting risk, but also proactively preparing for future threats,” said Donald Rebovich, professor of criminal justice and executive director of the Center for Identity Management and Information Protection at Utica College. “A program that engages all levels and departments in prevention and detection is vital to a company’s financial health and reputation.”
About the Survey
The Protiviti and Utica College 2016 White Collar Crime and Fraud Risk Study was fielded in July 2015 across the globe; the majority of respondents were in North America. Respondents work in the public, private, government and non-profit sectors and are representative of virtually all industry sectors.
The survey report, along with an infographic highlighting key results, a podcast and a short video are available for complimentary download at www.protiviti.com/fraudsurvey.
Webinar on January 27
Key findings from the survey will be discussed in a complimentary webinar on January 27 at 9:00 a.m. PST. Protiviti's Moritz and Utica College’s Rebovich will be joined by Peter Grupe, a Protiviti director and the former head of the White Collar Crime branch of the New York Field Office of the Federal Bureau of Investigation, and Pamela Verick, a Protiviti director and widely recognized subject-matter expert on fraud and corruption risk. Guest speaker George Stamboulidis, co-leader of law firm BakerHostetler’s national White Collar Defense and Corporate Investigations Practice will add his insights during the 90-minute webinar. Please register at www.protiviti.com/webinars.
Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500®companies. Protiviti and its independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies.
Named to the 2015 Fortune 100 Best Companies to Work For® list, Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.
About Utica College
Utica College, founded in 1946, is a comprehensive private institution offering bachelors, masters and doctoral degrees. The College, located in upstate central New York, approximately 90 miles west of Albany and 50 miles east of Syracuse, currently enrolls approximately 4,500 students in 44 undergraduate majors, 30 minors, 21 graduate programs and a number of pre-professional and special programs.
Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Editor's Note: Infographic (in JPEG and PDF) and photos available upon request.