KPMG Forensic’s 2012 survey reveals startling facts and figures about fraud

By David Ebert 

The Chartered Management Institute along with KPMG held the third in a series of evening discussions at the Cinnamon Lakeside, this time around to discuss the KPMG 2011/2012 Sri Lanka Fraud Survey report released recently, which looked to study the perceptions and statistics on corporate fraud in the country.

The report, the objective of which was to identify the nature and extent of corporate fraud in Sri Lankan as well as give a clearer understanding of its magnitude in the bigger picture and the impact fraudulent activities have on businesses, individuals and organisations revealed a startling list of statistics relating to both the number of fraudulent acts detected within organisations as well as the many issues pertaining to detection.

The survey carried out for the first time in the country by KPMG, unravelled the complex, interwoven tapestry that corporate fraud weaves in a business as well as the nature and extent of fraud encountered and the challenges faced in preventing, detecting and appropriate responses to incidents.

The following findings outlined in a presentation made during the discussion by KPMG Partner and Head of Forensic Jagath Perera, were based on data derived through an online questionnaire circulated among respondents comprising of directors and senior management of corporate institutions in Sri Lanka, which was collated and analysed using a number of statistical measures. Organisations identified for the purpose were those with an annual turnover between Rs. 50 million to Rs. 10 billion and those with a staff strength ranging from 100 to 5,000 employees.

The report also looked at key factors such as the motivation that leads individuals to commit fraud, a profile of a fraudster and the possible red flags that can be used by management in order to detect fraudulent activity within an organisation.

The survey revealed that out of 90 respondents surveyed, representing 102 industry segments, a total of 70% admitted to having encountered fraud within their organisations, out of which 64% were from the private sector, while a startling though unsurprising 89% of the respondents encountered fraud in the public sector.

According to the report, the most fraudulent sectors turned out to be the industrial and consumer market sectors. The industrial sector was found to have reported the highest single loss from fraudulent activities, with losses in the region of Rs. 3 billion, while the smallest amounted to Rs. 2.5 million that being from the agricultural sector.

Awareness of fraud

Awareness of the incidence of fraud in the country however, seems to have taken a rise, as is the awareness of its consequences to businesses, the economy and public well-being; with the report stating that 83% of respondents claiming that incidents of fraud have increased countrywide, while 62% maintained that fraud within their respective industries had increased in the same period. However, only 51% accepted that fraud had increased in their own organisations.

The findings highlighted a surprising anomaly wherein respondents showed an awareness of fraudulent activities in industries other than their own. This, quoting the report, has been understood by behavioural psychologists to point towards a sense of refusal to accept that their own industries may be vulnerable to fraud.

In terms of the types of fraud committed, the survey identified bribery and corruption, IT related fraud, regulatory non-compliance, diversion or theft of funds or goods and financial statement fraud as the most common forms of fraud encountered.

The findings in terms of industry show that the most common fraud in the agricultural sector happens to be in the form of diversion of funds and goods which accounts for a massive 60% of all incidents, which was a trend noticed in most industries surveyed, while bribery and corruption and regulatory non-compliance came in a close second and third in the ratings.

The report also showed a marked absence of proper reporting formats for fraud or unethical conduct in today’s corporates. Basic measures such as whistle blowing hotlines were almost nonexistent in most companies, accounting for only 9% of cases of fraud reported internally. Another statistic revealed in the report, added credence to this point, showing that a startling 15% of cases detected were merely accidental in stark contrast to 36% of cases which were detected due to internal and statutory audits.

Possible motivations for fraud

KPMG also looked at the possible motivations for fraud as well in their report, with respondents maintaining that most financial statement fraud stemmed from the fact that as several organisations rely on performance as a guide to the provision of incentives to employees.

This lead to a tendency by employees to show enhanced performance figures that are above actual numbers achieved in 27% of the cases. In addition, tax evasion was the reason provided by 23%, the need to cover personal debt accounted for 12% of it and the need to meet market expectations accounted for 18% of incidents reported.

Looking at supply chain theft or leakage, 44% of the respondents attributed these phenomena to the lack of effective internal controls, while 24% claimed that existing supply chain processes were so complex, that it was somewhat an impossible task to plug all the loopholes and prevent fraud. Similarly, 17% were of the opinion that the absence of appropriate inventory management systems gave rise to the type of risks prevalent in the industry and 15% were of the view that the lack of due diligence on third party vendors was a cause for organisations sustaining losses along the supply chain.

Bribery and corruption, the offering or receiving of something of value for the purpose of influencing the action of an official in the performance of their public or legal duties, was believed to not only be an accepted, but a somewhat expected practice according to the respondents. It was revealed by 35% of them that bribes were used to obtain routine administrative approvals from government departments and ministries.

Kickbacks were considered an useful tool to retain business with 31% pinpointing kickbacks for this purpose and 24% maintained that it was necessary to influence people to make a favourable decision or deliver a positive outcome.

Other reasons included the lack of integrity, personal gain, the pressure to ensure successful outcomes and the need to meet targets which contributed to the balance 10%. In terms of the forms of bribery in these instances, cash payments came in on top with a whopping 26%, while gifts came in at 21% and various forms of entertainment were reported in 19% of the cases.

Profiling the fraudster

In identifying the individual fraudster’s profile, the survey instead looked at the level of management or the area of responsibility with which the perpetrators were entrusted. It revealed that in the instances of bribery and corruption which includes kickbacks, 27% of the perpetrators were from top management, while 46% were from the middle and lower levels of management and the remaining 27% were either customers or business associates of the organisation. Another startling fact reported was that overall; five out of six incidents of fraud were committed by internal parties.

The survey addressed three questions in this area, the first questioning where exactly companies should be looking for fraud; outside their own periphery or focus their efforts within, taking into consideration the findings where 70% percent of the respondents had encountered instances of fraud within their organisations, 83% of which were perpetrated by an internal party.

Secondly, which level of management would be more susceptible to fraud and the types of fraud that are common to particular groups within an organisation?

The survey divided the hierarchy into three groups; senior management, middle/lower management and external parties. The numbers showed that in 69% of cases involving diversion or theft of funds through improper invoicing, false claims and pilferage, the middle/lower management were found at fault. The senior management were found guilty of it in only 14% of the cases, while 17% of the cases were caused by external parties that include customers, vendors and business associates.

A similar phenomenon was observed in the case of bribery and corruption, including kickbacks, where 46% of reported instances were again, perpetrated by the middle/lower level management, while both the top management and external parties shared 27% each.

Financial statement fraud however understandably found the top management responsible in 60% of the cases, while the involvement of middle and lower level management was assessed at 30% in these instances. The balance was attributed to external parties.

Detecting fraud

In a scenario such as this, detecting fraud can be a tricky situation in terms of time and effort put into constantly being on the lookout and more importantly adhering to risk management plans such as routine internal audits and other countermeasures against fraud in a company. The findings showed a lack of proper internal processes for preventing or detecting fraud in the respondent’s sectors, with an amazing 15% of detected fraudulent acts being discovered by accident.

Furthermore, it is important to note that 51% of the respondents indicated that they do not have a fraud risk management plan in their organisations, even with 70% of them having encountered fraud. The other methods used for reporting fraud were also detailed in the report which included internal audits, whistle-blowing hotlines, anonymous letters or callers, IT controls and data analytics.

The report also detailed a list of indicators that can be looked out for as an alert that fraudulent activity is happening within an organisation. This was categorised into both employee and management red flags which could be based on a change in circumstances or differences in management and employee behaviour which may indicate fraudulent activity.

Employee red flags are subtle, such as changes in the lifestyle of an employee evidenced by unusual purchases of assets, significant personal debt or credit problems, drug or alcohol abuse, high employee turnover in areas identified as particularly vulnerable to fraud, particular reluctance by employees to take vacations or sick leave and even a lack of segregation of duties in vulnerable areas.

A typical management red flag would be reluctance to provide information to auditors or engagement in frequent disputes with them. It is also believed that a possibility of fraud could be indicated when management decisions are dominated by an individual or small group of persons even with the existence of a pool of skilled personnel available.

A good indicator could also be weak internal controls and the display by managers of significant disrespect for regulations and regulatory bodies. The existence of an excessive number of bank accounts was also seen to be indicative of fraud. In addition, the continuous rollover of loans and significant downsizing in a healthy market are also possible red flags that should be investigated.

Ignoring red flags

The KPMG team that carried out the survey realised that losses to an organisation from fraud extended to more than the financial losses indicated by respondents. Further, in the case of collusive action, which was prevalent in 17.7% of cases, more than one member of the management was implicated.

In the case of supply chain management, the collateral damage extended to operational managers, suppliers and customers, thus creating a longer term and wider ripple effect. Bribery and corruption as well as kickbacks also created wider implications for the organisation as it was prevalent at many levels of the organisation.

It was also observed that stakeholder confidence is shaken by public disclosure when an incident is reported in the media. Thus, in a very competitive environment, corporate are reluctant to make public disclosures due to the radical effect this would have on stakeholder confidence.

Corporates in Sri Lanka are also faced with the dilemma of whether to take matters to court or take measures to limit the potential fallout through the reporting of any fraudulent activity to the media. Hence, solutions that do not address the appropriate legal options are sometimes explored with the perpetrator not subjected to the legal consequences of their actions.

Contributory factors may vary according to the industry and sector, where respondents blamed internal control for 33% of reported fraud. Other contributory factors included inadequate oversight by the audit committee, inadequate utilisation of available technology and the lack of a proper framework for monitoring.

The management and recruitment procedures also came under scrutiny as some respondents claimed that fraud could be linked to dishonesty among higher management and a prevalent lack of ethics and employee loyalty.

Perera maintained that the ultimate responsibility for fraud lies with the board stating: “The board establishes the tone at the top, formulating the policy and determining the level of tolerance to be demonstrated. This sends a clear message to those contemplating acts of fraud and sets clear parameters to be allowed.”

Perera also reiterated the need for organisations to implement controls, tools, frameworks and templates that set out the reporting requirements at all levels of management. The next step he stated would be to create in the organisation, a culture of honesty and the facilitation of anonymous and secure reporting of fraudulent activity where the identities of the informants are protected to prevent any form of internal reprisals.

Perera also advocated techniques such as fraud risk management plans, background verifications of possible new employees, contract compliance reviews and even mystery customer reviews to combat any misdeeds within an organisation. In conclusion, he warned companies against being lulled into any sense of false complacency, to be constantly alert about the possibilities of fraud and to leave no suspicious behaviour or circumstances un-investigated. Vigilance, awareness, expertise and an investigative nature, Perera said were the qualities vital to those involved in fraud risk mitigation.