· Large organizations: Only 43% investigating fraud based on severity.Focused on mitigating well known frauds, but unprepared to tackle new concerns such as social media and anti-competitive behavior.
· Small and medium enterprises: Lacking commitment to mitigate fraud. 42% cite inadequate budget and resource allocation; 32% feel burdened complying with anti-fraud regulations; frauds are mostly detected by accident.
· Working professionals: 56% believe they are personally responsible to fight fraud. About 47% felt laws can be effective in curbing fraud. About 61% feel corporates must openly discuss fraud and educate employees.
Mumbai, December 21, 2016: Corporate India believes fraud will rise in the coming years, according to majority of respondents to the India Fraud Survey, Edition II, by Deloitte released today. About 70 of respondents representing large organizations (multinationals and domestic companies), 54% of respondents representing small and medium enterprises, and 65% of working professionals indicated corporate fraud would rise in the future.
‘Diminishing ethical values’ was identified as the most common cause for fraud by respondents across categories.Respondents continue to identify known frauds such as bribery and corruption, diversion/theft of funds and vendor favoritism (only large organizations) and conflict of interest (only small and medium enterprises) as top fraud schemes that their organizations had experienced in the last two years.
While concerns around fraud appear similar, the methods employed to mitigate fraud reveal vast differences in approach within organizations, signaling that fraud is complex and organizations have a long way to go in effectively mitigating fraud.
Large organizations continue to focus on well-known frauds, unprepared to tackle new frauds
In the area of fraud prevention, large organizations appeared to be focused on preventing only historically known frauds, and appeared inadequately prepared to tackle new frauds such as social media and anti-competitive behavior. For instance, on social media, the majority of respondents did not share an opinion on how their organizations would handle smear campaigns, which is a potential reputational risk. 68% respondents also believed there was misuse of intellectual property by unauthorized users and other 65% said there was use of fake profiles masquerading as the company to fool customers. Many organizations have been unable to keep up with the advancements in the hacking ecosystem and remain equipped with old cyber security models designed to keep the ‘hacker-of-the-90s’ out.
Fraud was mostly detected through whistleblower hotlines. Response to fraud is complex and determined on a case to case basis – 43% of respondents said investigations were commenced based on the severity of fraud; 36% said the fraudster was allowed to resign in lieu of pressing legal charges; and 33% said fraud was communicated to employees, the Board and regulatory agencies.
“It is disconcerting to note that large organizations do not appear to be stepping up to face the challenge of mitigating new fraud and noncompliance risks. While we observe increased adoption of automation and continuous monitoring as part of fraud risk management, it appears that these initiatives may be unable to detect new and emerging frauds. New frauds call for new preventive measures,” said Rohit Mahajan, APAC Leader, Partner and Head, Forensic – Financial Advisory, Deloitte India.
Small and medium enterprises indicate lack of commitment to tackle fraud
About 48% of respondents felt there wasn’t enough commitment to tackle fraud. In line with that 42% felt there was inadequate budget and resource allocation to prevent fraud. About 32% felt complying with anti-fraud regulations placed additional burden on them. The top three measures undertaken to prevent fraud included: Independent Audits (71%), implementing a code of conduct (62%), and regular monitoring and assessment of fraud risks (52%). Fraud was most likely to be detected by accident.
Around 25% of respondents indicated that their organizations reviewed their fraud risk management frameworks only upon an incident occurring and 23% addressed fraud observations within 1-2 months of the incident. Deploying technology to curb fraud appeared to be a challenge with 17% of respondents citing budgetary constraints, and 23% claiming lack of clarity around the utility of such tools. Response to fraud continued to be driven by the materiality of fraud (19%).
“Small and medium organizations are struggling to mitigate even well-known frauds such as bribery and corruption. Given the inherent limitations of these organizations, there is need for government intervention to help tackle fraud. In this regard, increased digitization in all spheres of business combined with strong enforcement of anti-fraud laws may benefit small organizations,” said Mr. Mahajan.
Working professionals want to be part of organizations’ fraud risk management efforts
A majority of working professionals believed that the primary responsibility to fight fraud remained with them (56%). They also remained optimistic about the effectiveness of laws in curbing fraud (47%).
About 70% of respondents felt that their employers provided enough opportunities for them to share instances of unethical behavior. To better tackle corporate fraud, working professionals favored the following options: openly discussing fraud and educating employees (61%); recognizing and rewarding ethical behavior (59%); and naming and shaming wrong doers (57%).
“Successful fraud risk management efforts tend to go beyond strong internal controls or the presence of policies. Employees can play an influential role in the success of fraud risk management efforts. Nurturing a community of ‘employee influencers’ can help reinforce ethical behaviors and mitigate fraud. We are seeing several organizations designate certain employees as ethics champions to encourage other employees to demonstrate ethical behaviors,” said Mr. Mahajan.
About the survey
Deloitte conducted three separate surveys that saw a total of 309 responsesand focused on three target groups – Large organizations, small and medium enterprises and working professionals - and collated the responses into a report.
This survey report has been developed on the basis of responses received to a questionnaire that wascirculated to leading CXOs across all major sectors and companies working in the area of fraud risk management, as well as working professionals, in October and November 2016.
This edition of the India Fraud survey by Deloitte also puts the spotlight on five new business trends that will likely impact the fraud landscape in India in the future –Blockchain, Internet of Things, Robotics, Cashless transactions and Online market places. There are also perspectives from the Deloitte member firms in Japan and Australia on the fraud concerns in their countries and possible challenges faced by some of their clients while working in India.