You are on page 1of 18

Fraud Survey 2009 i

K P MG F O R E N S I C

Fraud Survey 2009

A DV I S O RY
We will protect investors and our capital markets by vigorously
attacking securities fraud. We will ensure that recipients of
federal financial rescue funds do not obtain them through fraud,
or use them for improper purposes. And we will make sure that
federal stimulus funds are well-spent by vigilantly protecting the
integrity of federal procurement and grant processes.1
David W. Ogden
Deputy Attorney General,
Department of Justice
A strong and reinvigorated SEC will be on the beat like never
June 4, 2009
before to catch wrongdoers. But there needs to be a new era
of responsibility on Wall Street and throughout our markets to
ensure that wrongs don't occur in the first place.2
Mary Schapiro
Chairman,
Securities and Exchange Commission
February 6, 2009

1 Remarks of Deputy Attorney General David W. Ogden at the Compliance Week Keynote Address. Available at:
http://www.usdoj.gov/dag/speeches/2009/dag-speech-090604.html

2 Address to Practising Law Institute’s “SEC Speaks in 2009” Program. Available at: http://www.sec.gov/news/speech/2009/
spch020609mls.htm
Contents

KPMG Forensic Leadership Message 1

Detailed Findings 2

Prevalence, Nature, and Impact of Fraud and Misconduct Risks 2

Prevalence of Perceived Fraud and Misconduct Risks 2

Nature of Perceived Fraud and Misconduct Risks 2

Potential Impact of Fraud and Misconduct 4

Future Fraud and Misconduct Risk 4

Effectiveness of Fraud Risk Management Efforts 6

Enablers of Fraud and Misconduct 6

Knowledge of Fraud and Misconduct Risks 6

Detecting Fraud and Misconduct 7

Responding to Fraud or Misconduct 8

Areas for Improvement in Fraud Risk Management 8

Funding to Combat Fraud and Misconduct 10

Anticipated Assistance from External Advisors 10

Methodology 11
iv Fraud Survey 2009
Fraud Survey 2009 1

KPMG Forensic Leadership Message


Amidst the current economic downturn, and the pledges of renewed vigor of regulatory enforcement, our
2008–2009 Fraud Survey reveals serious challenges confronted by leaders in the public and private sectors.
Since the latest economic downturn began, vast sums of market capitalization have been wiped out. Trillions
more have been committed to stabilizing financial institutions, injecting liquidity into the capital markets, and
jumpstarting the economy through infrastructure spending programs. The aftermath of the downturn has
further uncovered numerous Ponzi schemes that caused investors to watch billions more vanish.

Aside from questioning where yesterday’s money went, many remain concerned about where tomorrow’s
money is going. To be sure, record levels of government spending may usher in record levels of fraud, waste,
and abuse. Deals made to offload toxic assets may be exposed to self-dealing. In those industries outside
the center of direct government intervention, managers may face downward pressure to do whatever it
takes to “make the numbers” as analysts and creditors scrutinize financial results. And for those companies
operating outside the United States, increased investigation and prosecution of anti-bribery and corruption
laws mean employees and agents may trigger risks like never before.

Our survey reveals the perceptions of senior executives across this new landscape as they consider the
nature of fraud and misconduct risks in their organizations going forward, and the challenges they confront in
their efforts to prevent, detect, and respond to such risks. Among our key findings:

• Nearly a third of executives expect some form of fraud or misconduct to rise in their organizations. Roughly
one-third of respondents (32 percent) said at least one of the categories of fraud (misappropriation of
assets, fraudulent financial reporting, and other illegal or unethical acts) was going to increase during the
next 12 months in their organization.

• The majority of executives cite fraud and misconduct as posing significant risks to their industry today.
Nearly two-thirds of executives (65 percent) reported that fraud and misconduct is a significant risk for
their industry. If such wrongdoing were to be experienced, the greatest concern for over two-thirds of
executives (71 percent) is the potential for a loss of public trust when market confidence is at a premium.

• Executives expect the threat of fraud to remain steady or rise in the coming year. About three out of four
executives believed that fraud and misconduct risks, such as misappropriation of assets and fraudulent financial
reporting, will either stay the same or increase over the next 12 months (85 percent and 74 percent, respectively).

• Inadequate internal controls or compliance programs heighten the risks of fraud and misconduct. Two-
thirds of executives (66 percent) reported that inadequate internal controls or compliance programs at their
organizations enable fraud and misconduct to go unchecked.

• Gaps exist in plans in place to address allegations of wrongdoing. Roughly a quarter of respondents
(27 percent) lack effective protocols on how investigations should be conducted and at what point the
board of directors should be alerted to potential concerns. Likewise, roughly a third (33 percent) lacked
protocols on how to remedy control breakdowns.

• Executives acknowledge room for improvement across most elements of their antifraud efforts. Those
areas where respondents cited the most amount of improvement needed include employee communication
and training, technology-driven continuous auditing and monitoring techniques, and fraud and misconduct
risk assessment (with 67 percent, 65 percent, and 60 percent of respondents, respectively, identifying at
least moderate improvements needed).

Succeeding in these turbulent times requires business leaders to ensure their controls are up to the challenge
of confronting the fraud and misconduct risks in today’s environment. While lawmakers consider the
possibility of systemic changes in regulations (and regulators), those companies that lead through better self-
regulation will be equipped to shine their own light on a way forward. For more information about how the
KPMG Forensic practice can help, please call 877-679-5764.

Richard H. Girgenti
National Practice Leader
KPMG Forensic
2 Fraud Survey 2009

Detailed Findings
Prevalence, Nature, and Impact of Fraud
and Misconduct Risks
Perceived Fraud and Misconduct Risks
We began by asking senior executives whether they viewed fraud and misconduct
to be significant risks within their industry. Nearly two-thirds (65 percent) of all
respondents answered in the affirmative.

Q. Do you perceive fraud and misconduct to be a significant risk for your


industry today?

%
Yes 65%
No 34%
May not add to 100% due to rounding.

These results dovetail with the results from KPMG Forensic’s 2008–2009
Integrity Survey, wherein 74 percent of employees nationally reported that they
had personally observed or had first-hand knowledge of wrongdoing within their
organization during the previous 12 months.1

Nature of Perceived Fraud and Misconduct Risks


Next, we sought to examine which categories of fraud and misconduct that
executives believed pose the most significant risk to their organizations, allowing
respondents to select from one of four categories, as shown in the table below.

Q. Which of the following categories of fraud and misconduct pose the most
significant risk to your organization?

Misappropriation of assets (e.g., theft of cash, inventory, or intellectual 35%


property)

Other illegal or unethical acts (e.g., bribery, corruption, market rigging, 31%
or conflicts of interest)

Fraudulent financial reporting (e.g., intentional misstatement of revenue, 14%


assets, or liabilities)

All three are an equal threat 20%

The nature of perceived fraud and misconduct risks varied by industry, for example,
executives from consumer markets were more likely to cite asset misappropriation
as a concern, whereas respondents from healthcare and pharmaceuticals tended to
cite other illegal and/or unethical acts (such as bribery, corruption, market rigging,
or conflicts of interest) as threats.

1 See KPMG Forensic Integrity Survey 2008–2009. Available at www.us.kpmg.com.


Fraud Survey 2009 3

Q. Which of the following categories of fraud and misconduct pose the most
significant risk to your organization? (Results by industry)

May not add to 100% due to rounding.

As we bring cases in industries that were not previously a focus of FCPA enforcement
actions, that does have the effect of causing a lot of players in that industry to wake
up and pay attention.2

Mark Mendelsohn
Deputy Chief, Fraud Section, Criminal Division
U.S. Department of Justice

2 Portfolio.com, “Peeking Under the Table,” June 6, 2008


4 Fraud Survey 2009

Potential Impact of Fraud and Misconduct


To gauge the potential impact of fraud and misconduct, we asked senior managers
what their organizations would be most concerned about, if fraud and misconduct
were to occur. As the table below shows, more than two-thirds of executives –
71 percent – reported that they were most concerned about a potential loss of
public trust resulting from fraud and misconduct within their organizations. A lower
number, and yet more than half of respondents, reported being concerned about
potential legal fines/sanctions (54 percent) or loss of new or existing customers
(52 percent).

Q. In addition to the direct dollar costs, which of the following would your
organization be most concerned about if it were to experience fraud or misconduct?

Loss of public trust 71%

Legal fines or sanctions 54%

Loss of new or existing customers 52%

Loss of ability to attract and retain good employees 43%

Damage to the company’s share price 34%

Other costs 3%

Future Fraud and Misconduct Risk


Looking ahead over the coming year, we asked executives about the direction in which
they expected fraud and misconduct risks to be headed. On the whole, most executives
believed that fraud and misconduct risks will either stay the same or increase over the
next twelve months.

Q. During the next 12 months, do you see the following types of risks increasing,
decreasing, or staying the same in your organization?

Anticipated Direction of Fraud and Misconduct Risks in Specific Categories


60 %

66 %
60 % 60 %

20% 20%
Stay the same

25% 24% Decrease


20% 20%
Stay the same Stay the same Stay the same
Increase
15%
Decrease Decrease Decrease
8% OTHER ILLEGAL OR UNETHICAL ACTS

Increase Increase Increase

MISAPPROPRIATION OF ASSETS FRAUDULENT FINANCIAL REPORTING OTHER ILLEGAL OR UNETHICAL ACTS

Does not add to 100% due to rounding.

Of the categories of risk respondents cite as going up, we find anticipated increases
in asset misappropriation (25 percent), other illegal and unethical acts (20 percent)
and fraudulent financial reporting (8 percent). When we examine the percentage of
respondents who cited at least one form of fraud and misconduct risk as increasing (i.e.,
regardless of specific category), we find the nearly one-third (32 percent) anticipate some
type of increase.
Fraud Survey 2009 5

Anticipated Increase of Fraud and Misconduct Risk Across All Categories

Experience suggests that periods of economic downturn can bring about elevated
conditions for fraud and misconduct. Typically referred to as a “fraud triangle,” these
conditions include pressures, opportunities, and rationalizations for committing fraud.
In the current environment, these increased risks may manifest themselves in the
financial statement in multiple ways. Examples of red flags that gate keepers may
wish to consider include:

• Revenue Recognition. It is helpful if corporate overseers understand how sale


transactions can be manipulated. When is a sale a temporary revenue-generating
slight-of-hand that will come back for credit? Credit memos can provide indications
of abuse. Credit memo activity reviews should occur throughout the year, and it
may help to graph them to look for patterns. “Bill and hold” transactions have very
specific tests that need to be met in order to record revenue. Specific controls and
monitoring should be in place to ensure appropriate timing of revenue recognition.
Large or unusual transactions near the end of a quarter should be flagged for
specific review to be sure that revenue recognition criteria is met.

• Loan Covenants. The pressure becomes obvious when operating results or key
ratios approach loan covenant thresholds. Corporate gate keepers should pay close
attention to financial data that affects covenants, and monitor when corporate loans
come due for renewal. What are the covenants? What are potential trouble spots?
What reported numbers are most sensitive to change and how can they impact
covenants? What situations can lead to financial manipulation?

• Liability Accruals. There have been situations where companies have earnings per
share above market expectations, but choose to report lower earnings per share to
match competitors. This allows the company to establish a rainy-day reserve. Audit
committees may wish to inquire about unusual or unexpected changes in operating
results, liabilities, or subjective contra accounts (i.e., positive or negative). An
added proactive step is to ask for after-the-fact monitoring reports to establish if
management’s estimates are reasonable.

• Subjectivity in the Balance Sheet. To understand how susceptible data is to


manipulation, directors should consider drilling down on subjective balance sheet
accounts and their underlying assumptions and key drivers. Corporate overseers may
wish to monitor valuation allowances, assumed rates of returns on pension assets,
processes to value illiquid assets, contingency accruals, and environmental reserves.
It is often helpful to think about these account movements in subjective areas in the
context of what it takes to move earnings per share.
6 Fraud Survey 2009

Effectiveness of Fraud Risk Management Efforts


Enablers of Fraud and Misconduct
Management’s efforts to prevent, detect, and respond to fraud must be informed not
only by its prevalence and nature, but also by the root causes of such misconduct. As
such, we asked executives what factors may allow instances of fraud and misconduct
to occur within their organizations. The most commonly cited were inadequate internal
controls or compliance programs. Similarly, almost half of executives surveyed cited
management override of controls, inadequate director oversight over management, and
collusion between employees and third parties. A lower number of respondents, almost
a third, cited collusion between management and third parties or between employees
and management.

Q. In your opinion, what most enables fraud and misconduct to occur within
organizations today?

Inadequate internal controls or compliance programs 66%

Management override of internal controls 47%

Inadequate oversight by directors over management 44%

Collusion between employees and third parties 43%

Collusion between management and third parties 32%

Collusion between employees and management 27%

Other factors 4%

Knowledge of Fraud and Misconduct Risks


An organization’s ability to manage fraud risk can be facilitated by institutional knowledge
of the ways in which such misconduct may occur. As such, we asked respondents
to describe the level of knowledge within various functions with respect to the ways
in which fraud and misconduct may occur. The vast majority of executives surveyed
responded that their organization’s internal audit, legal, or compliance functions, as
well as members of the audit committee and management, were at least moderately
knowledgeable. Slightly fewer executives believed that employees were similarly
knowledgeable in this respect.

Q. How would you describe the level of knowledge of the following groups with
regard to the ways in which fraud and misconduct can occur in your organization?
58%
67 %
63% 59%

21% 21%
High
27%
25%
22% Moderate

High High High


13% Low
11% 12%
Moderate Moderate Moderate
EMPLOYEES
Low Low Low

INTERNAL AUDIT FUNCTION LEGAL OR COMPLIANCE FUNCTION AUDIT COMMITTEE

Does not add to 100% due to rounding.


Fraud Survey 2009 7

58%

58%

50%

39%
21% 21%
High

Moderate
21% 21%
High High
Low

10% Moderate EMPLOYEES Moderate

Low Low

MANAGEMENT EMPLOYEES

Does not add to 100% due to rounding.

Detecting Fraud and Misconduct


We also asked executives through which sources they believed fraud and
misconduct would mostly likely be uncovered within their organizations. Almost half
of respondents believed their organization’s Internal Audit, Legal, or Compliance
personnel were most likely to uncover fraud and misconduct. The next most likely
sources, by a wide margin, were employee whistleblowers or line managers. Few
executives (3 percent) believed that government regulators or law enforcement
would be most likely to uncover fraud or misconduct.

Q. Through which source do you believe your organization would be most likely to
uncover fraud or misconduct?

Internal Audit, Legal, or Compliance personnel 47%

Employee whistleblowers 20%

Line managers 13%

External auditors 9%

Customers or suppliers 4%

Government regulators or law enforcement 3%

Other means 2%

Does not add to 100% due to rounding.

While nearly half of the survey respondents believed frauds would most likely be discovered by their organizations’ Internal
Audit, Legal, or Compliance functions, other data suggests that this may not be the case. For instance, according to survey
data based on actual fraud cases from the Association of Certified Fraud Examiners, frauds were more likely to come to light
through whistleblower tips than through audits, controls, or any other means.3 In addition, employees nationally who responded
to KPMG Forensic’s 2008–2009 Integrity Survey cited Internal Audit as among the least likely channels to which they would feel
comfortable reporting misconduct.

3 Association of Certified Fraud Examiners 2008 Report to the Nation on Occupational Fraud and Abuse. Available at:
http://www.acfe.com/resources/publications.asp
8 Fraud Survey 2009

Responding to Fraud or Misconduct


We asked executives whether their organizations had effective protocols in place to
address how their organizations respond when allegations of fraud arise. The majority
of respondents reported having such protocols; however, some gaps arguably
remain. For example, roughly a quarter of respondents lack effective protocols on
how investigations should be conducted and at what point the board of directors
should be alerted to potential concerns. Likewise, roughly a third lacked protocols on
how to remedy control breakdowns.

Q. In the event of the discovery of possible fraud or misconduct, which of the


following does your organization have effective protocols to address?

Who should perform the investigation 80%

How the investigation should be performed 73%

When the board of directors should be notified 73%

How to administer disciplinary action 70%

How to determine the remedial action 67%

When a voluntary disclosure to the government should be made 62%

No formal protocols exist for how to respond to alleged fraud or


10%
misconduct

Areas for Improvement in Fraud Risk Management


Although antifraud controls have increasingly become common within organizations,
the degree to which they have been effectively designed and implemented often
remains at issue. As such, we asked executives to opine on the extent to which they
believed their organization’s approach to mitigating the risks of fraud and misconduct
can be improved.

Respondents acknowledged room for at least moderate improvement across the


majority of their antifraud efforts. Those areas where respondents cited the most
amount of improvement needed include employee communication and training,
technology-driven continuous auditing and monitoring techniques, and fraud and
misconduct risk assessment.
Fraud Survey 2009 9

Q. How much room for improvement do you perceive in your organization’s approach
to mitigate fraud and misconduct risks? Would you say minor, moderate, or significant
room for improvement exists in the following areas?

Minor Moderate Significant

Employee communication and training 32% 52% 15%

Technology-driven continuous auditing and


31% 43% 22%
monitoring techniques

Fraud and misconduct risk assessment 36% 46% 14%

Strengthening controls to prevent similar


instances of fraud or misconduct from 43% 42% 14%
reoccurring

Process-specific antifraud controls (e.g.,


44% 45% 9%
procurement, sales)

Protocols for conducting due diligence on


retaining third-party agents, consultants, or 42% 42% 11%
distributors

Executive and line management support 46% 43% 9%

Protocols for administering discipline or


47% 35% 15%
holding individuals accountable

Protocols for voluntarily disclosing discovered


instances of fraud and misconduct to the 50% 34% 10%
government

Internal audit and compliance functions 50% 35% 12%

Protocols for conducting due diligence in


51% 35% 12%
hiring, retaining, and promoting employees

Protocols for conducting internal


52% 35% 11%
investigations

Standards of conduct, policies,


55% 30% 13%
and procedures

Board or audit committee oversight 54% 29% 12%

Channels for reporting concerns about fraud


59% 26% 12%
or misconduct (e.g., hotlines)

May not add to 100% due to rounding.


10 Fraud Survey 2009

Funding to Combat Fraud and Misconduct


We also wanted to understand whether executives believed that their organization’s
funding to combat fraud and misconduct would change in the upcoming year. The
majority of respondents (75 percent) expected the amount of funding to remain the
same. Only 9 percent expected the funding to decrease.

Q. In the next 12 months, do you expect the amount of funding your organization
dedicates to combating fraud to increase, decrease, or stay the same?

Stay the same 75%

Increase 16%

Decrease 9%

Anticipated Assistance from External Advisors


We also sought to understand the top areas of assistance where executives believed
their organization’s external advisors may be called upon to provide assistance.

More than a third of respondents anticipated that external advisors may be called
upon to assist in leveraging technology to identify fraud and misconduct risks,
evaluating the effectiveness of compliance programs and related antifraud controls,
and providing assistance with electronic discovery in response to litigation or
regulatory inquiries.

Q. What type of assistance, if any, do you anticipate seeking from external advisors
in the next 12 months?

Leveraging technology to identify fraud and misconduct risks 39%

Evaluating the effectiveness of compliance programs and antifraud


38%
controls

Electronic discovery and preservation of documents pursuant to


37%
regulatory inquiries or litigation

Providing fraud and misconduct awareness training 30%

Conducting fraud and misconduct risk assessments 25%

Conducting complex investigations in response to allegations of


22%
fraud or misconduct
Fraud Survey 2009 11

Methodology
KPMG retained an independent research firm to conduct telephone interviews with
executives of U.S. organizations with annual revenues of at least $250 million. The
interviews took place from November to December 2008. KPMG was not identified
to the participants as being associated with the survey. The survey respondents
represented a cross-section of entities, industries, and senior executive positions, as
shown in the tables below.

Overall Sample

Telephone interviews Confidence level Precision level


conducted (margin of error)

204 95% +/- 7%

Respondents’ Organizational Type

Private 46%

Public 41%

Public Sector/Government 14%


Does not add to 100% due to rounding.

Respondents’ Organization’s Annual Revenue

At least $250 million but less than $1 billion 55%

At least $1 billion but less than $5 billion 25%

At least $5 billion but less than $10 billion 13%

$10 billion or more 4%


Does not add to 100% due to rounding.
12 Fraud Survey 2009

Respondents’ Industry Representation

Healthcare and Pharmaceuticals 24%

Consumer Markets 19%

Industrial Markets 17%

Government/Public Sector 15%

Information, Communication, & Entertainment 13%

Financial Services 11%


Does not add to 100% due to rounding.

Respondents’ Level of Responsibility

CEO/CFO/Executive Officer 30%

Chief Risk Officer 20%

Chief Accounting Officer/Controller 13%

Chief Audit Executive/ Internal Audit Director 13%

Chief Compliance Officer/Ethics Officer 12%

Head of Security 6%

General Counsel/In-House Counsel 5%

Does not add to 100% due to rounding.


About KPMG Forensic
KPMG ForensicSM is a global practice comprising multidisciplinary professionals from
member firms of KPMG International that assist clients in achieving the highest levels
of business integrity through the prevention, detection, and investigation of fraud and
misconduct and by avoiding and resolving disputes. Our professionals not only help
clients discover the facts underlying concerns about fraud and misconduct, but they
also assist our clients in assessing and mitigating the vulnerabilities to such activities.
We also deliver a broad range of services to help prevent and resolve commercial
disputes including the assessment of damages, the resolutions of accounting, audit,
and finance-related issues, and expert witness services.

Using a wide-range of sophisticated technology tools, KPMG Forensic helps


organizations address the risks and costs involved with evidence and discovery
management as well as the acquisition, management, and analysis of large data sets.
Our professionals work alongside clients to handle information from its creation to
its preservation, collection, analysis, and presentation in discovery. We also apply
For more information about how KPMG computer forensic and data analysis techniques to assist with detecting fraud and
Forensic can help, please call the KPMG misconduct. To support these services, member firms of KPMG International operate
Forensic Hotline at 1-877-679-5764 or secure data centers in the United States, Canada, and the United Kingdom.
visit us at www.us.kpmg.com/forensic.
Professionals in KPMG’s Forensic practice draw upon extensive experience in forensic
accounting, law enforcement, fraud and misconduct control assessments, legal
damage quantification and analysis, expert witness testimony, international arbitration,
asset tracing, computer forensics, and forensic data analysis.

KPMG Forensic professionals are well positioned to provide consistent service to


global clients. By sharing common global methodologies, KPMG International member
firms can readily assemble multinational teams who possess a breadth and depth
of technical skills and industry knowledge to address fraud, misconduct, and dispute
concerns.

Service offerings are subject to legal and regulatory restrictions. Some services may
not be available to KPMG’s financial statement audit or other attest service clients.

Special Thanks
Without implying his endorsement, KPMG would like to thank Dr. Jagdish S. Gangolly,
Associate Professor, College of Computing & Information, State University of New
York at Albany, for his contributions in producing this survey.

Acknowledgements
Major KPMG contributors
Richard Girgenti David Hilton

Timothy Hedley Robert Wade

Scott Avelino Lilanthi Alahendra

Brad Sparks Charles Garbowski

Jaime Jue Marshall Bain

Ori Ben-Chorin Hasan Dajani


us.kpmg.com
14 Fraud Survey 2009

© 2009 KPMG LLP, a U.S. limited liability partnership and a member firm of the KPMG network of independent mem-
ber firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A. KPMG
and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 21001NSS

KPMG Forensic is a service mark of KPMG International.