How to Manage Reputational Risk

How to Manage Reputational Risk

As Warren Buffett once said, “It takes 20 years to build a reputation and five minutes to ruin it.” Reputation equals integrity and integrity equals social responsibility. By sustaining the “social license to operate” through social responsibility, organizations ensure that business practices, operating procedures and corporate behaviors are acceptable to employees, stakeholders and the public.

Read More

3 Ingredients of a Strong Risk Management Culture

3 Ingredients of a Strong Risk Management Culture

Basel’s Principles for the Sound Management of Operational Risk defines risk culture as “the combined set of individual and corporate values, attitudes, competencies and behavior that determine a firm’s commitment to and style of operational risk management.” It is no coincidence that — of the 11 principles Basel cites — risk culture is at the core of the very first principle: Strong risk culture is ONLY achievable in concert with strong firm-wide culture.

Read More

"Energy is Opportunity" the Foundation for Saudi Aramco’s Commitment to Fighting Fraud


ACFE Staff

For the past 80 years, Saudi Aramco has worked to establish itself as a leader in energy, and oil and gas production. Most recently, the company has also taken steps to lead fraud detection and prevention efforts in the Middle East. More than just a company tagline, “energy is opportunity” is only a stepping stone to the larger principles of integrity, citizenship and ethics.

"While 'energy is opportunity' to us at Saudi Aramco, the company can only capitalize on its opportunities when the basic underlying business processes are all in place and functioning effectively," said Waheed Alkahtani, CFE and CCEP-I, head of the Internal Auditing Advisory Services Group at Saudi Aramco. "The culture has to be one that values and upholds core principles of high integrity, while each employee demonstrates good corporate citizenship. In this regard, being a leader in both fraud detection and also prevention, such as through greater ethics and fraud awareness, surely contributes to the success of Saudi Aramco."

Headquartered in Dhahran, Saudi Arabia, and employing more than 65,000 workers worldwide, Saudi Aramco is one of the largest oil companies in the world. The oil and gas producer leads the industry in production, operational reliability and technical advances. It is currently the world’s largest crude oil exporter, producing roughly one in every eight barrels of the world’s oil supply. With this great responsibility of service, comes an even greater responsibility of ensuring the businesses’ processes and values stay true to the vision of creating opportunity through integrity.

According to Alkahtani, Saudi Aramco has had a history of valued partnership with the ACFE. It established an ACFE Saudi Arabia Chapter in 1997, and most recently joined the Corporate Alliance Program. "When we realized the many benefits of the program, joining the Corporate Alliance became a natural transition for us," he said. "It allows our sizable complement of investigative professionals to have direct access into ACFE’s many resources."

Saudi Aramco decided to join the Corporate Alliance during a difficult time for oil prices, a bold step that could have been viewed risky. But according to Alkahtani, it was actually more cost-effective for Saudi Aramco to administer a group membership as opposed to individual memberships. “At a time of cost-containment and focus on efficiency due to budgetary tightening across the oil industry, the Corporate Alliance offered a positive solution for us, while maintaining valued access to ACFE for our professionals," he said. "We are also able to use ACFE research studies and reports to benchmark our anti-fraud efforts against best-in-class practices. The Corporate Alliance provides cost-effective tools that support our anti-fraud efforts, while keeping us abreast of the latest industry developments and training opportunities."

Affiliates are located in China, Japan, India, the Netherlands, the Republic of Korea, Singapore, the U.K. and the U.S. Like many large corporations, even though the company is headquartered in a central location, its reach is global. Saudi Aramco has designated organizations to effectively manage and investigate suspected fraud cases. “Fraud case profiles tend to be surprisingly similar across global locations,” said Alkahtani. “Saudi Aramco uses a consistent fraud investigation and reporting process to ensure that the General Auditor can reliably provide a comprehensive view to the Board Audit Committee. The two key departments that are involved in investigations of suspected fraud: Special Audits (SAD) and Corporate Security Services (CSSD). Their reports are issued to two corporate executive committees, such that the company acts fairly, ethically and responsibly.”

Perhaps a benefit of joining the ACFE’s Corporate Alliance that may seem obvious, yet understated, is something that Alkahtani is most enthusiastic about: he, and Saudi Aramco, are not alone. "We are all in this fight together! The fact is, no organization operates alone, and we must rely on each other’s efforts to stamp out fraud and corruption," he said. "No government can do it alone either. Regulatory pronouncements must be complemented by corporate policies that work hand-in-hand to enhance transparency and promote integrity. The company has taken a proactive stance in this matter to lead by example. By doing so, we hope that the benefits of a higher integrity business culture will accrue to every citizen and to Saudi Aramco itself."

To find out more about the ACFE's Corporate Alliance Program and hear more about how Saudi Aramco is committed to preventing and detecting fraud, visit

Fraud, Bad Business Decisions, and Waste and Abuse


Mary Breslin, CFE, CIA
President, Empower Audit

In light of International Fraud Awareness Week, I wanted to take a look at why fraud awareness in every organization needs to specifically define what fraud is for your organization.

Six weeks after the U.S. government bailed out AIG, the AIG executives held a weeklong retreat at a five-star hotel – The St. Regis Monarch in California – and spent half a million dollars. Congress consequently held hearings questioning why a seemingly exorbitant amount of money was spent on an executive retreat immediately after receiving more than $80 billion from the American people to be bailed out. The half a million spent at St. Regis included expenses for rooms up to $1,200 per night, large bar tabs, spa treatments including massages, manicures, pedicures, facials and hair treatments, and more than $150,000 on banquet fees.

When I teach my internal audit fraud course, I like to begin by playing a clip from the congressional hearings that details the expenses, and questions why and how this money was spent. The video does not show any conclusion; it shows the frustration of the congressmen and women trying to understand how after needing to be bailed out by the government, AIG could rationalize those expenditures. One could argue they needed to gather for strategy meetings after the bailout. Sure, but did they need to do it at a five-star resort? And were the spa treatments and bar tabs necessary?

I then poll my class participants and ask them if it is fraud. Most say “no.” The vast majority of people feel it is either waste and abuse, or simply a bad business decision. Most also feel that once the money was given to AIG it was their money to spend as they saw fit. I like to use the AIG example because AIG recovered and was able to pay the money back, which I believe impacts our perception. If AIG had failed, would everyone shake their heads at the company spending a half a million dollars on a retreat and readily call it fraud? But was it fraud? Were the executives acting with appropriate fiscal responsibility and integrity? If not, is that fraud? Or is it waste or abuse? Or maybe it’s simply a bad business decision?  We very rarely have trouble labeling actions as fraudulent in hindsight, especially when the company failed or became embroiled in a scandal. But do we see as clearly while it is happening? I think not.

Finally, we also have a much easier time labeling fraud in theoretical situations. This is why organizations need to define what fraud is to them before facing potential fraud risks. If organizations do not clearly define what they consider to be fraud, and the difference between fraud, waste and abuse, and bad business decisions, then as questionable situations arise they may not be seen as a real threat. Just ask Wells Fargo.

Why No Top Execs Prosecuted After the Great Recession?


James D. Ratley, CFE
ACFE President

In the last 30 years, we've seen top executives prosecuted during the S&L debacle, the junk bond scandal, Enron, WorldCom, Tyco and other monumental crimes. However, we never saw prosecutions of any high-level execs after the recent Great Recession. Why?

Jed S. Rakoff, U.S. district judge for the Southern District of New York, says in Fraud Magazine's most recent cover article that the reasons for the government's lack of prosecutions ranged "from the diversion of FBI agents to other priorities to prosecutors' increasing unfamiliarity with how to pursue such cases."

But two primary reasons stand out, he says. "First, beginning in the late 1990s, the Department of Justice became increasingly enamored with the vague — and in my view misguided — notion that prosecuting corporations instead of individuals would affect a change in ‘corporate culture' that would make companies more law-abiding," says Rakoff, a keynoter at the upcoming 27th Annual ACFE Global Fraud Conference, June 12-17 in Las Vegas.

"Second, and probably most important, prosecuting companies is easy — because companies ultimately have to settle or face potential ruin — and enables prosecutors to trumpet quick successes without employing substantial resources or courting defeat," he says.

In a November 2011 ruling, Rakoff tossed out a settlement between the Securities and Exchange Commission (SEC) and Citigroup that allowed the firm, without admitting guilt, to pay a $285 million fine for allegedly selling a billion-dollar fund filled with toxic mortgage debt. On June 4, 2011, the Second Circuit Court of Appeals overturned the Citigroup ruling. But Rakoff was able to say his piece.

In his opinion, he wrote, "The SEC's long-standing policy — hallowed by history, but not by reason — of allowing defendants to enter into consent judgments without admitting or denying the underlying allegations, deprives the court of even the most minimal assurance that the substantial injunctive relief it is being asked to impose has any basis in fact. …

"In any case like this that touches on the transparency of financial markets whose gyrations have so depressed our economy and debilitated our lives, there is an overriding public interest in knowing the truth," Rakoff wrote.

Read Rakoff's full interview on

The ACFE, during the 27th Annual ACFE Global Fraud Conference, will present Rakoff with the Cressey Award.