Topic Gateway Series Corporate fraud

Corporate fraud
Topic Gateway Series No. 57

Prepared by Helenne Doody and Technical Information Service May 2009

Topic Gateway Series Corporate fraud

About Topic Gateways

Topic Gateways are intended as a refresher or introduction to topics of interest
to CIMA members. They include a basic definition, a brief overview and a fuller
explanation of practical application, and finally signpost some further resources
for detailed understanding and research.

Topic Gateways are available electronically to CIMA Members only in the CPD
Centre on the CIMA website, along with a number of electronic resources.

About the Technical Information Service

CIMA supports its members and students with its Technical Information Service
(TIS) for their work and CPD needs.

Our information specialists and accounting specialists work closely together to

identify or create authoritative resources to help members resolve their work
related information needs. Additionally, our accounting specialists can help CIMA
members and students with the interpretation of guidance on financial reporting,
financial management and performance management, as defined in the CIMA
Official Terminology 2005 edition.

CIMA members and students should sign into My CIMA to access these services
and resources.

Chartered Institute
of Management Accountants
26 Chapter Street
London SW1P 4NP
United Kingdom

T. +44 (0)20 7663 5441

F. +44 (0)20 7663 5442
E. tis@cimaglobal.com
www.cimaglobal.com

2
Topic Gateway Series Corporate fraud

Corporate fraud
Definition
Fraud essentially involves using deception to make a personal gain for oneself
dishonestly and/or create a loss for another. Although definitions vary, most are
based around these general themes.

The term ‘fraud’ commonly includes activities such as theft, corruption,

conspiracy, embezzlement, money laundering, bribery and extortion.

Context
In the current CIMA syllabus, students will study and may be examined on fraud
in Paper 3, Management accounting risk and control strategy.

Related concepts
Corporate governance; risk management; internal control; information systems
control.

Overview
Surveys are regularly carried out to estimate the true scale and cost of fraud to
business and society. While findings vary and it is difficult to ascertain the full
extent of fraud, all surveys indicate that fraud is prevalent within organisations
and remains a serious and costly problem. Fraud may even be increasing due to
greater globalisation, more competitive markets, rapid developments in
technology and periods of economic difficulty.

Despite the serious risk that fraud presents to business, many organisations still
do not have formal systems and procedures in place to prevent, detect and
respond to fraud. No system is completely fool proof, but business can take steps
to deter fraud and make it much less attractive to commit. Management
accountants, whose professional training includes information and systems
analysis, have a significant role to play in developing and implementing anti-fraud
measures within their organisations.

3
Topic Gateway Series Corporate fraud

There are many types of corporate fraud, including the following common
frauds:

• theft of cash, physical assets or confidential information

• misuse of accounts

• procurement fraud

• payroll fraud

• financial accounting mis-statements

• inappropriate journal vouchers

• suspense accounting fraud

• fraudulent expense claims

• false employment credentials

• bribery and corruption.

This topic gateway focuses on fraud perpetrated by those internal to the

organisation. Businesses are also susceptible to fraud committed by outsiders,
such as corporate identity theft, intellectual property fraud or cyber crime.

The topic gateway is based on CIMA’s publication Fraud Risk Management: a

guide to good practice, which explores fraud risk management in greater depth.

4
Topic Gateway Series Corporate fraud

Application
Internal fraud
There are three main categories of internal fraud that affect organisations. These
are summarised in the following diagram.

Adapted from page 8 of Fraud Risk Management: a guide to good practice

Further information on common types of internal fraud and methods of

perpetration is included in CIMA’s Fraud Risk Management: a guide to good
practice.

Which businesses are affected?

Fraud is an issue that all organisations may face regardless of size, industry or
country. If the organisation has valuable property, for example, cash, goods,
information or services, then fraud is likely to be attempted.

The scale of the problem

There have been many attempts to measure the extent of fraud, but it is not easy
to compile reliable statistics. One of the key aspects of fraud is deception, so
fraud can be difficult to identify. Often survey results reflect only the instances of
fraud that have actually been discovered. It is estimated that the majority of
frauds go undetected. Some frauds may not be reported even when they are
found. It is also often hard to distinguish fraud from carelessness and poor record
keeping.

5
Topic Gateway Series Corporate fraud

Although survey results and research may not give a complete picture, statistics
indicate the extent of the problem. There is no doubt that fraud is prevalent
within organisations and remains a serious issue. Some surveys put the
proportion of companies suffering from fraud as high as 85%. Research shows
that fraud is growing, with reported cases of fraud being much higher in 2008
than in 2007. Fraud is likely to continue to grow during economic difficulties.

Organisations may need to keep a particularly close eye on their budgets during a
recession, but organisations should see a return on their investment in fighting
fraud. Surveys show that UK companies suffered average fraud losses of

£1.75 million over a two year period. These figures exclude undetected losses
and indirect costs to the business such as management costs or damaged
reputation. Other research estimates that organisations lose as much as 7% of
their annual revenues to fraud.

Given the prevalence of fraud and the negative consequences, there is a

compelling argument that organisations should invest time and resources in
tackling fraud.

Fraud risk management

In order to manage the risk of fraud, organisations should periodically identify
the risks of fraud within their organisation, using the process set out in the CIMA
risk management cycle. The CIMA risk management cycle is an interactive
process of identifying risks, assessing their impact, and prioritising actions to
control and reduce risks.

6
Topic Gateway Series Corporate fraud

Figure 2: The CIMA risk management cycle

Adapted from page 19 of Fraud Risk Management: a guide to good practice

Fraud risks should be identified for all areas and processes of the business and
then be assessed in terms of impact and likelihood. As well as the monetary
impact, the assessment should consider non-financial factors such as reputation.
Once the scale of risk has been assessed and understood, an organisation should
implement an effective anti-fraud strategy for responding to fraud risks.

7
Topic Gateway Series Corporate fraud

An anti-fraud strategy
An effective anti-fraud strategy has four main components:
• prevention

• detection

• deterrence

• response.
The following diagram summarises these components and the context within
which an anti-fraud strategy sits.

Figure 3: An effective anti-fraud strategy

Adapted from page 25 of Fraud Risk Management: a guide to good practice

The training received by management accountants is a very good basis for

implementing an anti-fraud strategy. Management accountants are expected to
have a broad understanding of business processes. They also understand the
systems and procedures that an efficient and effective organisation should have.
A further asset is the ability to think and act logically, which is something the
management accountant develops with experience.

8
Topic Gateway Series Corporate fraud

The various components of an effective anti-fraud strategy are discussed in detail

in CIMA’s Fraud Risk Management: a guide to good practice. Some key points
are summarised below. These anti-fraud approaches are generic and can be
applied flexibly to different organisations and particular circumstances.

Fraud prevention
There are two main elements to fraud prevention:

1. A sound ethical culture.

2. Sound internal control systems.

Developing a sound ethical culture

In order to establish a sound ethical culture, CIMA recommends that
organisations have:

1. A mission statement that refers to ‘quality’ or ‘ethics’ and defines how the
organisation wants to be regarded externally.

2. Clear policy statements on business ethics and anti-fraud, with explanations

about acceptable behaviour in risk-prone circumstances.

3. Management which is seen to be committed through its actions.

4. Fraud risk training and awareness for all employees and key business partners.

5. A process of reminders about ethical and fraud policies, for example, an

annual letter and/or declarations.

6. Periodic assessment of fraud risk.

7. A route through which suspected fraud can be reported.

8. An aggressive audit process which concentrates on fraud risk areas.

Sound internal control systems

An internal control system comprises all those policies and procedures that
collectively support an organisation’s operation. Internal controls typically deal
with approval and authorisation processes, access restrictions, transaction
controls, account reconciliations and physical security. These procedures often
include the division of responsibilities, and checks and balances to reduce risk.

9
Topic Gateway Series Corporate fraud

The number and type of internal controls that an organisation can introduce
depends on its nature and size. Although fraud is prevalent across organisations
of all sizes, sectors and locations, research shows that certain business models
have greater levels of fraud risk than others. The control environment should be
adjusted to fit with the degree of risk exposure. Where possible, internal controls
should address warning signs and alerts to minimise fraud.

Fraud detection
It will never be possible to eliminate all fraud. No system is completely ‘fraud
proof’ because many fraudsters can by pass the control systems put in place to
stop them. However, if an organisation pays greater attention to the most
common indicators, this can provide early warning that something is wrong and
increase the likelihood of discovering the fraudster.

Fraud indicators fall into two categories:

1. Warning signs
2. Fraud alerts

Warning signs
Warning signs have been described as organisational indicators of fraud risk.
Some examples are given below, categorised under the headings of business risk,
financial risk, environmental risk and IT and data risk.

Business risk
Business risk can be indicated by the absence of an anti-fraud policy and culture,
together with lack of staff management supervision. Bonus schemes linked to
ambitious targets or directly to financial results can point to risky behaviour.
Unusual staff behaviour patterns, for example, employees who do not take their
annual leave allocation or who are unwilling to share duties, can also indicate
business risk.

10
 Topic Gateway Series Corporate fraud

Other warning signs include:

• inadequate recruitment processes and no screening

• lack of job segregation

• no independent checking of key transactions

• inadequate access controls to physical assets and IT security systems

• poor internal control documentation

• large cash transactions.

Financial risk
Significant pressures on management to obtain additional finance can indicate a
financial risk. Other signs include the extensive use of tax havens without clear
business justification, along with complex transactions or financial products.

Environmental risk
This can occur when new accounting or other regulatory requirements are
introduced. Highly competitive market conditions and decreasing profitability
levels can also lead to environmental risk, as can significant changes in customer
demand.

IT and data risk

Unauthorised access to systems gives rise to IT and data risk, as do rapid changes
in information technology. Users sharing or displaying passwords is also highly
risky.

Fraud alerts
Fraud alerts have been described as specific events, or red flags, which may
indicate fraud. Some examples of fraud red flags are:

• discrepancy between earnings and lifestyle

• photocopied documents in place of originals

• missing approvals or authorisation signatures

• extensive use of ‘suspense’ accounts

• inappropriate or unusual journal entries

• above average number of failed login attempts.
.

11
Topic Gateway Series Corporate fraud

Fraud detection tools and techniques

Available tools and techniques for identifying possible fraudulent activity include:

• ongoing risk assessment

• trend analysis

• data matching

• exception reporting
• internal audit

• reporting mechanisms.

Fraud response
An organisation’s approach to dealing with fraud should be clearly described in
its fraud policy and fraud response plan. The plan is intended to provide
procedures which allow for evidence gathering and collation. In summary, a
fraud response plan should include information under the following headings:

• purpose of the fraud response plan

• corporate policy

• definition of fraud

• roles and responsibilities

• the response

• the investigation

• organisation’s objectives with respect to dealing with fraud

• follow up action.

The fraud response plan should reiterate the organisation’s commitment to high
legal, ethical and moral standards in all its activities, and its approach to dealing
with those who fail to meet those standards. Organisations should be clear about
how to enforce the rules or controls which are in place to counter fraud risks.
They must also ensure that employees know how to report suspicious behaviour.

12
Topic Gateway Series Corporate fraud

Reasonable steps for responding to detected or suspected instances of fraud

include:

• clear reporting mechanisms

• a thorough investigation

• disciplining of the individuals responsible (internal, civil and/or criminal)

• recovery of stolen funds or property

• modification of the anti-fraud strategy to prevent similar behaviour in future.

There are lessons to be learned from every identified fraud incident. The
organisation’s willingness to learn from experience is as important as any other
response. Organisations should examine the circumstances and conditions which
allowed the fraud to occur, with a view to improving systems and procedures so
that similar frauds do not occur in future.

Fraud deterrence
It is clear from the diagram in Figure 2 that the various elements of an effective
anti-fraud strategy are closely interlinked. Each plays a significant role in
combating fraud, with fraud deterrence at the centre. Fraud detection acts as a
deterrent by sending a message to likely fraudsters that the organisation is
actively fighting fraud and that procedures are in place to identify any illegal
activity. The possibility of being caught will often persuade a potential
perpetrator not to commit a fraud. There should also be complementary
detection to counter the fact that the prevention controls may be insufficient in
some cases.

It is also important to have a consistent and comprehensive response to

suspected and detected fraud incidents. This sends a message that fraud is taken
seriously and that action will be taken against perpetrators. Each case that is
detected and investigated should reinforce this deterrent and act as a form of
fraud prevention.

13
Topic Gateway Series Corporate fraud

References
Report to the Nation on Occupational Fraud and Abuse. (2008). Austin, TX: The
Association of Certified Fraud Examiners (ACFE)
Available from: www.acfe.org
[Accessed 12 March 2009]

Fraud risk management: a guide to good practice. (PDF 1,238Kb). CIMA

Technical Guide, January 2009, London: CIMA
Available from: www.cimaglobal.com/fraud
[Accessed 12 March 2009]

Kroll Global Fraud Report Annual Edition 2008 /2009. Kroll and the Economist
Intelligence Unit. (2008 /2009).
Available from: www.kroll.com/about/library/fraud
[Accessed 12 March 2009]

Economic crime: people, culture and controls – the 4th biennial global economic
crime survey 2007. (2007). PricewaterhouseCoopers.
Available from: www.pwc.com/crimesurvey
[Accessed 12 March 2009]

Further Information
CIMA Publications
Iyer, N. and Samociuk, M. Rotten to the Core in CIMA Excellence in Leadership,
2007, Issue 2, pp 46-49

Turner, C. (2007). Fraud risk management: a practical guide for accountants.

London: CIMA

Managing responsible business. (2008). A survey which explores how companies

are managing their ethical performance and how this will affect the finance
function. (PDF 2MB). London: CIMA/Institute of Business Ethics.
Available from: http://digbig.com/4ykrt
[Accessed 12 March 2009]

CIMA Fraud and Risk Working Group. (2002). Risk management: a guide to good
practice. Oxford: Elsevier. (CIMA Research Series)

14
Topic Gateway Series Corporate fraud

Articles
CIMA members can obtain articles on this topic from the Business Source
Corporate database, which can be found in the CIMA Professional Development
section of the CIMA website. www.cimaglobal.com/mycima
[Accessed 12 March 2009]

Burrowes, A. and Sipple, S. Corporate accountability and continuing fraud.

Chartered Accountants Journal, November 2007, Volume 86, Issue 10, pp 70-71

Christie, J. Credit crunch sparks corporate fraud fear. Accountancy Age,

02/07/2008, p. 2

Dilger, K. Kroll: Corporate fraud is almost 100-per cent preventable.

Manufacturing Business Technology, January 2008, Volume 26, Issue 1, p. 26

Finn, J. and Cafferty, D. Defence mechanism. CIMA Financial Management,

September 2002, pp 26-27

Goldmann, P. Corporate fraud is here to stay. Internal Auditor, December 2006,

Volume 63, Issue 6, p. 96

Hawser, A. Corporate fraud on the rise despite SOX. Global Finance, July/August
2007, Volume 21, Issue 7, p. 4

Langnan, C. and Weibin, L. Corporate governance and fraud: evidence from

China. Corporate Ownership and Control, Spring 2007, Volume 4, Issue 3,
pp 139-145

Books
Coenen, T. (2008). Essentials of corporate fraud. Hoboken, NJ: Wiley; Chichester:
John Wiley [distributor]. (Essentials Series)

Iyer, N. and Samociuk, M. (2006). Fraud and corruption: prevention and

detection. Aldershot: Gower

Luijerink, D. (2008). Corporate and financial fraud. Kingston upon Thames:

Croner CCH

Pickett, K.H. Spencer. (2007). Corporate fraud: a manager’s journey. Hoboken,

NJ: Wiley; Chichester; John Wiley [distributor]

Ramage, S. (2006). A comparative analysis of corporate fraud. New York:

iUniverse

Ramage, S. (2006). Fraud: the company law background. New York: iUniverse

15
Topic Gateway Series Corporate fraud

Webley, S. (2003). Developing a code of business ethics: a guide to best practice

including the IBE illustrative Code of Business Ethics. London: Institute of Business
Ethics

Wells, J.T. (2007). Corporate fraud handbook: prevention and detection. 2nd ed.
Chichester: Wiley

Guides and Surveys

Economic crime: people, culture and controls – the 4th biennial global economic
crime survey 2007. (2007). PricewaterhouseCoopers.
Available from: www.pwc.com/crimesurvey
[Accessed 12 March 2009]

Fraud Advisory Panel. (2006-2007). Ninth annual review 2006-2007: ethical

behaviour is the best defence against fraud.
Available from: http://digbig.com/4ykrw
[Accessed 12 March 2009]

Education, Events & Training Working Group, Fraud Advisory Panel. (February
2006). Fighting fraud: a guide for SMEs. (PDF 68Kb). 2nd ed.
Available from: http://digbig.com/4ykrx
[Accessed 12 March 2009]

Education, Events & Training Working Group. Fraud Advisory Panel. (February
2006). Sample Fraud Policy Statements. (PDF 552Kb).
Available from: http://digbig.com/4ykry
[Accessed 12 March 2009]

Institute of Internal Auditors, Association of Certified Public Acountants,

Association of Certified Fraud Examiners. (2008). Managing the business risk of
fraud: a practical guide

Profile of a fraudster survey 2007. (2007). London: KPMG

Available from: http://digbig.com/4yksa
[Accessed 12 March 2009]

Managing the risk of fraud. May 2003. London: HM Treasury

Professional Accountants in Business Committee. (2006). Defining and

developing an effective code of conduct. New York: IFAC

16
Topic Gateway Series Corporate fraud

Websites
Fraud Advisory Panel
Registered charity which raises awareness of the human, social and economic
damage caused by fraud. Helps individuals and organisations to develop
preventative strategies.
Available from: www.fraudadvisorypanel.org
[Accessed 12 March 2009]

National Fraud Strategic Authority

Part of the Office of the Attorney General formed to address the challenges of
fraud. Available from: http://digbig.com/4yksb
[Accessed 12 March 2009]

Public Concern at Work (PCaW)

Independent authority on public interest whistleblowing.
Available from: www.pcaw.co.uk
[Accessed 12 March 2009]

Serious Fraud Office

Government department and part of the UK criminal justice system. It exists to
pursue and prosecute those who commit serious and complex fraud.
Available from: www.sfo.gov.uk
[Accessed 12 March 2009]

Serious Organised Crime Agency (SOCA)

SOCA is sponsored by, but operationally independent from, the Home Office. It
exists to enforce the law and to reduce harm caused to people and communities
by serious organised crime.
Available from: www.soca.gov.uk
[Accessed 12 March 2009]

World Bank Anti-Corruption Resource Center

Available from: http://digbig.com/4yksc
[Accessed 12 March 2009]

17
Topic Gateway Series
Copyright ©CIMA 2009
First published in 2009 by:
The Chartered Institute of
Management Accountants
26 Chapter Street
London SW1P 4NP
United Kingdom
Printed in Great Britain
Corporate fraud
No responsibility for loss occasioned to any person acting or refraining from
action as a result of any material in this publication can be accepted by the
authors or the publishers.
All rights reserved. No part of this publication may be reproduced, stored
in a retrieval system, or transmitted, in any form or by any means method
or device, electronic (whether now or hereafter known or developed),
mechanical, photocopying, recorded or otherwise, without the prior 18
permission of the publishers.
Permission requests should be submitted to CIMA at tis@cimaglobal.com