Ever since tills were invented, people have been getting caught with their hands in them. Today, business fraud and theft is multi-billion-dollar problem and it’s getting worse. Some see it as sign of the times.
Combine more transient, self-interested workforce with general weakening in both moral and penal sanction; mix in bundle of clever new ways to commit corporate crime and – bingo: blow-out in business fraud.
The chiefs at Enron or HIH didn’t invent greed; nor are they the first high-fliers to exhibit depressingly low moral standards. But they’ve certainly helped highlight some of the 21st-century manifestations of till tapping, and sparked whole new debate on ethics – both personal and corporate.
There is talk of deteriorating social morality – perhaps lost in the pursuit of profit or of personal gratification, perhaps discouraged by lack of effective sanction.
A joke doing the rounds following United States President George Bush’s threats to increase penalties for white-collar crime says perpetrators will now be slapped on both wrists. Certainly it seems very few of Enron’s executives will be stripped of ill-gotten gains or face criminal courts.
Meanwhile, the high-profile scandals have prompted worldwide spate of reactive rule tightening.
Accounting and business professionals are busy patching potential holes in existing regulatory frameworks. Moves are afoot in New Zealand and overseas to insert more checks and balances into financial accounting, increase board and auditor independence, and ensure the manner of executive remuneration doesn’t encourage creative inflation of corporate profits (less of problem here as executive salaries tend not to have big stock-option or performance-based component).
Many question whether this flurry of legislative reform will have the desired effect. Why tighten the letter of the law when it’s the spirit of it that is generally breached?
The problem for business is that boardroom banditry is only the top end of rapidly growing problem. But there is no doubt that greed and excessive remuneration send signals down the line that are reaping harvest of nasty outcomes.
Corporate fraud, vandalism and theft are on the increase at all levels and the fact that more business is now conducted online has helped open up whole new dimensions for digital diddling.
While physical assets (stock, products, cash) are still there for the pilfering, the loss or invasion of intellectual assets – databases, customer information, proprietary software etc – can be much more damaging.
In recent fraud survey, information theft made up only one percent of internally instigated fraud incidents but accounted for massive 30 percent of internal fraud costs, with an average loss per fraud exceeding $2 million.
Or take the case of an online CD retailer in the United States whose business was ruined when hacker got into their customer database, lifted credit card details and, when the company refused to pay “ransom”, published them on the internet.
Such security breaches can not only kill custom but destroy expensively established brands.
Whether the potential fraudster is disgruntled or greedy company employee, morally challenged external party, or an unmitigated electronic vandal, they now have new opportunities to remotely fiddle figures, infiltrate poorly protected databases, or generally sneak their electronic fingers into somebody else’s virtual till.
A billion-dollar problem
One result of new rip-off opportunities is that fraud is growing not just in scope but in scale.
All the IT developments that benefit business environments also allow fraudsters to rip victims off in more ways, faster and on much wider scale than in the past.
Electronic fund transfers can involve sizeable sums of money and the clever hacker or insider has much to gain without all the physical risk of bank or security van robbery.
During 2002, occupational fraud and abuse knocked an estimated six percent (US$600 billion) off corporate profits, up US$200 billion from 1996, according to survey carried out by the Association of Certified Fraud Examiners (which has worldwide membership of 27,000).
Targets are both private and public. Fraud cost Australia’s Commonwealth Government cool A$150 million last year alone, according to the Australian Institute of Criminology (AIC). One case it cites is that of consultant who, over year, used someone else’s access codes to electronically transfer more than A$8 million of government funds to companies in which he had an interest before being caught.
Although fraud incidents tend to increase along with company size, small businesses are also badly affected, according to another recent AIC survey. It found that small business loses more in dollar terms to fraud than it does to employee theft, burglary, armed robbery, unarmed robbery and vandalism combined.
And those being hit by fraud are being hit harder, according to KPMG’s 2002 Fraud Survey of businesses in Australia and New Zealand. More than half its 341 respondents reported the detection of at least one fraud during the two-year survey period.
Total losses amounted to $273 million or an average of $1.4 million per business – up 40 percent on average losses reported in 1999 survey.
And that, according to local corporate forensic specialists, is only the tip of the iceberg.
Many companies just don’t own up to fraud losses. Reasons include insufficient police resources to chase it up; concerns that lengthy investigation will throw good money after bad; and (a biggie) worries that if the news gets out, it will hurt their business reputation and deter customers.
Given the growth in electronic business transactions, it’s hardly surprising that companies are reluctant to shout about breaches in their IT security. The damage to customer perceptions and brand are just too costly.
Jeff Herbert, managing director of IT security specialist Intrical, reckons only one in 20 of such breaches makes it into the public arena. Only those called in to fix the problems are aware of their real extent.
Those IT fixers say most problems can be avoided if the company’s IT department is up to scratch and if it communicates more closely with management (see “anti-fraud tactics”).
Herbert also notes that even when the direct costs of break-ins aren’t high, the fallout in terms of downtime, the cost of electronic fence-mending, or impacts on customer service probably will be.
KPMG partner Jeremy Bendall believes the undisclosed portion of the fraud problem has grown in the past three years partly because police resources to pursue it have shrunk but also because victim companies don’t have the will to follow through.
Unless ethical standards have been strongly set, fear of repercussions tends to rule, he says.
“In the absence of strong statement from the company board, audit committee or chief executive as to what the standards are with regards to prosecution and recovery, then executive and line managers will tend to look to protect the brand and their own reputation by sweeping any problem under the carpet.
“They’ll go for minimal damage, maybe some form of reparation or recovery and get perpetrators out as quickly as possible. The trouble with that approach and we see it time and time again, is that everyone becomes aware of how it gets treated and the problem starts to become insidious.”
It also means the perpetrator is free to go do the same thing again in another company.
Which highlights another major topic for debate – do corporates help breed culture in which fraud and dishonesty can thrive?
Debacles of the HIH variety where excessive executive dipping into the corporate purse appears to have been out of control is, after all, unlikely to inspire work culture steeped in moral correctness.
Recent exemplars of bad corporate behaviour aside, almost any company that doesn’t pay too