Transcript Slide 1
ETHICS and FRAUD
Larry Finney, GF&H October, 2008 [email protected]
DEFINITIONS
ETHICS-”the code of morals of a particular person, religion, group, profession, etc.” MORALS-”in accordance with principles of right and wrong” VALUES-”principles or standards held or accepted by an individual, class, organization…”
RISK-?
DEFINITIONS
WHICH IS LEAST RISKY?
LOWEST POTENTIAL RATE INVESTMENT A INVESTMENT B INVESTMENT C 5% -2% -5% EXPECTED AVERAGE RATE HIGHEST POTENTIAL RATE 8% 12% -2% -2% 8% 20%
DEFINITIONS RISK-uncertainty of results So what are our goals when it comes to risk?
Assess Manage Through risk versus reward model Is risk good or bad?
DEFINITIONS FRAUD-intentional deception for unearned or unlawful gain MISCONDUCT-violations of laws, regulations, internal policies and expectations of ethical business conduct ERROR-unintentional mistake/wrong with no motive for gain
ETHICS Ability to distinguish right from wrong AND the commitment to do what is right Following the spirit and intent of rules and regulations as well as the letter As opposed to: Expediency Manipulation Bending rules where there is no flexibility Rationalization
ETHICS Much of what happens ethically within an organization depends on the culture and environment The culture and environment is set by the “tone at the top” of the organization
ETHICS-2007 National Survey Strength of organization-wide ethics culture has biggest impact on misconduct 56% of employees observe misconduct Top types of misconduct Conflicts of interest Abusive or intimidating behavior Lying to employees Fraudulent activity is further down the list Increases dramatically as work environment increases in negativity
ETHICS-2007 National Survey Strength of formal ethics program has greatest impact on encouraging employee reporting 42% of employees don’t report observed misconduct Primarily due to thoughts of futility fear of retaliation 36% feared retaliation and didn’t report, but only 12% who reported experienced retaliation One-third took matters into own hands 40% would have had to report to person involved 25% were not aware of any anonymous reporting mechanism
ETHICS-2007 National Survey 25% of organizations had well-implemented and comprehensive ethics and compliance program in place Ethical leadership, supervisor reinforcement, peer commitment, embedded ethical values 29% of employees with these organizations failed to report versus 61% of employees without comprehensive programs 25% believe they are rewarded for ethical behavior and feel prepared to handle situations that could lead to misconduct
ETHICS-2007 National Survey But only 9% have very strong ethical cultures!
Another 43% of fairly strong ethical cultures 24% observed misconduct on very strong cultures versus 98% in weak cultures 3% of those who reported misconduct in very strong cultures versus 39% in weak cultures
ETHICS-2007 National Survey The best organizations are those with very strong ethics cultures and with a strong ethics and compliance program
ETHICS-2007 National Survey So what do these organizations look like?
Strong communication from top management and supervisors Top management and supervisors keep promises and follows through on commitments Policies and procedures show commitment to ethics and compliance Decisions from top management and supervisors reinforce policies and procedures Success through questionable means is not rewarded
ETHICS-2007 National Survey So what do these organizations look like?
Employees: Willing to seek advice about ethical issues Are trained to handle ethical situations as they arise Are rewarded for ethical behavior Understand that trust is not enough Employees must believe reported situations will be handled honestly and properly and that retaliation will not occur Everything written and verbally stated is lived out and the tone has to be set at the top!
ETHICAL MATTERS
Legal Illegal Ethical Unethical
ETHICAL MATTERS Common views of what is ethical (questionnaire) Feelings Justice/beliefs Business ethics conflict Do moral standards apply just to individuals or to organizations as well?
ETHICAL MATTERS 1.
2.
3.
Three questions to consider when faced with an ethical dilemma: Is it legal?
Is it balanced (fair)?
Is it right?
ETHICAL MATTERS Ethics, morals and values have a lot to do with how you perceive, assess and manage risk You will find out a lot about your organizational culture and the people when you get involved in risk management
ENTERPRISE RISK MANAGEMENT
“a process, effected by an entity’s board/council, management and other personnel, applied in strategic setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
ENTERPRISE RISK MANAGEMENT
Process-is ongoing Effected by people throughout the entity using their expertise Applied across the entity Identify risk (potential events) that could affect the entity Goal is to reduce risk enough… …so that the entity can achieve its goals (effectively and efficiently)
ENTERPRISE RISK MANAGEMENT
Goal is help governments be as efficient and effective as possible by looking at how certain risks might impede the achievement of strategic objectives and then working to establish a system to keep them from happening or effectively responding to them so they do not become crises.
ENTERPRISE RISK MANAGEMENT
Eight components Internal environment Objective setting Event identification Risk assessment Risk response Control activities Information and communication Monitoring and evaluation
ENTERPRISE RISK MANAGEMENT
What is important?
Must have a champion and buy in at the top (risk management’s role as being important within your organization) The Board/Council are comfortable that your organization is effectively managing risk Time for brainstorming Focus on the high risks Strong communication Continuous cycle
ENTERPRISE RISK MANAGEMENT
One important type of risk your entity must consider is fraud and
misconduct risk
FRAUD RISK MANAGEMENT
General categories
Fraudulent financial reporting
Misappropriation of assets
Cash embezzlement Payroll fraud Procurement fraud Theft of inventory, equipment… Expenses incurred for illegal acts
Kickbacks Bribery
FRAUD RISK MANAGEMENT
General categories
Organizational expenses or liabilities avoided
Tax fraud
Wage and hour abuse Falsifying compliance data for regulators
Other misconduct
Conflicts of interest
Discrimination Environmental violations
WHY ARE WE TALKING ABOUT FRAUD?
(From ACFE Report to the Nation) Fraud is estimated to be a $6 billion industry Estimated that organizations lose 6% of annual revenues to fraud Average loss was $56,500 Average government loss was $45,000 Average recovery is only 20% of loss 40% of organizations recovered nothing at all Fraud is estimated to have increased 10% in the last two years and over 50% in the last 8 years
WHY ARE WE TALKING ABOUT FRAUD?
Over 90% of fraud is asset misappropriation Over 90% of asset misappropriation is cash related Three quarters are disbursement related Rest is skimming cash before it is recorded or larceny after it is recorded Government cases have higher % of corruption than other organizations-kickbacks, conflicts of interest, undue influence…)
FRAUD RISK MANAGEMENT
Opportunity THE FRAUD TRIANGLE Rationalization Motive
FRAUD RISK MANAGEMENT
Overall goal: More Self Governance By Organizations (Trust but be skeptical)
MORE SELF GOVERNANCE… Detection of fraud Internal controls Accident Tips Internal audit External audit Police
FRAUD RISK MANAGEMENT
ASSESS PREVENT EVALUATE RESPOND DETECT DESIGN IMPLEMENT From KPMG
FRAUD RISK MANAGEMENT
Prevention Leadership and Governance
Board/Audit committee oversight
Senior management oversight
Internal audit function Fraud and misconduct risk assessment
FRAUD RISK MANAGEMENT
Prevention
Code of conduct
See example in handouts
Should be based on organization’s core values Should be backed up by good environment
Hiring, retention and promotion of employees and third-parties Communication and training Limited access to data/information
FRAUD RISK MANAGEMENT
Detection
Open culture and environment
Processes for reporting misconduct and seeking counsel Auditing and monitoring Proactive data analysis
FRAUD RISK MANAGEMENT
Response Investigations Enforcement and accountability Corrective action Consistency
FRAUD RISK MANAGEMENT
PREVENTION DETECTION RESPONSE
Risk assessment Code of conduct Board/Audit Committee oversight Executive and other management functions Internal audit, compliance and monitoring functions Process for reporting and counsel Investigation process Auditing and monitoring Enforcement and accountability HR/Procurement due diligence Data Analysis Communication and training Limited access to data Corrective action process
FRAUD RISK MANAGEMENT
National survey identified common traits of organizations with well-defined fraud risk management programs:
1.
Shared executive ownership-but there must be a CHAMPION
2.
3.
4.
Active Board/Council oversight Internal audit approach and
ownership
Required ethics and fraud awareness
FRAUD RISK MANAGEMENT
National survey identified common traits of organizations with well-defined fraud risk management programs:
5.
Operational processes are a part of FRM 6.
7.
8.
9.
Multiple reporting mechanisms Revisited at least annually
Use manual and CAAT techniques Communicate code of ethics often and require employees affirm compliance with the code regularly
SO WHAT?
• •
Get by in and strong support at the top Start task force with a cross-section of employees from all functions
•
Train and educate this group
• •
Brainstorm and assess risk and how to create strong culture and program Take ideas to the top on how we most effectively and efficiently create a strong ethical culture and ethics/compliance program When the top is committed, take to the organization It takes time
“Leadership is a potent combination of strategy and character. But if you must be without one, be without strategy.” General Norman Schwarzkopf