Pervasive global corruption leaves boards struggling to cope: Ernst & Young

Thursday, 26 June 2014 00:00 - - {{hitsCtrl.values.hits}}

EY’s survey of over 2,700 executives across 59 countries highlights that nearly 40% of executives consider bribery and corruption widespread in their country

Emerging risks are not being taken seriously enough, nearly half of respondents consider cybercrime a low risk

C-suite integrity perceived to be in doubt with significant minority of respondents willing to justify financial statement fraud

With management struggling to respond to long-standing and emerging fraud risks, boards put under more pressure

EY’s 13th Global Fraud Survey, ‘Overcoming compliance fatigue: reinforcing the commitment to ethical growth,’ has found concerning levels of perceived fraud, bribery and corruption across the world. And, regarding emerging threats, despite the apparent global consensus on the significant scale of the threat of cybercrime, almost half of the respondents (48%) considered it to represent a very or fairly low risk to their business. These survey findings suggest that executives may not have a proper appreciation of cybercrime risks. Respondents see hackers as the biggest concern (48%) and are underestimating the risk from organised crime syndicates as well as foreign states. The survey included in-depth interviews with more than 2,700 executives across 59 countries, including chief financial officers, chief compliance officers, general counsel and heads of internal audit. Nearly 40% of all respondents believe that bribery and corruption are widespread in their country. (See Appendix 1 to this release for a list of country results.) With respondents portraying a business environment of pervasive corruption in many countries, it would appear that management and boards are struggling to respond to long-standing threats, let alone addressing emerging risks such as cybercrime. David Stulb, Global Leader of EY’s Fraud Investigation & Dispute Services (FIDS) practice, says: “With high-profile cybercrime incidents making headlines on a regular basis, boards should expect management to have a robust incident response strategy in place. Pressure on companies for timely disclosure of breaches is rising in many jurisdictions as well, so these issues require attention from the legal and compliance functions. The US Securities and Exchange Commission is increasingly focused on cyber risks as they relate to the integrity of financial statements too, so audit committee members have to be alert to today’s cyber threat environment.” Is the C-suite making the right risk management choices? The C-suite’s difficulties can only be heightened by insufficient awareness of the risks they face. Our survey found that they are less likely than their teams to attend anti-bribery/anti-corruption (ABAC) training (38%) or participate in an ABAC risk assessment (30%). This is alarming given that these executives are apparently exposed to circumstances which threaten their integrity on a regular basis. Twenty-one percent of CEOs said that they had been approached to pay a bribe in the past, compared with 10% of all C-suite interviewees. Worryingly, given their role in setting an ethical tone from the top, a significant minority (11%) of CEOs considered misstating financial performance to be justifiable in order to help a business survive an economic downturn, compared with 6% of all respondents. Stulb continues: “Given the risk of management overriding financial controls, the implications for boards from these findings about C-suite integrity are serious. Enhancing board connectivity with business and finance leaders in the company – but below the C-suite – would be useful to confirm that the board is getting the full and accurate picture. With regulators committing additional resources to prosecuting financial statement fraud, and cooperating frequently with prosecutors from other jurisdictions, the stakes have never been higher.” David Remnitz, EY’s Global FIDS Forensic Technology Leader, adds: “Regulators are investing heavily to bolster their ability to mine big data from corporations for potential irregularities. The latest data visualisation tools can help to identify revenue recognition or procurement-related red flags earlier and more efficiently. Boards should be asking how management is leveraging forensic data analytics to get the most from their big data in order to improve compliance and investigative outcomes.” The need to reinvigorate compliance Asite Talwatte, Country Managing Partner of EY Sri Lanka stated that the survey also found that compliance fatigue within businesses appears to have set in at a time when they can least afford it. In a regulatory environment in which international cooperation is becoming more frequent, our respondents described a largely static internal compliance environment:

One in five businesses still do not have an ABAC policy
45% of organisations have not introduced a whistle-blowing hotline
Less than 50% of respondents have attended ABAC training
Less than a third of businesses are conducting anti-corruption due diligence as part of their mergers and acquisitions process.

“Enforcement of anti-bribery/anti-corruption laws has become more intensive, with significantly strengthened cross-border cooperation among regulators,” explains Asite Talwatte. “With new, tougher laws in numerous jurisdictions, and enhanced prosecutorial powers and bigger budgets for law enforcement in certain key geographies, this trend is not just a US phenomenon. Despite numerous recent high-profile prosecutions of major multinationals and their executives, many companies continue to miss opportunities to implement robust ABAC policies and risk assessments. Too few are regularly conducting anti-corruption due diligence. CEOs can do more to lead from the front on these matters, and boards and other stakeholders should intensify their efforts to challenge management to reinforce their commitment to ethical growth.”