Periods of economic pressure are often marked by increased rates of corporate fraud that can happen despite the presence of risk management frameworks. Hitesh Patel of Secretariat, a legal, risk and regulatory consultancy, offers a modern, holistic risk view that can help spot the pitfalls lurking in the way.
Today’s strained global economic environment frequently makes headlines — and often for the wrong reasons. Financial distress from elevated interest rates, inflationary burdens and increased costs; headcount reductions leading to fractured internal controls and the removal of checks and balances; opaque supply chains; disrupted markets due to geopolitical instability; and growing regulatory burdens and enforcement — that all translates into relentless pressure at both an organizational and an individual level to deliver. Unfortunately, those pressures can serve as a catalyst for some individuals to act unethically and commit fraud.
Despite robust risk management frameworks and substantial investments in compliance and monitoring, many organizations have experienced significant ethical failures recently, which raises the question: Are current approaches to integrity risk management robust enough to prevent such incidents?
The recurring nature of these scandals certainly suggests we need to re-evaluate existing strategies. New laws and regulatory schemes, like the UK’s Economic Crime and Corporate Transparency Act, also raise the stakes and expose organizations to potential for greater liabilities when crimes are committed. Learning from others’ past failures is crucial, as the belief that “it won’t happen to us” has proven unreliable.
So, the question remains: How can we ensure greater ethical resilience in the face of complex global challenges?
Is Risk Management Actually Making a Difference in Your Organization?
Protiviti’s Jim DeLoach revisits some of his writing from half a decade ago to see if companies are making good on the promise offered by technology to deepen the effectiveness of their risk management processes.
Read moreDetailsWhere to start
Understanding and acknowledging your organization’s vulnerability and implementing robust safeguards are crucial to charting a course through the current complex environment. My experience has also shown me that while traditional risk management models hold value in well-run organizations, many companies struggle with blindspots or a narrow operational perspective, making them susceptible to missing the bigger picture.
This operational myopia can be dangerous due to disaggregated signals, especially when seeking to identify red flags. While individual issues may seem minor on their own, they can paint a concerning portrait and signal a much deeper problem when viewed collectively.
To ensure you are aware of the various signals within your organization, you must think beyond your operational and functional borders. To illustrate, here are some example red flags that could exist within a single business unit. When looked at in isolation, each could ordinarily be considered a separate and immaterial issue, when, in fact, they are connected matters indicating signs of significant problems that require closer examination:
Leadership
A highly respected but domineering management team has been in place for a long time; senior management resists being promoted, despite their success; the expat regional general manager is culturally and operationally in the dark and not entirely clear on the underlying reasons for growth and success but is unquestioning since they are seen as a hero by the head office; team members receive consistently vague and changing explanations from local management to simple queries.
Performance
Operations consistently just about meet stretching budgets; and performance is out-of-kilter with market forces and competitors.
HR
Unusually high employee attrition in a particular part of the business, low staff morale, unquestioning obedience to a local GM; performance measurement is focused on limited metrics, with a reward system encouraging undesired behaviors.
Finance
Increased revenue without a corresponding increase in cash flow; and significant and complex transactions at accounting period/quarterly ends.
Operations
Unexpectedly high product returns and quality failures.
Supply chain
Selection of local, unapproved vendors for critical services; and prepayments to suppliers with unclear value propositions and limited track records.
Compliance & monitoring
Internal audits indicate a general disregard for corporate governance and poor internal controls.
These examples merely scratch the surface of the potential red flags — or, if you prefer, banana peels — lurking within organizations, often obscured by departmental compartmentalization or functional blindness. The pervasive threats of fraud, misconduct and regulatory breaches are a constant risk that latch onto existing weaknesses and have no natural stopping point until they are detected.
Deploying early warning systems
By its nature, fraud and misconduct in a complex environment will be hidden and not readily apparent, making detection the most challenging element of managing risk. Adopting an intelligence-led approach is now a necessity. Instead of relying solely on isolated red flags, which often leads to reactive problem-solving — which is a far less effective strategy — leaders can significantly enhance their organization’s risk management strategy through the following:
- Data-driven insights: Leverage data across different functions/business units using advanced forensic technologies and analytics to identify abnormal trends and anomalies proactively. This approach, overlaid with reference to public domain data sources, will help transform your organization into an intelligence-led powerhouse, allowing you to anticipate and mitigate risks before they escalate.
- Amplify the speak-up culture: Revitalize and assess the effectiveness of your whistleblower program to encourage employees and third parties to report ethical concerns confidently and anonymously. Implement program metrics to monitor for trends and gaps for invaluable internal intelligence to address potential issues proactively.
Why a holistic view matters
Disparate red flags, seemingly unconnected, can be the scattered pieces of a larger puzzle. Leaders can identify patterns and potential banana peels before they escalate by stepping back and looking across the organization across four sets of indicators:
- Employee: Overriding controls; obsessive secrecy on routine matters; lifestyle and income mismatch.
- Cultural: Nepotism; a “results at all costs” culture; unquestioning obedience.
- Business: Results consistently exceed market trends; aggressive accounting policies; and unnecessarily complex transactions.
- Structural: Frequent changes of auditors; inadequate management information; poor governance over high-risk operations.
History is littered with cases in which warning signs were missed or ignored because they weren’t viewed in the bigger picture context. By remaining vigilant and receptive to the tell-tale signs, leaders can prevent similar situations and safeguard their organizations. It is also worth acknowledging that:
- Blind trust is risky: Basing everything on trust and assuming that everyone is honest creates vulnerabilities that may be exploited.
- Opportunity breeds temptation: Someone might be tempted to make unethical choices at any moment.
- Good intentions can go astray: Even well-meaning individuals under pressure might rationalize unethical behavior.
- Internal threats are significant: The most prominent threats often come from within, with senior management being in a position to cause the most damage.
- Remember: Don’t wait for a string of red flags to trigger your early warning system. A seemingly minor issue could be the first note in a dangerous symphony.
Being attuned to warning signs is crucial for detecting potential misconduct. The consequences of a lapse or incident can be devastating. Public exposure of misconduct can lead to severe reputational damage, eroding customer and employee trust and loyalty. The financial toll can be substantial, encompassing legal and regulatory fines, remediation efforts and lost business opportunities. Addressing ethical issues can divert significant senior leadership time and resources from core business activities, further disrupting operations.
While robust risk management frameworks exist, the complex and pressurized global environment demands deeper critical thinking and a multi-pronged approach. By acknowledging the heightened risk environment, cultivating a robust ethical culture, implementing intelligent risk management strategies, remaining vigilant for red flags and fostering open communication, businesses can navigate these challenges and emerge more resilient, honest and prepared for the future.
They are, ultimately, prioritizing ethical conduct that safeguards not only the company’s reputation and finances but also the trust of stakeholders. This proactive approach ensures long-term sustainability and paves the way for continued success in an ever-changing global landscape.