There is an urgent need to equip our businesses against fraud risks and exposure through a systematic programme of fraud risk assessment, monitoring, incident response and remediation, noted an ASSOCHAM-Grant Thornton joint study titled 'Financial and Corporate Frauds.'
A robust control environment is vital to reduce the risk on account of fraud and misconduct within companies and their dynamic business environment, it said.
With any change in the environment of the businesses, the need to adapt to these changes is a prerequisite to attain sustainable growth, the study further said.
The change in the current environment is the increased fraud exposure for organisations.
Considering that in any organisation, the board of directors are responsible for setting the 'tone at the top', which flows across the entire company and its various locations, management views on mitigating fraud, corruption and misconduct should be revealed to the employees.
Besides, disciplinary action and zero tolerance for violations should also be part of the message that the board sends out to employees.
Organisations willing to counter fraud should develop sound fraud prevention policies that must include extensive background checks on new-hires, promotion candidates, suppliers, customers and business partners (including international third parties); segregation of duties; position rotations; limitations of physical access to assets; removal of unauthorised and old system users and whistle blower mechanism.
More From This Section
Companies must develop their ethics code keeping in mind the size of the organisation, mix of employees, number of employees, and the key risk areas. The code must be formally documented and communicated to the employees, third parties, and other stakeholders and be uploaded on the official website of the organisation.
It should also describe the disciplinary actions that can be initiated against people and this function should be continuously monitored.
Highlighting the need for a whistleblower or complaint mechanism within an organisation, the ASSOCHAM-Grant Thornton study said, Companies must maintain anonymity of the complaint mechanism by ensuring confidentiality of information reported through the whistle-blower mechanism.
There should also be a policy of non-retaliation against the whistle-blower, it added.
Companies must also effectively communicate and train their employees periodically about the policies and procedures that are developed. This process must include aspects like in-person and web-based training for people to recognise and report red flags to frauds; special training for finance professionals and others in high-risk positions (i.e. business developers, sales and marketing).
There should be enhanced focus on assessing the types of frauds that can impact business and identifying relevant types of fraud, such as fraudulent financial reporting, possible loss of assets and corruption methods through which fraud and misconduct can be done.
It also includes identifying areas where the company should focus its anti-fraud resources and periodically review the results of the fraud risk assessment with the audit committee. Such periodic assessment should be helpful in challenging certain key aspects such as management override of controls.
Highlighting how continuous monitoring using data analytics is imperative to improve efficiencies and integrate supply chains, as most organisations are now heavily reliant on IT systems to support business processes, the study suggested that companies should put adequate control on devices containing confidential data, encrypt devices and use reliable software tools with remote data wiping capabilities to safeguard against device theft or intrusions.
Besides, companies should be proactively monitoring key processes and run data analytics modules on internal/external communication, payroll and reimbursements, receivables and collections, sales and distribution, time and physical access controls and vendor payments.
Most organisations use services of third parties to manage their business operations and other activities which can sometimes significantly increase the risk of frauds whereby due diligence can be a useful tool to understand one's vendors and business partners.
Due diligence on third parties should include knowledge business interests/ affiliations, conflict of interest; any adverse news in media about unethical business practices, involvement in tax evasion, money laundering, terrorist financing or any bribery/corruption incidents; any involvement in legal proceedings/convictions for malpractice/crime and others; any political affiliations, inappropriate political support and links to politically exposed persons/entities; credit defaults and bankruptcies together with other reputational concerns.
Powered by Capital Market - Live News