Mary Breslin, CFE, CIA
President, Empower Audit
In light of International Fraud Awareness Week, I wanted to take a look at why fraud awareness in every organization needs to specifically define what fraud is for your organization.
Six weeks after the U.S. government bailed out AIG, the AIG executives held a weeklong retreat at a five-star hotel – The St. Regis Monarch in California – and spent half a million dollars. Congress consequently held hearings questioning why a seemingly exorbitant amount of money was spent on an executive retreat immediately after receiving more than $80 billion from the American people to be bailed out. The half a million spent at St. Regis included expenses for rooms up to $1,200 per night, large bar tabs, spa treatments including massages, manicures, pedicures, facials and hair treatments, and more than $150,000 on banquet fees.
When I teach my internal audit fraud course, I like to begin by playing a clip from the congressional hearings that details the expenses, and questions why and how this money was spent. The video does not show any conclusion; it shows the frustration of the congressmen and women trying to understand how after needing to be bailed out by the government, AIG could rationalize those expenditures. One could argue they needed to gather for strategy meetings after the bailout. Sure, but did they need to do it at a five-star resort? And were the spa treatments and bar tabs necessary?
I then poll my class participants and ask them if it is fraud. Most say “no.” The vast majority of people feel it is either waste and abuse, or simply a bad business decision. Most also feel that once the money was given to AIG it was their money to spend as they saw fit. I like to use the AIG example because AIG recovered and was able to pay the money back, which I believe impacts our perception. If AIG had failed, would everyone shake their heads at the company spending a half a million dollars on a retreat and readily call it fraud? But was it fraud? Were the executives acting with appropriate fiscal responsibility and integrity? If not, is that fraud? Or is it waste or abuse? Or maybe it’s simply a bad business decision? We very rarely have trouble labeling actions as fraudulent in hindsight, especially when the company failed or became embroiled in a scandal. But do we see as clearly while it is happening? I think not.
Finally, we also have a much easier time labeling fraud in theoretical situations. This is why organizations need to define what fraud is to them before facing potential fraud risks. If organizations do not clearly define what they consider to be fraud, and the difference between fraud, waste and abuse, and bad business decisions, then as questionable situations arise they may not be seen as a real threat. Just ask Wells Fargo.