Reducing the Opportunity To Commit Fraud
Scott Langlinais | March 1, 2008
Several years ago, Nick Leeson was named the original "Rogue Trader" for destroying his employer, the 233-year-old Baring Bank, by losing over $1 billion through unauthorized trades on the Singapore Monetary Exchange. Now there is a new rogue trader in France who apparently considers $1 billion petty.
Jérome Kerviel is currently under investigation for orchestrating a loss of $7.2 billion for one of Europe's largest banks, Société Générale, through unauthorized trades. A preliminary investigation has revealed there is no evidence of collusion or accomplices in his scheme. How can there not be? No one noticed a loss of say, a hundred million Euros? Half a billion? Two billion?
Apparently not. His trades were supposed to be authorized, but Mr. Kerviel is reported to have circumvented that control with fictitious transactions, which is likely also how he escaped the accountants. The investigation report reveals an absence of controls that might have identified the fraud sooner. I am quite curious what controls the bank did have in place, if trading losses of that magnitude can remain invisible to everyone except Mr. Kerviel.
There is another fraud investigation occurring in Munich within German conglomerate Siemens AG. The Siemens investigation has uncovered over $500 million in odd transactions spanning 7 years, particularly sham consulting contracts used to bribe key customers. The corruption came to light in 2004 when executive Michael Kutschenreuter received a phone call from a Saudi Arabian businessman. The caller represented a firm Siemens had previously bribed for $50 million. The caller was now requesting $910 million more, or he would alert the U.S. Securities and Exchange commission regarding these improprieties. Whoops.
Segregation of Duties
Multimillion dollar bribes are clearly not possible without cooperation from multiple departments and executives, and massive trading losses cannot remain hidden without a level of blindness across multiple departments. Collusion and blindness both point to a corruption in a company's checks and balances system. While segregation of duties has become somewhat of a tired concept in the auditing profession and post Sarbanes-Oxley, most of my fraud investigations have pointed to a segregation of duties problem enabling the fraud.
At the process level, proper segregation of duties exists if a separate employee is responsible for executing, approving, recording, and reconciling each transaction. But to prevent the most damaging types of fraud—fraud to benefit the organization and fraud by the executives—checks and balances must contain a greater level of complexity.
Here is a subtle point missed by most managers and auditors who review processes for checks and balances: it is critical to not only segregate duties by process, but also by reporting lines in the organization. Segregation must be strict between operations, finance and accounting, and legal/compliance executives. Employees who execute and approve a large and highly negotiable transaction should trace their reporting line to one executive (e.g., operations manager); employees who account for and reconcile the transaction should trace their reporting line to a different executive (e.g., controller); and there should be a review of major transactions performed by a compliance department, such as Internal Audit, that reports to an entity independent of the executives (e.g., the Audit Committee of the Board of Directors). This creates obstacles for executives to override control processes in favor of getting a deal done.
One fraud I investigated in Europe demonstrates a situation in which duties were properly segregated at the process level, with critical tasks divided among separate employees, but all of the employees reported to the same officer. An operations director in the London-based division sold six-figure consulting deals approved by his manager, a vice president. The deals were accounted for and reconciled out of the accounting office in the Netherlands, and this system provided a segregation of duties in appearance. However, the young Dutch accountant was in reality held accountable by the operations director doing the deals.
As the investigation unwound, we discovered e-mails between the operations director and the accountant in which the operations director told the accountant how to book the deals, and those instructions violated fundamental accounting principles. Shadow finance organizations within operations and sales departments, such as the one described above, are common because they allow companies to maintain the appearance of having checks and balances while retaining the ability to manipulate the numbers.
Establish True Checks and Balances
Employees involved in segregated controls must also be empowered with detective processes in which they seek and question strange or unsupported transactions. In Mr. Kerviel's case, it is not enough to tell someone they lack the authority to execute certain transactions—this control is too easily circumvented with fictitious transactions and a false paper trail. Employees independent of Mr. Kerviel's reporting line must seek curious transactions and question where appropriate, not to spy or create an overlord culture, but to provide a healthy skepticism which reduces the opportunity for a nine-figure fraud to remain undetected.
To determine whether or not your company has proper checks and balances, list all of the areas in which your company could lose a significant amount of money (the amount of significance varies with every company) from theft, fines, or lawsuits. It could be from an executive bullying subordinates into posting false entries. It could be from purchasing personnel engaging in elaborate kickback schemes, a sales agent processing false customers, or in your field operations engaging in unsafe practices such as dumping chemicals into rivers.
Within each of those areas, verify whether key transactions are executed, approved, recorded, and reconciled by different personnel, and confirm those personnel trace their superiors to different executives. Also determine whether sufficient audit processes are conducted periodically by independent personnel, and those processes enable the independent reviewers to flag and question odd transactions.
Conclusion
Will this exercise stop all fraud? Of course not; we just seek to make fraud more difficult to perpetrate, to reduce the opportunities of bad behavior, and contain the damage when it does occur. Checks and balances are important, but cannot prevent fraud alone. Segregated processes complement ethical executive behavior. And a culture hostile to fraud reduces the opportunity for employees to commit wrongdoing.
Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.
