Companies must mitigate fraud risk in even the most far-flung locations
In the fight against fraud, management has not traditionally focussed on foreign and remote locations or in smaller operational units. “In order to succeed in fighting fraud that occurs far from head office (geographically or even at near but small operations), it is necessary for management to understand different cultures and business practices across the geographic markets and industries in which it operates” says Colm Tonge, PricewaterhouseCoopers Risk Advisory Services partner. “It also needs to be familiar with the company officials who lead local and international subsidiaries, agents or joint-venture partners it uses, and to consider whether the internal controls in place are capable of preventing, detecting and supporting the investigation of fraud. Companies must also know what constitutes an adequate response to fraud in subsidiary operations.”
Tonge says it is sometimes argued that fraud and corruption are acceptable costs of doing business, particularly in emerging markets. Management also justifies that reasoning where the cost of putting robust anti-fraud controls in place would exceed the potential loss associated with the consequences of fraud, arguing it is impractical or unnecessary to invest in antifraud measures. “In today’s world, this is an unacceptable approach and it takes no account of the potential extent of such fraud and its total associated costs.”
The consequences of fraud are widespread and include legal risk for directors, audit committee members and others, particularly where there is evidence of poor corporate governance or weak internal control. The risks are not confined to the financial loss suffered at that location, but impact the entire organisation and include operational risks such as damaged business relationships and even blacklisting, regulatory investigations and fines, wasted valuable management time and resources, a fall in share price, takeover vulnerability, corporate reputation and branding damage and poor staff morale.
Tonge says foreign operations automatically carry an enhanced risk of fraud. “The ‘tone-at-the-top can be lost in translation, taking a while to reach the end location, and can even be distorted by language or business practice differences. Also, corporations sometimes rush into new and unfamiliar markets without fully understanding the implicit risks involved and could partner up with unsuitable local individuals or entities.”
Looking at some specific locations, the Corruption Perceptions Index suggests that there is a high level of perceived corruption in Bangladesh, Haiti, Nigeria, Chad, Myanmar, Azerbaijan and Paraguay. The Bribe Payers Index identified high levels of bribery in Russia, China, Taiwan and South Korea, Italy and Hong Kong.
Also, as antifraud controls tend to span several functions in an organisation – such as internal audit, legal, compliance and risk management – these competent and adequately trained resources can become scarce in the foreign and smaller operations. And many foreign subsidiaries operate their financial reporting systems in a variety of stand-alone structures, which can lend itself to abuse.
Cultural differences such as a less formal business environment and more personal relationships could also increase fraud risks. And the multinational practice of appointing ex-pats from head office for limited periods could create fraud opportunities that may not be possible under more steady supervision.
Tonge recommends the control environment in foreign or remote locations should be as similar as possible to head office. “An effective tone at the top, an accessible whistleblower programme, background checking for hiring and promotion and a standardised investigation process will go a long way towards preventing fraud.”
“Onsite fraud risk assessments should ideally be performed every three years and address industry, continent and country specific fraud risks and schemes, considering the likelihood of different types of fraud risk along with the significance if they did occur. Identified significant fraud risks should be evaluated and adequately mitigated by control activities, focusing on those controls that if ineffective could have a “more than remote likelihood” of resulting in a material misstatement, and those that have a “more than inconsequential” impact.”
Tonge recommends companies should establish zero-tolerance guidelines on bribery and payoffs and clarify policies on gifts and entertainment. “There should also be frequent and formal confirmations by employees that they have not engaged in any form of irregularity. Communication is a vital antifraud tool and all operations should know the code of ethics, code of conduct, availability of whistleblower hotlines, accounting practices, technical guidelines and accountability for geography and functional areas - and any changes in these matters.”
The internal audit department should also focus on any history of fraud and recent country-specific fraud risks, and be staffed by fraud-experienced internal auditors who are focused around regions and aware of the region/country specific risks.
Tonge concludes that although many companies have invested in addressing the complex area of antifraud controls in foreign and small operations, much remains to be done. “It is no longer acceptable to cite geographic distance or size of operations as an excuse for not identifying and resolving fraud.”
