Boards must be proactive about fraud prevention, detection and mitigation, and should be vigilant about emerging risks even while they maintain oversight of traditional issues. The advent of new technologies, digital currencies, complex supply chains, economic pressures and geopolitical instability are just some of the many evolving risk areas that can foster environments conducive to fraud.
There are various measures boards can undertake to mitigate fraud risk. Building a culture of compliance and transparency, overseeing risk management, understanding the elements conducive to fraud and strengthening internal controls and compliance polices are all parts of a holistic board approach to fraud.
In a corporate setting, fraud is the deliberate misrepresentation of a company’s financial status, operations or legal compliance to deceive stakeholders – such as investors, regulators, customers or employees – for monetary gain. Corporate fraud activities, all of which involve deception, can fall into the categories of asset misappropriation, corruption and financial statement fraud.
Elements conducive to fraud: The fraud diamond
Board directors can improve their oversight of fraud prevention and detection measures by deepening their understanding of the four key elements specific to their organization’s circumstances that may increase the likelihood fraud will occur.
- Opportunity: The conditions that may allow an individual to commit, conceal and avoid detection of fraudulent activities. For example, a weak control environment or tone at the top, unfettered access to information, lack of supervision, ability to manipulate numbers, and so on.
- Rationalization: How individuals justify their dishonest actions as acceptable or reasonable. This may extend to individuals convincing themselves that their behavior is not wrong. For example, they may believe they are entitled to a greater portion of the company’s profits due to a lack of compensation for their work or ideas.
- Pressure: Financial or personal stressors – such as debt, addiction or job dissatisfaction – that drive an individual to engage in fraudulent behavior as a perceived solution to a problem. This may also include pressure to hit projections put in place by the board, management, investors or other stakeholders.
- Capability: The personal traits, skills and knowledge that enable an individual to exploit opportunities for fraud. These may include understanding how to manipulate controls and conceal activity effectively.
Four key actions for boards to help mitigate fraud risk
Although stamping out fraud is an enterprise-wide responsibility, boards and their committees play essential roles. Here are some key actions directors can take to help mitigate fraud risk.
- Setting the tone from the top
Boards should formalize fraud mitigation roles and use advisers with relevant experience to assist oversight committees. Continuing education for both the board and senior management on the risks of fraud and emerging practices in fraud mitigation will help the organization adapt to the evolving threat landscape. Training should apply to employees’ duties and responsibilities. For example, employees regularly involved in international business transactions could benefit from robust training on the anti-bribery and accounting provisions of the FCPA alongside broader education on fraud and ethics for all employees.
The board should also ensure management has put into place appropriate enterprise-wide training and ethics-reporting mechanisms, such as whistleblower hotlines overseen by the audit committee, to encourage employees to demonstrate organizational core values and report fraudulent behavior.
A fraud-prevention program should further ensure there are consequences for wrongdoing. Even if your company does not have a history of fraudulent activity, it is important for employees to be reminded of expected behavior, remain vigilant and learn from peers’ and competitors’ experiences with fraud.
Effective leadership means empowering an employee-led culture of zero tolerance for misconduct and providing disincentives for fraudulent conduct. The failure to prioritize detecting, preventing and mitigating fraud doesn’t just increase personal risk for employees, but also endangers the financial well-being of the company and threatens job security for all.
- Overseeing robust risk management
Regularly conducting qualitative and quantitative fraud risk assessments will help ensure the company can better align resources to prevent, detect and mitigate occurrences. Formalizing oversight roles and responsibilities for fraud risk management can allow an organization to establish clear expectations and processes. This is particularly important when a fraud is alleged and the scope of the fraud, the question of who in the organization may be involved and other details are not yet fully known.
All employees, as well as all members of the board, should have access to and clearly understand an established playbook for communication and reporting protocols to elevate identified fraud issues to the appropriate levels within the organization.
- Maintaining a strong internal control environment
Boards and senior management should monitor changes in organizational risk and compliance requirements. Enterprise-risk management practices will help ensure the organization’s approach to risk management remains both up to date and aligned with the company’s overall strategic goals and should be used to enhance the internal control environment of the organization.
Boards should ensure auditors are regularly assessing the effectiveness of specific control activities, such as the segregation of duties, authorization and approval procedures, and reconciliations designed to prevent and detect fraud. These controls must be accurately documented, consistently applied and regularly updated. Instituting a continuing process for monitoring the effectiveness of these internal controls should involve regular internal audits and external audits, as appropriate, along with management reviews and timely reporting to the board.
Readiness is essential. Should internal measures and controls fail, there needs to be a comprehensive plan in place for understanding what should happen internally, as well as externally, to mitigate any alleged fraud. This may include working and communicating with law enforcement, regulators, auditors, forensic accountants and others, as appropriate.
- Implementing an appropriate incentive structure and benchmarking whistleblower mechanisms
Compensation committees design competitive compensation strategies to attract and retain talent and reward high performance. Great care needs to be taken, however, to ensure performance incentive metrics and rewards are designed to elicit desired behaviors that align with a company’s core values and culture, particularly in an unpredictable market. Pressure to commit fraud is often greater in companies where performance incentives are tied only to financial goals and objectives and do not contemplate the broad-strategy goals and objectives of the organization.
Increased public scrutiny stemming from high-profile cases has brought the lack of global standards in whistleblower programs to the forefront. When designed and monitored properly, whistleblower programs can help directors access information that wouldn’t otherwise make it to the boardroom and provide a powerful tool to identify fraud. They can also help incentivize employees to raise issues on a timely basis, assisting in mitigating damage and harm caused by fraudulent practices.
Once allegations of corporate fraud become public and attract the attention of the authorities, individuals and the company may face penalties and reputational damage. As part of their response to allegations of fraud, however, companies should keep in mind that both the SEC and law enforcement tend to look favorably on companies that are transparent and opt to self-report wrongdoing to authorities. Such actions may help organizations avoid significant financial or criminal penalties and allow the business to continue operating.
Boards are encouraged to benchmark their whistleblower systems against standards set by industry associations and regulatory bodies to ensure they keep pace with evolving best practices. Engaging third parties to assess how effectively systems are operating may further identify opportunities to create a more robust system.
Evolving with fraud risk
It is important for boards to recognize that as technology advances, so do opportunities for individuals to commit fraud in increasingly sophisticated ways. There have been documented cases of fraud involving deepfake impersonations for unauthorized transfers, blockchain manipulation to siphon off funds and the use of large AI models for insider trading.
Regulation can be slow to catch up with technological innovation, so remaining educated on such developments and instituting robust and responsible internal programs with the right checks and balances for implementation of new technologies can help mitigate the risk of new forms of fraud as they emerge.
On the positive side, boards and management teams can take advantage of advancing technologies such as machine learning and AI to help detect and analyze patterns in data and identify potential fraud risk factors – for example, through generating suspicious-activity reports based on deviations from expected customer and transaction information. Biometric authentication is another evolving tactic being deployed by companies to combat fraud.
Regardless of how fraud is perpetrated, the adoption of a holistic, culture-first approach to prevention, detection and mitigation empowers boards to confront fraud, protecting organizational integrity and building stakeholder trust amid evolving threats.
Amy Rojik is national managing principal for corporate governance at BDO