The following article was originally published on the FCPA Blog on March 20, 2019.
Kick-back schemes, corrupt employees, and violations of your Code of Conduct are all risks facing businesses every day. To combat these threats, companies often rely on auditors to protect them. But are auditors really the answer?
There may be more reliable resources for finding, investigating and advising companies on fraud, misconduct and other organizational risks. The Association of Certified Fraud Examiners found in 2018 that 53 percent of occupational fraud is detected by employees. Compared to internal and external audits which only identified fraud 15 percent and 4 percent of the time, respectively.
Auditors will tell you they are not generally in the business of uncovering fraud. Although they play an important role in organizations and are tasked with determining the accuracy of financial statements, much fraud, like kickback schemes, occurs “off-the-books.” Additionally, the primary resources used by auditors when reviewing an organization’s activities are commonly provided by the client. Think financial records, physical inventory and other data.
Finding Risk When Auditors Can’t
Risk management professionals possess different skill sets and experience than auditors. Within the profession, there are many different layers of experience, such as former state and federal prosecutors, former law enforcement professionals, lawyers, computer experts, forensic accountants and researchers. All of these individuals are highly skilled and trained in investigations that identify and resolve complex problems reported through hotline reports and employee communications. They specifically focus on preventing, finding and resolving fraud and other misconduct.
Risk professionals, moreover, often rely on outside information in conjunction with internal information to resolve issues. These sources include but are not limited to local boots-on-the-grounds resources, interviews, government records and local media and databases.
Some advantages in using risk management professionals include:
Analyzing whether the prices and figures match: Many schemes today are off-the-books and can only be discovered through alternative means, including speaking to third-parties outside the organization. Although everything on paper may add up (i.e. the dollar amounts on an invoice may match the dollar amount on a check) the inquiry and analysis should not stop there. Often one must look beyond the figures to discover the actual fraud and depth of misconduct.
Vendors may be charging companies two or three times the market rates as part of a kickback scheme, yet the books might appear to be legitimate. Determining actual market rates often requires speaking personally with local manufacturers, visiting sites and assessing the histories of the vendors.
A shell game: Shell companies are formed in minutes, and a cursory review of the Panama Papers show how these entities are used to defraud others. Failure to perform due diligence is often the flaw in the internal control process and site visits are often the only means available to assess whether a company is real or a fake. The audit process typically does not utilize site visits or other extensive field research to assess whether one or five hundred shell companies are defrauding a client.
It is for these reasons that it is important to use the right resource to ferret out fraud. Unless specifically requested to perform a forensic audit to look for fraud, an audit performed by an auditor in the ordinary course of business is unlikely to uncover such misconduct. It is the risk management professional, on the other hand, that is focused on these issues and trained to investigate, assess and advise on fraud, misconduct and other breaches.
Jeffrey M. Klink, pictured above left, is the President and CEO of KLINK, an international business intelligence network that is dedicated to helping organizations avoid the pitfalls of fraud, fiction and phantoms by taking guesswork out of the equation. The firm works in more than 100 countries every year, and has special expertise in China, Russia, India, and throughout Africa.
Tracy Pastrick, above right, is a Vice President and General Counsel at KLINK. She has audited organizations’ governance programs in order to assure compliance with the FCPA and the UK Bribery Act, focusing upon training, audit, due diligence, supply-chain, and communications.