Fraud, Bad Business Decisions, and Waste and Abuse

GUEST BLOGGER

Mary Breslin, CFE, CIA
President, Empower Audit

In light of International Fraud Awareness Week, I wanted to take a look at why fraud awareness in every organization needs to specifically define what fraud is for your organization.

Six weeks after the U.S. government bailed out AIG, the AIG executives held a weeklong retreat at a five-star hotel – The St. Regis Monarch in California – and spent half a million dollars. Congress consequently held hearings questioning why a seemingly exorbitant amount of money was spent on an executive retreat immediately after receiving more than $80 billion from the American people to be bailed out. The half a million spent at St. Regis included expenses for rooms up to $1,200 per night, large bar tabs, spa treatments including massages, manicures, pedicures, facials and hair treatments, and more than $150,000 on banquet fees.

When I teach my internal audit fraud course, I like to begin by playing a clip from the congressional hearings that details the expenses, and questions why and how this money was spent. The video does not show any conclusion; it shows the frustration of the congressmen and women trying to understand how after needing to be bailed out by the government, AIG could rationalize those expenditures. One could argue they needed to gather for strategy meetings after the bailout. Sure, but did they need to do it at a five-star resort? And were the spa treatments and bar tabs necessary?

I then poll my class participants and ask them if it is fraud. Most say “no.” The vast majority of people feel it is either waste and abuse, or simply a bad business decision. Most also feel that once the money was given to AIG it was their money to spend as they saw fit. I like to use the AIG example because AIG recovered and was able to pay the money back, which I believe impacts our perception. If AIG had failed, would everyone shake their heads at the company spending a half a million dollars on a retreat and readily call it fraud? But was it fraud? Were the executives acting with appropriate fiscal responsibility and integrity? If not, is that fraud? Or is it waste or abuse? Or maybe it’s simply a bad business decision?  We very rarely have trouble labeling actions as fraudulent in hindsight, especially when the company failed or became embroiled in a scandal. But do we see as clearly while it is happening? I think not.

Finally, we also have a much easier time labeling fraud in theoretical situations. This is why organizations need to define what fraud is to them before facing potential fraud risks. If organizations do not clearly define what they consider to be fraud, and the difference between fraud, waste and abuse, and bad business decisions, then as questionable situations arise they may not be seen as a real threat. Just ask Wells Fargo.

Why No Top Execs Prosecuted After the Great Recession?

LETTER FROM THE PRESIDENT

James D. Ratley, CFE
ACFE President

In the last 30 years, we've seen top executives prosecuted during the S&L debacle, the junk bond scandal, Enron, WorldCom, Tyco and other monumental crimes. However, we never saw prosecutions of any high-level execs after the recent Great Recession. Why?

Jed S. Rakoff, U.S. district judge for the Southern District of New York, says in Fraud Magazine's most recent cover article that the reasons for the government's lack of prosecutions ranged "from the diversion of FBI agents to other priorities to prosecutors' increasing unfamiliarity with how to pursue such cases."

But two primary reasons stand out, he says. "First, beginning in the late 1990s, the Department of Justice became increasingly enamored with the vague — and in my view misguided — notion that prosecuting corporations instead of individuals would affect a change in ‘corporate culture' that would make companies more law-abiding," says Rakoff, a keynoter at the upcoming 27th Annual ACFE Global Fraud Conference, June 12-17 in Las Vegas.

"Second, and probably most important, prosecuting companies is easy — because companies ultimately have to settle or face potential ruin — and enables prosecutors to trumpet quick successes without employing substantial resources or courting defeat," he says.

In a November 2011 ruling, Rakoff tossed out a settlement between the Securities and Exchange Commission (SEC) and Citigroup that allowed the firm, without admitting guilt, to pay a $285 million fine for allegedly selling a billion-dollar fund filled with toxic mortgage debt. On June 4, 2011, the Second Circuit Court of Appeals overturned the Citigroup ruling. But Rakoff was able to say his piece.

In his opinion, he wrote, "The SEC's long-standing policy — hallowed by history, but not by reason — of allowing defendants to enter into consent judgments without admitting or denying the underlying allegations, deprives the court of even the most minimal assurance that the substantial injunctive relief it is being asked to impose has any basis in fact. …

"In any case like this that touches on the transparency of financial markets whose gyrations have so depressed our economy and debilitated our lives, there is an overriding public interest in knowing the truth," Rakoff wrote.

Read Rakoff's full interview on Fraud-Magazine.com.

The ACFE, during the 27th Annual ACFE Global Fraud Conference, will present Rakoff with the Cressey Award.

C-suite's Dirty Little Fraud Secrets

LIVE FROM THE 2015 ACFE ASIA-PACIFIC FRAUD CONFERENCE

By Emily Primeaux
Assistant Editor, Fraud Magazine

CEO-boxed-in.jpg

Day two at the 2015 ACFE Asia-Pacific Fraud Conference in Singapore kicked off with sessions covering the FIFA scandal, compliance in current global markets and investigating in the Cloud. One such session that saw a full room and engaged attendees was C-suite’s Dirty Little Fraud Secrets with Roger Darvall-Stevens, CFE, Partner, National Head of Forensic Services, RSM.

“It’s one of those once-in-a-lifetime events that seems to happen regularly,” said Darvall-Stevens in reference to misconduct in the higher echelons of organizations. He explained that fraud by CEOs, CFOs and others in the “C-suite” is a dirty little secret, which is rarely discussed, but happens with disturbing regularity. 

Who are the c-suite or c-level? An organization’s most trusted executives, according to Darvall-Stevens. He then asked the room to break off into groups to discuss what kinds of checks and balances should exist in the c-suite. I sat down with one group as they analyzed the executives in their respective countries.

One attendee expressed the importance of tone at the top. Executives have the power to step outside of the normal processes, but shouldn’t be allowed to. That’s where the checks and balances should come in. He said, “Where we hold our politicians to be accountable, we don’t always do the same with our c-suite.”

Another attendee explained that in the Asian culture, it’s extremely tough to challenge the leaders. This seemed to be the consensus across the room when Darvall-Stevens asked the groups to share their impressions. One attendee shared that in Malaysia the person that raises the issue is the first victim. There’s no protection for whistleblowers.

And the statistics back these claims up. Darvall-Stevens shared results from the 2014 ACFE Report to the Nations on Occupational Fraud and Abuse that showed that in the Asia-Pacific region, the median loss among owners and executives in 2014 was $1.5 million. Globally, the median loss was $500,000. 

So what motivates c-suite executives to commit fraud when they are already being paid so well? Darvall-Stevens again broke the room into groups to discuss this. The answers they came up with varied. Another group I sat down with shared an example of an executive who’d promised his family nice trips, expensive gifts, etc. However, on the side, he had a gambling problem. In an effort to cover his gambling debts and still keep his promises to his family, he embezzled from his company.

Other motivations that Darvall-Stevens shared included:

  • Living beyond one’s means
  • Unusually close relationship with a vendor or customer
  • Divorce or family problems
  • Excessive pressure from within the organization

What Can Be Done? 

Darvall-Stevens finished his session by sharing tips on how to prevent c-suite fraud. Key checks and balances include:

  • Developing tailored forensic or fraud detection procedures
  • Forensic reviews that include a focus on the c-suite, which can be designed by reverse-engineering the intelligence gained in understanding c-suite fraud red flags
  • Conducting forensic due diligence background checks on c-suite executives and family to ensure that any conflict of interest, perceived or actual, is managed
  • Performing forensic IT analysis as required

“If a c-suite executive objects to forensics or fraud detection procedures, or a forensic review, I suggest that this may be a red flag in itself and should cause concern for the board,” finished Darvall-Stevens. “No one, regardless of level or seniority in a business, is beyond the checks and balances that mitigate the risks of fraud and corruption.”

Self-Reporting: 'Fess Up and Move On

FROM THE PRESIDENT

James D. Ratley, CFE
ACFE President and CEO

When we were kids, we always knew we had choices. When we fibbed to our parents, we could wait for the truth to emerge, or we could quickly go back to them and come clean with all the details. Our choices: harsh punishment or a possible lighter sentence.

Large U.S. conglomerates have a similar problem. As they acquire companies around the globe and transform them into subsidiaries, they often have to reconfigure them to conform to U.S. laws and regulations such as the Foreign Corrupt Practices Act and the Sarbanes-Oxley Act. Now, that's not necessarily the hardest part. Policing those subsidiaries is much more difficult.

Let's say that years later a whistleblower from one of the subsidiaries reports to the company widespread corruption — a resurrected remnant of long-followed practices. What does the conglomerate do? Manage its risks, keep the infractions under wraps and work to clean up the mess? Or report the problems immediately to the U.S. Department of Justice?

In our latest Fraud Magazine cover article, Leslie R. Caldwell, assistant U.S. attorney general for the DOJ's Criminal Division, in essence, says go for the second option: 'Fess up and make amends — quickly.

"We encourage companies, particularly public companies, if they discover a significant compliance problem that also is a significant criminal issue to self-report to the Department of Justice," Caldwell says during a recent Fraud Magazine interview. Caldwell will be a keynote speaker at the 26th Annual ACFE Global Fraud Conference, June 14-19 in Baltimore, Maryland. 

"We encourage them to cooperate with us in our investigation," Caldwell says. "And they should be prepared to give us the relevant facts, documents and evidence in a timely fashion. They should include who is responsible for what went wrong and what these individuals did in the form of facts, not in the form of opinions or privileged attorney-client information. It's very important for companies to understand that they tell us which employees did what — even if it's senior executives."

Of course, a corporation's first responsibility is to avoid a situation in which it has to self-report. But if it finds itself in a legal bind, it should lace up its running shoes and race to the DOJ.

How Fraud Can Creep Into the Tiniest of Fractures During Change and Transition

SPECIAL TO THE WEB

Comcast and Time Warner Cable. AT&T and DirecTV. Facebook and WhatsApp. In 2014, mergers and acquisitions were particularly prevalent, and these three deals made notable headlines. And for most corporations, organizational transformation enables adaptation to an ever-changing global business environment. However, change can also expose companies to significant financial, occupational and compliance fraud risks.

In the newest article on Fraud-Magazine.com, Chris Dogas, CFE, CPA, CRMA, explores the internal control structure of large corporations during a transition and how fraud can creep into even the tiniest of fractures. Using real-world case studies and the Fraud Triangle, Dogas provides valuable insight into how executives and employees find opportunities to commit fraud during times of change. He also outlines key steps that senior management and corporate boards can take to control risk.

Here are some points of action that management and boards in changing organizations should heed:

  1. Maintain effective corporate governance and periodically communicate key governance activities to employees to remind them that despite the transition, the corporation continues to implement internal controls and it requires compliance with them. Governance activities could include audit committee meetings to review internal controls, including interactions with external and internal auditors.
  2. Maintain strong company-level controls. This includes strong Tone at the Top, hiring practices (such as background checks), training and retaining clear policies and procedures.
  3. Maintain and promote strong anti-fraud controls, including internal control risk assessments, fraud risk assessments and an incident hotline. The ACFE's 2014 Report to the Nations states that tips continue to be the primary method of fraud detection in 42 percent of incidents. When organizations identify violations, they should communicate to employees the nature of the incidents and the related disciplinary decisions and actions.
  4. Perform monitoring activities, including internal control reviews, internal audits and segregation of duties reviews.
  5. Most importantly, actively involve internal control and anti-fraud professionals during the integration process (i.e. planning, strategy integration meetings and discussions). These experts can perform risk assessments and identify leading indicators of weakening controls. They also can provide advice on remediation. Their involvement sends messages to the rest of the management team, and the whole organization overall, that the company continues to adhere to its internal control structure.

You can read more from Dogas in the full article on Fraud-Magazine.com.