Corporate India’s unwillingness to see fraud as a strategic risk poses a grave threat to firms as they start experiencing frauds of the future indicates the KPMG India Fraud Survey 2012 launched in New Delhi.
Cyber crime, intellectual property fraud including counterfeiting and piracy, and identity theft were rated as the top fraud concerns for the future by survey respondents across all sectors. This underlines a shift in the fraud landscape with fraudsters increasingly targeting organisational knowledge (data, code etc) and not physical assets to defraud companies.
70 per cent of the companies surveyed have no effective mechanism to tackle these futuristic frauds, with 71 per cent respondents believing that it is inevitable cost of business. Compounding the situation, the industry is reluctant to discuss bribery and corruption.
In the pharmaceutical sector, bribery and corruption emerged one of the key compliance risks to pharma companies. This is due to situations ranging from the fact that procurement teams at hospitals in India can manipulate prices in return for kickbacks from pharma companies. So also, medical practitioners have been accused of accepting gifts from pharma companies in return for promoting drugs made by them. Independence of regional regulatory bodies can be compromised to provide favourable reports overlooking malpractices.
Moreover, about 50 per cent of respondents from the industrial markets sector believe that their organisations have experienced frauds in the last two years. Procurement, sales and distribution and inventory are amongst the top three most vulnerable processes to fraud risks in the pharma sector.
“Over the last decade knowledge has emerged as a key organisational asset. It is only natural that fraudsters will target these assets, as they are much more valuable to companies today,” said Rohit Mahajan, Partner and co-Head, Forensic Services, KPMG in India. The futuristic frauds identified rely on technology and allow fraudsters to work in groups to leverage their full might. Irrespective of size, sector and operations, every company was vulnerable, said Mahajan.
“Technology is changing the fraud landscape and challenging the boundaries of fraud risk management. By misusing technology even relatively simple frauds like those in procurement, can become sophisticated and difficult to detect. The frameworks that were sufficient to mitigate simple frauds are no longer effective against these sophisticated frauds”, he said. This is evidenced by over 70 per cent of survey respondents claiming they had no effective mechanism in place to mitigate risks from futuristic frauds.
Highlighting the under-preparedness among companies to tackle futuristic fraud, the survey noted that nearly 78 per cent of respondents were unaware of the risks associated with intellectual property infringement, counterfeiting or piracy. In case of cyber crime, while over 80 per cent respondents had policies on accessing external websites and social media from their office networks, 40 per cent said their companies did not have specific guidelines on the kind of information that could be shared on social media. Around 53 per cent of respondents said they had faced identity theft (either by way of password sharing, social engineering or malwares) and yet did not have a policy to mitigate these incidences.
There was high reliance on internal mechanisms such as general process controls and compliance frameworks to detect and prevent futuristic frauds, the survey noted. While whistleblower hotlines were identified as an efficient method to uncover fraud or misconduct within organisations, only 50 per cent of respondents said they had established such a hotline in their organisation.
Further, only half of the respondents said they had implemented process specific controls, employee and third party due diligence, whistleblower hotline, and a framework to monitor compliance with the Code of Conduct/ Code of Ethics. Apart from challenging business processes to unearth gaps in existing controls, and forming internal teams to research on emerging frauds, there was little that companies were doing to tackle these frauds, the survey revealed.
“A one-size-fits-all framework cannot help mitigate emerging fraud risks. This is because each risk manifests itself uniquely. Companies need to be aware of the various possible modus operandi, perpetrators and gaps in internal controls. Only then can they develop an effective risk mitigation framework,” said Mahajan. He cited comprehensive information security measures, protection of personal information, physical security measures, and robust access protocols, along with periodic reviews as some measures that could be adopted to tackle futuristic frauds holistically.
Although a majority of respondents were impacted by various types of futuristic frauds, around 71 per cent felt fraud (of any type) was an inevitable cost of doing business, implying that fraud mitigation and risk management ranked low on their board level agenda. This attitude, to some extent, was supported by various survey findings – Increase in the number of frauds discovered (making one believe that no amount of risk management could help); the tendency among companies to undermine the threat of employee fraud; inadequate fraud risk management controls to tackle futuristic fraud; reluctance to rely on external experts during an investigation and a high degree of tolerance for well known forms of fraud such as bribery and corruption. Financial services and information and entertainment were identified as sectors most prone to frauds, owing to their high dependence on technology, large transactional data in electronic form, as well as the confidential information they held.
Bribery and corruption continues to be an issue the industry is reluctant to discuss and close to 70 per cent of respondents said they faced no significant threat from it. Around 72 per cent of respondents said their organisation had a mechanism to address bribery and corruption, however, only few respondents chose to answer questions pertaining to such a mechanism, indicating high levels of organisational tolerance to bribery and corruption.
Survey methodology
The KPMG fraud survey was conducted by circulating an online questionnaire and received responses from 293 CXOs from varied industries across financial services, information and entertainment, industrial markets, real estate and infrastructure, consumer markets, telecom, travel tourism and leisure, healthcare and social sector. The respondents represent both Indian and multinational firms with an annual turnover in the range of Rs 500 crore – Rs 10,000 crore.
EP News Bureau – Mumbai