|
Tech Views
Fraud prevention in IT companies
IT companies are vulnerable to financial irregularities and
mismanagement of funds. Navita Srikant on the necessity of implementing
stringent anti-fraud controls to mitigate such risks
Navita Srikant |
The global economic slowdown and constant pressure to meet
expectations of stakeholders and investors has increased the risk of fraud in
recent times. Failure to detect and prevent such frauds can have irreparable
damage on a company, and can include—collectively result in financial misstatements
and irregularities at various levels. Non-compliance with legislative and regulative
requirements further adds to the risk.
The recent developments at an Indian IT major could be attributed to the above
factors and has provided a thoughtful insight into the number of areas, which
are vulnerable to fraud in IT companies.
As per Nasscom, the IT sector revenues have grown from 1.2% of national GDP
in 1998 to an estimated 5.8% in 2009. Given the pace and sheer size at which
the IT industry has grown in the last decade, companies in the sector are vulnerable
to a host of frauds such as financial misstatements, asset misappropriation
and corruption—given the large spending by government on IT in emerging
markets.
The most critical area vulnerable to fraud in the IT industry is Revenue (and
associated cost) Recognition. Revenue is one of the most important figures in
the financial statements and one of the most difficult numbers to get right;
hence vulnerability to fraud increases. Revenue recognition topic elicits thoughts
of complicated accounting, difficult judgments and high-profile financial restatements.
Another area susceptible to fraud is Sales and Distribution, which poses multiple
risks such as grey marketing, collusion with customers, inventory leakage, excessive
discounts, duplicate rebate claims, inventory dumping in sales channel to meet
target, etc. In fact, in emerging markets like India, frauds in collusion with
the third parties pose the greatest risk.
Listed above are illustrative fraud risks, which exist in
the IT industry and can be perpetrated by employees, customers and vendors either
individually or in collusion with one another. A technology company should constantly
endeavor to implement and operate robust anti-fraud controls to mitigate such
risks.
- Over or under reporting of revenue and cost
in following situations:
- multiple element arrangement
- deferred revenue
- capitalization of cost
- Corruption using third party service
providers
- Misrepresentations of current assets and
liabilities such as accounts receivables, cash and bank balances, accounts
payable, etc.
- Misutilization of marketing development
funds (MDF)
|
- Piracy/ counterfeiting/grey marketing
- Inventory dumping through collusion with
channel partners during period end
- Collusion with vendors for procurement
of fixed assets and other items
- Collusion with the recruitment agencies
for candidate referral and subsequent payment of commission
- Kickback from employees for recruitment
- Dummy/ghost employees and excessive payments
- Data theft and IP infringement
- Collusion/conflict of interest while awarding
contracts for:
- car rental services
- executive accommodation lease contracts
- security hiring contracts
- catering service contracts
|
If one was to analyze why an employee or third party would perpetrate any of
the fraud risks mentioned above, one will realize that for every fraud to occur,
the existence of three elements—incentive, opportunity and rationalization—is
extremely crucial, known as Cassey’s Fraud Triangle.
An anti-fraud program is a must-have for any company in today’s
times. It helps the management to answer key fraud questions from the external
auditor, audit committee or regulators, and may reduce the organization’s
vulnerability to fraud. Further, it assists in implementation of recommendations
to strengthen a company’s anti-fraud controls and monitor the same on an
on-going basis.
An effective anti-fraud program includes the following elements:
Please note that an organization’s anti-fraud program:
- demonstrates that management is setting the proper
“tone at the top”
- does not provide absolute assurance against fraud,
but it can help to mitigate the effects of fraud
To prevent and effectively manage the fraud risks, managements of some of the
leading companies in sectors other than IT have started identifying answers
to the following questions that are being asked proactively by audit committees,
independent auditors and other key stakeholders.
- Do you have appropriate fraud governance activities
and fraud risk identification processes?
- Do you know the most common types of fraud in your
industry?
- Do you know what kind of fraud you are susceptible
to within specific business functions or locations?
- Do you have internal controls to mitigate your key
fraud risks? Do you have controls that can detect fraud-related activity?
- Have you tested the effectiveness of fraud prevention
and detection controls?
- Are roles and responsibilities pertaining to preventing,
detecting and investigation fraud clearly outlined?
- What protocols do you have in place for investigation
if an incident occurs?
As per the Fraud Mitigation Survey 2008 conducted by EY, 69%
of the respondents having code of conduct confirmed that the code of conduct
in their companies is effective in preventing and detecting fraud by setting
the proper “tone at the top”.
With growing risks and acts of fraud, it is imperative for IT companies to start
asking the above and assess their levels of preparedness for fighting fraud.
Fraud is a common risk that should not be ignored. Effective
fraud risk management will assist the management to identify and institute effective
controls to prevent and detect fraud vulnerabilities, which directly adds to
the bottom line by plugging potential leakage points. Strong fraud prevention
processes help to increase the confidence of investors, regulators, audit committee
members and the general public in the integrity of the company’s financial
reports.
IT/ITES companies should be proactive in identifying fraud risks, implementing
anti-fraud programs and controls to minimize the risk of fraud, in addition
to training employees on a regular basis to enforce a culture of ethics and
integrity.
| Pressure on employees to misappropriate cash or other
organizational assets |
Circumstances that allow an employee to carry out
the misappropriation of cash or other organizational assets |
A frame of mind or ethical character
that allows employees to intentionally misappropriate cash or other
organizational assets and justify their dishonest actions |
- Aggressive sales targets
- Stringent marketing budgets
- Personal financial obligations
- Job dissatisfaction or low morale
|
- Complex supply chain mechanism
- Decentralized authorities
- Semi-automated operations
- Ineffective accounting and information
control systems
- Ineffective monitoring by management
- Inventory susceptible to diversion
|
- Actions parallel to those of management
justified as normal
- Employee is dissatisfied with the job
and believes the company owes to him
- Act of committing fraud is justified to
help family/personal situation
- Changes in lifestyle coupled with low
salaries
- Thrill of committing misappropriation
- Customer may treat theft as borrowing
and intends to return it
|
Navita Srikant is Partner and National Leader, Fraud Investigation
& Dispute Services, Ernst & Young. Email: navita.srikant@in.ey.com.
The views expressed herein are the personal views of the author and do not necessarily
represent the views of Ernst & Young Global or any of its member firms
|
