Corporate India’s unwillingness to see fraud as a strategic risk poses a grave threat to firms as they start experiencing frauds of the future, indicates the KPMG India Fraud Survey 2012.
Cyber crime, intellectual property fraud including counterfeiting and piracy, and identity theft were rated as the top fraud concerns for the future by survey respondents across all sectors. This underlines a shift in the fraud landscape with fraudsters increasingly targeting organisational knowledge (data, code etc) and not physical assets to defraud companies.
“Over the last decade knowledge has emerged as a key organisational asset. It is only natural that fraudsters will target these assets, as they are much more valuable to companies today,” said Rohit Mahajan, Partner and co-Head, Forensic Services, KPMG in India. The futuristic frauds identified rely on technology and allow fraudsters to work in groups to leverage their full might. Irrespective of size, sector and operations, every company was vulnerable, said Mahajan.
“Technology is changing the fraud landscape and challenging the boundaries of fraud risk management. By misusing technology even relatively simple frauds like those in procurement, can become sophisticated and difficult to detect. The frameworks that were sufficient to mitigate simple frauds are no longer effective against these sophisticated frauds“, he said. This is evidenced by over 70 percent of survey respondents claiming they had no effective mechanism in place to mitigate risks from futuristic frauds.
Highlighting the under-preparedness among companies to tackle futuristic fraud, the survey noted that nearly 78 percent of respondents were unaware of the risks associated with intellectual property infringement, counterfeiting or piracy. In case of cyber crime, while over 80 percent respondents had policies on accessing external websites and social media from their office networks, 40 percent said their companies did not have specific guidelines on the kind of information that could be shared on social media. Around 53 percent of respondents said they had faced identity theft (either by way of password sharing, social engineering or malwares) and yet did not have a policy to mitigate these incidences.
There was high reliance on internal mechanisms such as general process controls and compliance frameworks to detect and prevent futuristic frauds, the survey noted. While whistleblower hotlines were identified as an efficient method to uncover fraud or misconduct within organizations, only 50 percent of respondents said they had established such a hotline in their organization. Further, only half of the respondents said they had implemented process specific controls, employee and third party due diligence, whistleblower hotline, and a framework to monitor compliance with the Code of Conduct/ Code of Ethics. Apart from challenging business processes to unearth gaps in existing controls, and forming internal teams to research on emerging frauds, there was little that companies were doing to tackle these frauds, the survey revealed.
“A one-size-fits-all framework cannot help mitigate emerging fraud risks. This is because each risk manifests itself uniquely. Companies need to be aware of the various possible modus operandi, perpetrators and gaps in internal controls. Only then can they develop an effective risk mitigation framework,” said Rohit Mahajan, Partner and co-Head, Forensic Services, KPMG in India. He cited comprehensive information security measures, protection of personal information, physical security measures, and robust access protocols, along with periodic reviews as some measures that could be adopted to tackle futuristic frauds holistically.
Although a majority of respondents were impacted by various types of futuristic frauds, around 71 percent felt fraud (of any type) was an inevitable cost of doing business, implying that fraud mitigation and risk management ranked low on their board level agenda. This attitude, to some extent, was supported by various survey findings – Increase in the number of frauds discovered (making one believe that no amount of risk management could help); the tendency among companies to undermine the threat of employee fraud; inadequate fraud risk management controls to tackle futuristic fraud; reluctance to rely on external experts during an investigation and a high degree of tolerance for well known forms of fraud such as bribery and corruption.
Financial Services and Information & Entertainment were identified as sectors most prone to frauds, owing to their high dependence on technology, large transactional data in electronic form, as well as the confidential information they held.
Bribery and corruption continues to be an issue the industry is reluctant to discuss and close to 70 percent of respondents said they faced no significant threat from it. Around 72 percent of respondents said their organisation had a mechanism to address bribery and corruption, however, only few respondents chose to answer questions pertaining to such a mechanism, indicating high levels of organizational tolerance to bribery and corruption.