Enterprises carrying out business activities face a changing business environment and various uncertain factors. Enterprises face different risks due to their different industries, scale, geography, market, business model and development stage. However, the situation in which internal and external personnel conduct job fraud and bring losses to enterprises and shareholders, that is, fraud risks, is generally applicable to any enterprise. In other words, fraud can happen in any business and bring losses to any business.
The American Association of Certified Fraud Examiners has conducted research on job fraud cases since 1996. The reports released over the years indicate that the annual losses caused by fraud in general enterprises account for 5% of the company's income. In addition to direct economic losses, the intangible public image and market reputation, as well as the confidence of customers, business partners, capital market investors, and regulators. There is a view that ignores the risk of fraud and is more common among some managers or shareholders. This view holds that although it is not excluded from the possibility of fraud in its own business, this possibility is relatively small. The reason is that the company has never experienced fraud in the past, or that the company's operations have been relatively standardized, or personal trust of key management personnel and employees. Managers and shareholders who hold these views often do not specifically take action and invest resources in fraud until the company discovers any actual fraud or suspected incident. How do we view the rationality of such views? First look at two cases and statistical facts: In the 2013 GlaxoSmithKline incident, according to a report, the director of the GlaxoSmithKline Shared Financial Services Center said that the internal financial management of the company is "very strict", "if you want to If a foreigner pays a bribe, it must be too late on the books." Our company's normal treats and gifts are not allowed to exceed 300 yuan. The audit is very strict." But the facts show that the reimbursement system has almost no binding effect.
Driven by environmental influences and interests, Chinese sales personnel use the company's control loopholes in meeting expenses and use shell companies to take cash from companies to carry out bribery or private pockets. Researchers at Brigham Young University in the United States have conducted a statistical study that attempts to know what characteristics of fraudulent people as a group. The conclusion is that there is nothing special about white-collar criminals compared with the general population. Before the crime was exposed, most of them were ordinary people or even good employees in the eyes of colleagues. Whether it is a company that seems to be running a specification or a personal trust in its employees, it is not enough to ensure that fraud does not happen. This argument is for two reasons:
First, for companies that lack anti-fraud awareness, departments may not consider or comprehensively consider the risk of fraud faced by companies when formulating systems and processes. Therefore, although the enterprise system is sufficient to meet the needs of business operations, it may not be able to meet the needs of managing specific risks. Driven by greed and pressure, the fraudsters will also evade and even ignore the original effective system design. In addition, with the changes in business, structure, and personnel, the system may become unable to meet actual needs.
Second, before any fraudulent incidents are discovered, it is almost impossible for companies to judge the likelihood of fraud from the past performance of employees. When the east window occurred, the company had suffered huge losses. According to the case of the Fraud Examiner Association, the median loss of direct fraud to companies is $140,000 (for Asian countries, with a median of nearly $200,000), and more than 20% of cases lead to direct losses of more than $1 million. It is worth noting that in past fraud cases, few fraudulent personnel will take the initiative to stop before the incident. On the one hand, they must rely on fraud to maintain their existing status, living standards and bad hobbies to take measures to cover up their fraud. In most cases, fraud is getting worse and the amount is from small to large. When companies find fraud, it is often too late to make up for it.
According to the statistics of the Association of Certified Fraud Examiners, in the case of fraud, from fraud to incidents, usually lasting one to three years, nearly half of the companies, and ultimately unable to recover any losses. Therefore, no matter whether or not there is a fraud incident in the past, enterprises should take the initiative to prevent problems before they occur or prevent micro-duration, which is the best strategy for managing fraud. The following section briefly describes how companies should establish a practical anti-fraud mechanism.
Establish an anti-fraud mechanism that requires companies to do three things: build foundations, understand risks and vulnerabilities, and develop and implement programs.
This is the primary and necessary step for any enterprise to implement anti-fraud.
High-level attitude: Like any other business, anti-fraud is first supported by the highest level of the company (board, CEO, etc.). The highest level is the ultimate responsible person of the company's anti-fraud mechanism. They should formally and continuously express their opinions to all employees of the company through practical actions (meetings, speeches, announcements, document signing, etc.).
Code of Conduct and Anti-fraud Policy: One of the most effective ways to make everyone understand the anti-fraud expectations of a company is to communicate it to every manager and employee in writing. Large enterprises usually have dozens of pages of "Business Ethics" or policies. Small and medium-sized enterprises can formulate similar policy systems in a simplified but practical manner according to the actual situation of enterprises. Personnel and structure: Everyone in the company has to bear certain responsibilities in the anti-fraud mechanism. Enterprises also need specialized personnel to organize and urge all parties to fulfill their responsibilities; This person should have appropriate anti-fraud expertise.
In the practice of multinational corporations, organizations and cartographers are usually general counsel and/or chief compliance officers reporting directly to the board of directors, as well as their legal and compliance staff. Local enterprises in China can set similar positions in line with the actual situation of enterprises, and a common principle is that, given the sensitivity of fraud, this position should report directly to the highest level of the company, such as the board of directors and the CEO. Training has two purposes, one is to convey knowledge, including anti-fraud knowledge, laws and regulations and company policy requirements; The second is to cultivate corporate staff anti-fraud awareness and corporate culture. Training includes on-the-job training and regular training. The training is generally open to all employees, with a focus on management and key positions. Reporting procedures, prosecutions are the most effective means of detecting fraud, and more than 40% of frauds are discovered through prosecution.
Every company should establish a reporting path for all members (web, email or telephone hotline), encourage real-name reporting, allow anonymous reporting, and protect whistleblowers. The matters reported should be received by a special person and reported independently to the highest level such as the board of directors. For matters that have sufficient clues, obtain authorization, organize resources, conduct investigations according to the prescribed procedures, take remedial measures, and consider reporting to the public security organs. After the event, the reasons should be summarized and the loopholes in the system, structure and process should be rectified. Internal audit, about 14% of fraud, was discovered by an internal audit, second only to the report. The factors that consider anti-fraud in the internal audit work have two functions. One is early detection and the other is deterrent.
However, each company's industry and business are different, and the areas where fraud risks are located are different. A product manufacturing company that purchases a large number of raw materials is prone to the risk of bribery by procurement personnel; an engineering company dedicated to infrastructure construction is prone to the risk of the sales department paying bribes to the bidder, and the family has a large amount of cash income and consumer goods. The supermarket is more prone to theft of assets.
Therefore, it is necessary to find out which parts of the enterprise are prone to problems according to the actual situation of the enterprise, and to deal with them in a targeted manner. It is divided into the following four steps:
1) Identify risks: Identify fraudulent events that may occur in the company, including what business processes will occur, what departments and positions are involved, and what the means of fraud are; in practice, usually The special organizers convene the main management personnel and key employees of the company to express opinions through interviews, questionnaires, seminars, etc., and organize the collected information into a list of potential fraud events. Here is a framework for considering potential fraud events; in fact, fraud cases in different periods and in different regions have certain commonalities, which can be used to classify fraud patterns. Almost any fraud cases are classified into one or more of the following fraud patterns: Classification of fraud patterns: encroachment on assets: including theft of cash and deposits, interception of receipts, misrepresentation of expenditures, etc.; Illegal occupation and theft of valuable equipment, raw materials, and products. Corruption: Bribery usually comes from suppliers.
Bribery usually flows to customers and the government. Covert bribery is done through third parties such as agents, dealers, and shell companies. Bribery to the government and public institutions has more serious legal consequences than ordinary commercial bribery. Foreign-funded enterprises or Chinese-funded enterprises that intend to go public abroad are also subject to foreign laws such as Chinese law and the US Foreign Corrupt Practices Act. Common examples of conflicts of interest include competition between a company's employees and an employer and unfair associations. Fraud statement: Report fraud refers to senior managers or major shareholders who hold actual control of the company, deliberately misleading investors by fabricating financial statements and announcement information. Employees forgery of academic qualifications and experience, supplier forgery of qualifications, etc. are fabricated non-financial documents. Companies can use the above classification as a starting point to fully consider the possibilities of each aspect. Of course, the final event of the company's fraud should still be the result of combining the company's own operation and management status.
2) Assessing risk: Based on the summarized list of events, evaluate the likelihood of these events occurring, and the extent to which they affect the company, and rank the events by risk.
3) Understanding management vulnerabilities: Managing vulnerabilities means that the current state of enterprise management is not sufficient to prevent fraud. Few companies have no ready-made management measures. For example, most convenience stores have cameras installed, and most companies do not allow sales personnel to pay for customers. Understand the loopholes, that is, examine the current status of management of the identified potential fraud incidents and determine whether the status quo can meet the anti-fraud requirements.
4) Response: For high-risk potential fraud incidents, a coping strategy is developed. The strategy is mainly to make up the action plan required for the vulnerability, and the expected personnel, time and other resources. Note that there is also a risk that there is no risk of managing vulnerabilities at present: companies should ensure that the current state of management continues to be effective – just as convenience stores are ensuring that their cameras are working properly every day. The above work should be carried out continuously every year. Given the accumulation of documentation and personnel experience, the workload for the following year will usually be significantly less than the first year.
Whenever there are major changes in the company's business, business model, personnel and organizational structure, and systems, special attention should be paid to the corresponding changes in risks and vulnerabilities. Third, the formulation and implementation of all the response strategies of the program should be approved and authorized by the senior authorities, and the corresponding resources are obtained. The organizer shall then instruct the relevant personnel to formulate specific action plans and timetables in accordance with the plan under the strategy and implement them after approval. Specific solutions usually involve management methods, business policies and processes, job roles, and system changes. In order to carry out the above three aspects of work effectively, enterprises should pay attention to the following aspects:
First, pay attention to actual results, convening meetings, preparing policies, and revising processes are not just paper articles, but bring awareness and knowledge to enterprises and personnel. And changes in work procedures;
secondly, anti-fraud work should be combined with daily work as much as possible. Anti-fraud schemes usually include concatenation and revision of the daily system and operational processes of the enterprise, rather than establishing an independent system.
Third, there is a long-term awareness. The anti-fraud mechanism of the enterprise can be completed in one or two years from scratch; however, the external environment and internal organization of the enterprise are constantly changing, and the enterprise must regularly review risks and loopholes to ensure that management continues to be effective.