Revenue had soared suddenly in the Africa operations of a UK-headquartered multinational while its business had tailed off elsewhere. Eager to celebrate this success and spur his East and West Africa managers back into growth, the CEO toured several plants and publicly lavished praise on its regional director.
The CEO was confident that he had a good team; they simply needed to be reminded of their dispensability.
Just as the plane touched down at Jomo Kenyatta International Airport, Kenya, the CEO’s smartphone vibrated. Jet-lagged, he wearily retrieved it from his jacket. A text message from his personal assistant asked that he accept a call at home that evening from the vice president of internal audit on a matter of great urgency.
“I can’t even leave town for a few days without someone getting into a cold sweat,” he thought. Several hours later, he too was unnerved when the internal audit chief revealed there were unmistakable signs of revenue overstatement in the East and West African regions.
“How bad?” the CEO asked. “Very bad.”
“How could this be?” the CEO exclaimed. “I was just there. The place is booming!”
“You saw what they chose to show you. Apparently, they just made up last year’s numbers and paid off everyone who was in a position to jeopardise their performance bonuses. We noticed it as soon as we looked.”
But they had not looked soon enough, the CEO ruefully realised. Later, a fraud examination would reveal that he and the East and West Africa regional director had been passive stewards.
The company had not conducted adequate background checks on its local hires and had not trained its expat staff in doing business ethically in an emerging market and complying with the UK Anti-Bribery and Corruption Act. Perhaps worse, the home office had not noticed that the company’s code of ethics had never been translated into other languages.
The CEO saw that the board was going to crucify him, the press would humiliate them all and the company’s shares would take a solid hit. Plus, the regulators would have to be dealt with. It was infuriating, the CEO thought. A few days later, thousands of investors joined him in this sentiment.
Despite various financial mega-crises in one decade, there are indications that fraud may still not be seen as a lethal threat to the global financial system and the welfare of every nation’s citizens. Over the past 10 years, failures in governance and accounting destroyed billions of dollars in investors’ savings and widespread conflicts of interest evaporated additional billions in homeowners’ equity.
Two of the most important laws in generations — the Sarbanes-Oxley Act of 2002 and the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 — have led to the imprisonment of many who engineered these catastrophes. Yet much more must be done to rein in these losses, and skillfully applied anti-fraud measures should be a central ingredient in the action plan.
The hope among fraud fighters is that organisations will better integrate their governance, risk management and compliance (GRC) and anti-fraud programmes, creating synergies and efficiencies that will better detect and deter fraud. For that co-ordination to occur, though, leaders have to recognise the ubiquity and seriousness of the fraud threat.
In summary, I emphasise that “the main task for boards is not governance, but leadership.” The CEO should continue to break down organisational silos; embrace senior management’s goal to integrate deeper with operations; focus risk management efforts on the value you can add to the organisation in achieving its strategic and operational objectives; get out of the office when possible and see how your company actually does business and look for allies in other departments.
You may find, for example, that your finance department shares the desire to improve the firm’s technology. Or that your IT director has some thoughts on better protecting the company’s digital assets. The key is to have the conversations. Understand the analytical tools and methodologies that are available to help you dig deeper into your company’s risk issues. It is important to find the appropriate tools, use them effectively and share the results with decision makers.
If you put good controls around your fraud risk indicators, it helps limit your potential fraud exposure. Once again, crisis presents opportunity — in this case, fraud fighters need to infuse their organisations’ governance, risk management and compliance programmes with anti-fraud awareness and action.
George Nying’iro is the manager, forensic services risk consulting at KPMG East Africa