The latest Ernst & Young survey (their 12th) is an excellent and essential read for all concerned with the risk of fraud.
I especially like the separate sections for different regions.
One word of caution: the report doesn’t quantify the potential impact of fraud or corruption, it only discusses the likelihood of such, and the presence (or otherwise) of the controls and environment necessary to combat it. See this earlier post for a review of the ACFE report on fraud, which includes estimates of fraud impact.
Highlights from the Report:
- Companies’ awareness of the risks posed by fraud, bribery and corruption is high. A substantial majority of these companies are doing the right things to mitigate the risks.
- On a global basis, 39 percent of respondents reported that bribery or corrupt practices occur frequently in their countries. The challenge is even greater in rapid-growth markets, where a majority of respondentsbelieve these practices are common.
- Respondents to our survey were increasingly willing to make cash payments to win or retain business and a greater proportion, including CFOs, expressed an increased willingness to misstate financial performance.
- Globally, 15 percent of respondents are prepared to make cash payments, versus 9 percent in our last survey.
- 5 percent of respondents might misstate financial performance, versus 3 percent in our last survey.
- Mixed messages are being given by management, with the tone at the top diluted by the failure to penalize misconduct.
- Boards are ultimately responsible, but according to our respondents, they're sometimes seen as out of touch with conditions on the ground.
- Given the lack of progress since our last report on this issue, it's clear that boards need better and not just more information. Some feel swamped by voluminous risk management and control information and need more tailored, responsive and focused reporting.
- Despite the significant risks and specified demands of regulators, our survey suggests that the corporate response to mitigating third-party risks is still inadequate. Many companies are failing to adopt even the most basic controls to manage their third-party relationships.
Ernst & Young has a number of recommendations for improving controls and the overall environment -- it's worth spending the time to read and discuss it with the management team.
Editor's Note: You may also be interested in other articles by Norman Marks:
Does the Future Hold a Bigger, Better Role for Risk Management?