Setting the Tone at the Top with a Robust Whistleblowing Policy in Africa

/
whistle.jpg

GUEST BLOGGER

Mustafa Yusuf-Adebola, ACCA
Risk Consultant

In late 2016, the Nigerian government introduced a whistleblowing policy that awarded individuals between 2.5% to 5% of the amounts recovered based on information about violations of financial regulations, mismanagement of public funds and assets, financial malpractice, fraud and theft. Within a three-month period, the government received 282 tips from whistleblowers through:

  1. Text messages (34%);
  2. Phone calls (31%);
  3. Emails (18%);
  4. A whistleblowing portal (17%).

While 55% of these tips were actionable, the medium of communication whistleblowers chose gives an indication of what Nigerians are more comfortable with.

Until recently, whistleblowing was not seen as a serious and viable detection technique in Africa. Whenever one brought up the topic, it sounded like a textbook term used only for academic purposes. Though codes of corporate governance, regulations and international affiliations forced a number of companies to have a whistleblowing policy, in the companies I reviewed I noticed what accountants call ”substance over form.” Essentially, the regulatory (or affiliate) substance of having a whistleblowing policy overrode the working form.

Regarding the tone at the top, the government’s policy has made the whistleblowing immersion and enlightenment a more engaging discourse. “I am going to blow the whistle” is now a popular phrase within the country and people use the whistle as a metaphorical expression of reporting wrongdoing.

The publicity of this policy has also spurred discussions concerning the protection of whistleblowers, rewards for whistleblowing and punishment for false reporting. Similarly, there have also been questions raised on the safeguarding of tips provided by whistleblowers to ensure they are not leaked by those who receive or work on these tips (thus making the whistleblower appear like a false informant). In response to some of these concerns, the country’s senate passed a Whistleblower Protection Bill last June.

As these discussions gain traction, organizations in the private and public sectors are now either introducing whistleblowing policies or reviewing existing ones. Recently, I have observed more Nigerian companies having a whistleblowing link on their websites while some publicize the existence of these portals on their social media pages.

Despite all of these changes, it is important that companies do not just have whistleblowing policies in place but the top hierarchy display and are seen to display a strong commitment to act ethically in order to encourage a whistleblowing culture whose “form supersedes its substance."

 

Placing Volkswagen Into the Fraud Triangle

/

LIVE FROM THE ACFE GLOBAL FRAUD CONFERENCE

Mandy Moody
ACFE Media Manager

Steve Morang, CFE, CIA, CRMA, Senior Manager at Frank Rimerman & Co LLP, began his session today at the ACFE Global Fraud Conference asking attendees to raise their hands if they believed the Volkswagen executives didn’t know anything about the fraudulent emissions tests built into more than 11 million of their diesel cars. Only one person raised his hand. No matter if you think they did know about the manipulation or not, there are lessons to be learned from dissecting what could have possibly led to an ethics failure that cost $35 billion in market capital in just five days.

One way to analyze the scandal is to place it into the Fraud Triangle. Identifying the pressures, rationalizations and opportunities, as Morang did today, shines a light on the dark areas that plague many company’s ethical cultures.

Pressure
According to Morang, the former CEO’s management style was ruthless. Martin Winterkorn wanted the German car giant to be the No. 1 car maker in the world and that meant making it into the U.S. marketplace with their diesel engine cars. The tone at the top was to get it done and get it done now.

In a 2015 CNBC article, Bernd Osterloh, a supervisory board member for Volkswagen, was quoted as writing in a letter to staff, "We need in future a climate in which problems aren't hidden but can be openly communicated to superiors. We need a culture in which it's possible and permissible to argue with your superior about the best way to go."

The article goes on to reference former company executives describing “a management style under Winterkorn that fostered a climate of fear, an authoritarianism that went unchecked partly due to a company structure unique in the German motor industry.” Upon Winterkorn’s resignation in September of 2015, he said that he was “not aware of any wrongdoing.”

Rationalization
To the people responsible for the manipulation of the engines, Morang said the tampering was done for what the employees under pressure thought was the greater good. They were using the same utilitarian ethics that I described in my earlier post. There was a mentality that it was okay to bend the rules so that Volkswagen, and the investors, could come out ahead. In other words, the ends (larger profits, notoriety and reputation) justified the means (fraudulent emissions tests).

Opportunity
When an employee or group of employees (the investigation is still ongoing) discovered that the diesel cars could be wired to cheat emissions tests, the legs of the Fraud Triangle moved quickly into place. By adding the pressure to enter the U.S. market with the rationalization of putting the company above all else, in addition to the opportunity to fool emissions tests, the slippery slope soon looked like an easy path to take.

By understanding the pressures, rationalizations and opportunities that contributed to the actions taken either by a few or many, the top, middle or the bottom, anti-fraud professionals can take away practical tools to use when examining their own company’s ethical culture.

Find more coverage from the 27th Annual ACFE Global Fraud Conference at FraudConferenceNews.com.

How to Master the Edge of Ethics

/

LIVE FROM THE ACFE GLOBAL FRAUD CONFERENCE

Mandy Moody, CFE
ACFE Media Manager

Ethical dilemmas. We find ourselves in these situations every day. Do I cut the person off in the lane next to me so I can get to work on time? Do I go back and pay for the grapes that were hidden at the bottom of my grocery cart that the check-out person missed? Do I lie about my address on my daughter’s registration forms to get her into a better public school? Do I report the contract work I did on my tax forms?

Just as these ethical dilemmas show up in our personal lives, so, too, do they follow us into the workplace. In the educational session, “Mastering the Edge of Ethics,” John Hurlimann, CFE, Sr. Investigations Manager of Intel Corporation, encouraged attendees of the 27th Annual ACFE Global Fraud Conference to re-evaluate their standards of ethics, recognizing how ethics can be both good and bad for business.

According to Hurlimann, there are many actions a company can take to take an organizational approach to ethics in order to keep employees from taking advantage of any opportunities to commit fraud.

Some of the immediate actions companies can take are:

  • If we have heard it once, we have heard it a thousand times: establish a rock solid tone at the top. It isn’t enough to just say you are against fraud, company leaders need to show it. Be present in communications regarding fraud policies, be transparent with findings and hold people accountable. Hurlimann referenced this quote from GE’s General Counsel and Senior VP, Alex Dimitrief, “In my opinion, 10 minutes from a company’s CEO, 10 minutes from the CFO and 10 minutes from the General Counsel at a staff meeting or town hall discussing why integrity is important to a company is worth thousands of hours of training.” 
  • Employees have to trust that a reporting network is going to work. You must have a zero tolerance policy on retaliation. Hurlimann said that at Intel they send a simple message back to anyone that reports fraudulent activity that reads, “Thank you for your submission. The action may not be visible to you, but we have reviewed your report and taken the appropriate action.”
  • Offer multiple ways for people to come forward. This could be through a hotline, email, letters or in-person; make sure all ways are encouraged and enabled. “Fifty percent of the significant matters that we closed in the European regions was someone walking into our office and saying they had concerns in person,” Hurlimann said. To him, this is an important distinction to make when developing reporting mechanisms across the world. What may work best in one country and culture may not be successful in another.
  • Take action when something happens. Hurlimann said that you have to publicly hold people accountable either via coaching, a written warning, termination or reaching out to law enforcement.

Ethical dilemmas, whether personal or professional, will continue to haunt the most respected and dedicated fraud fighters. But, recognizing their presence and creating a clear policy upheld at the highest levels will give employees the knowledge to step away from the top of the slippery slope on which they may one day find themselves.

Read the full article and find more conference coverage on FraudConferenceNews.com.

C-suite's Dirty Little Fraud Secrets

/

LIVE FROM THE 2015 ACFE ASIA-PACIFIC FRAUD CONFERENCE

By Emily Primeaux
Assistant Editor, Fraud Magazine

CEO-boxed-in.jpg

Day two at the 2015 ACFE Asia-Pacific Fraud Conference in Singapore kicked off with sessions covering the FIFA scandal, compliance in current global markets and investigating in the Cloud. One such session that saw a full room and engaged attendees was C-suite’s Dirty Little Fraud Secrets with Roger Darvall-Stevens, CFE, Partner, National Head of Forensic Services, RSM.

“It’s one of those once-in-a-lifetime events that seems to happen regularly,” said Darvall-Stevens in reference to misconduct in the higher echelons of organizations. He explained that fraud by CEOs, CFOs and others in the “C-suite” is a dirty little secret, which is rarely discussed, but happens with disturbing regularity. 

Who are the c-suite or c-level? An organization’s most trusted executives, according to Darvall-Stevens. He then asked the room to break off into groups to discuss what kinds of checks and balances should exist in the c-suite. I sat down with one group as they analyzed the executives in their respective countries.

One attendee expressed the importance of tone at the top. Executives have the power to step outside of the normal processes, but shouldn’t be allowed to. That’s where the checks and balances should come in. He said, “Where we hold our politicians to be accountable, we don’t always do the same with our c-suite.”

Another attendee explained that in the Asian culture, it’s extremely tough to challenge the leaders. This seemed to be the consensus across the room when Darvall-Stevens asked the groups to share their impressions. One attendee shared that in Malaysia the person that raises the issue is the first victim. There’s no protection for whistleblowers.

And the statistics back these claims up. Darvall-Stevens shared results from the 2014 ACFE Report to the Nations on Occupational Fraud and Abuse that showed that in the Asia-Pacific region, the median loss among owners and executives in 2014 was $1.5 million. Globally, the median loss was $500,000. 

So what motivates c-suite executives to commit fraud when they are already being paid so well? Darvall-Stevens again broke the room into groups to discuss this. The answers they came up with varied. Another group I sat down with shared an example of an executive who’d promised his family nice trips, expensive gifts, etc. However, on the side, he had a gambling problem. In an effort to cover his gambling debts and still keep his promises to his family, he embezzled from his company.

Other motivations that Darvall-Stevens shared included:

  • Living beyond one’s means
  • Unusually close relationship with a vendor or customer
  • Divorce or family problems
  • Excessive pressure from within the organization

What Can Be Done? 

Darvall-Stevens finished his session by sharing tips on how to prevent c-suite fraud. Key checks and balances include:

  • Developing tailored forensic or fraud detection procedures
  • Forensic reviews that include a focus on the c-suite, which can be designed by reverse-engineering the intelligence gained in understanding c-suite fraud red flags
  • Conducting forensic due diligence background checks on c-suite executives and family to ensure that any conflict of interest, perceived or actual, is managed
  • Performing forensic IT analysis as required

“If a c-suite executive objects to forensics or fraud detection procedures, or a forensic review, I suggest that this may be a red flag in itself and should cause concern for the board,” finished Darvall-Stevens. “No one, regardless of level or seniority in a business, is beyond the checks and balances that mitigate the risks of fraud and corruption.”

The Top 3 Fears that Paralyze Fraud Prevention

/

SPECIAL TO THE WEB

Tasha Bailey, CFE

As a senior risk vendor analyst, I've primarily worked with companies that bring in annual revenues of $5 billion or more, and I've seen the full range of attempts to address fraud within the purchasing-to-accounts-payable cycle. Often, the company doesn't put a robust process in place until it's in the news with a violation, an FCPA incident or an internal case of undetected embezzlement that might have gone on for years. But why? As money walks out the door, why wouldn't companies adopt a more proactive stance for early detection?

The answer is fear. Fear can prevent a mom-and-pop shop or a Fortune 500 industry leader from becoming serious about fighting fraud. Business analytics and portal systems certainly enable companies to more quickly mine through volumes of data and identify red flags, yet they're not a requirement for fraud prevention. Depending on the size of the company, it can data mine and detect fraud early with such basic tools as Microsoft Access and Excel. And while companies pay lip service to efforts to fight fraud, they're often slow to take advantage of even these most elementary methods. Let's consider how the fear factor plays into the decision — or indecision — to fight fraud.

Fear No. 1: Cost. Like health or car insurance, fraud prevention software is a cost for which you don't always recognize an immediate return. Management wants money brought back to the bottom line, and it's easy to assign a dollar figure to payment errors using platforms like duplicate invoice analysis. But when it comes to identifying and preventing risk and potential fraud, returns can be harder to quantify.

I often hear concerns about spending money on a system that might or might not identify fraud. And if the system does identify fraudulent activity, companies are now obligated to spend more for the additional investigation and possible litigation. Larger companies might see money lost to fraud as "pennies," but pennies add up. That's money that could have been reinvested toward a company's bottom line.

Fear No. 2: Technology. Companies are concerned that implementing new software technology might increase their exposure to fraud via data breaches. They're also concerned that technology will replace internal auditors. While data encryption and similar tools can combat the risk of data breaches, addressing personnel concerns are trickier.

When I work with companies, I point out that technology in any form is a means to assist — not replace — people. Computers alone don't "discover" fraud; they simply detect red flags that can point you in the right direction. The red flag could be a simple data-entry error or an anomaly within the data. Technology helps identify red flags, but human input and investigation is required to determine if fraud is indeed occurring. From there, companies must ask questions.

Fear No. 3: Loss of reputation. Companies might fear their reputations will take a hit if they uncover ongoing fraud schemes. Social media has evolved to become an incredibly popular form of information sharing, so all it takes is the hint of a rumor and the damage is done. Employees might post information — or alleged information — that makes it appear as though a company is attempting to hide something. For that reason, it's to a company's advantage to be open with their employees in their effort to fight fraud. Employees are less likely to whistleblow in public when there are safe, internal options for them to report discrepancies to management. For example, use proactive social risk-management strategies, such as toll-free hotlines, to help employees feel comfortable reporting potential or suspected frauds without the fear of retaliation.

Passive detection methods aren't enough anymore. It's been proven time and again that instilling proactive efforts to discover or reduce fraud will increase the bottom line and enhance a company's reputation.

Read more from Tasha, and find out the best practices for engaging analytic tools and front-line staff to identify and prevent fraud on Fraud-Magazine.com.