In a world of increasing regulatory scrutiny, the need for effective corporate measures to mitigate the risk of fraud is more important than ever. Although companies in Qatar may be better insulated than some from the effects of economic troubles, businesses should still consider their fraud risks.
Defining Fraud
Fraud can be defined as “the intentional use of deceit to deprive another party of money, property or a legal right”. It includes bribery, corruption, cyber crime, insider trading, or straightforward theft, and can be difficult to detect, as in the case of kick-back schemes. The Association of Certified Fraud Examiners’ “Report to the Nations on Occupational Fraud and Abuse” in 2012 estimated total global fraud losses of more than $3.5trn. A recent PwC survey indicated that 28% of organisations in the Middle East had been the victims of fraud in the past year, compared to the global average of 34%. However, the survey also indicated that economic crime is detected by chance in the region twice as often as the global average, indicating that internal fraud prevention and detection controls are not as effective as they could be. Losses experienced as a result of fraud are also significant – half of those who reported fraud in the Middle East estimated their total losses at between $100,000 and $5m.
Mitigating Loss
There are as many ways of rationalising a crime as there are crimes, and rationalisation is rarely obvious to anyone but the perpetrator. This is often a fascinating insight – “I deserve more!”, “everyone else is doing it”, “I’ll pay it back when I’m able to”. While each organisation must consider its own circumstances, some key areas should always be kept in mind: Regular risk assessments: In order to understand how to effectively mitigate fraud risk, an assessment needs to be completed to understand what the business’s particular risks are. This should be updated regularly as part of an effective system of internal control. Organisational tone: The organisation’s culture is particularly important in preventing fraud loss. What steps is the organisation taking in its business practices and its dealings with its customers and stakeholders to demonstrate its ethical stance and its attitude to those who commit frauds, and do the words and actions of the business’s leaders support this? Fraud policies: Does the organisation have robust policies for dealing with fraud, processes for avoiding conflicts of interest and a whistle-blowing policy? Are these policies well publicised amongst employees and, crucially, are they demonstrably enforced? Governance and information: Does the management team have the information they require to mitigate fraud? Such a system might for example include regular reporting of internal investigations, monitoring of the whistle-blowing hotline or information relating to breaches of key controls such as approval of vendor payments or segregation of duties. Control activities: Are the organisation’s controls designed to address fraud risks and are they updated for the results of regular fraud risk assessments? Do these controls include spot checks, independent reviews or data mining techniques? Is the control system robust enough to prevent frauds from occurring? Staff recruitment: How well does the organisation know its employees? Are verifiable background checks done when hiring employees into key positions? Staff training: Are there regular training sessions for staff around fraud prevention? Do employees understand what risks they might face in their roles, what tools are available to them to mitigate risks or where they can turn if they feel fraud is being committed? Fraud response: Does the organisation have a thorough fraud response plan, and is this visibly implemented? A competent and active internal investigations team can be invaluable in providing an independent review, and ensuring that any lessons learned from a case of fraud are able to be implemented more widely than merely in the part of the organisation affected.
Read More from OBG
