Continuous monitoring key to fighting fraud
A new report from KPMG indicates that the “typical corporate fraudster” is a senior finance executive, and that 32% of all employees that commit fraud work in corporate finance. Perhaps as worrying, KPMG’s report also shows that CEOs are the fastest-growing group of fraudsters—26% of those committing fraud are chief executives, up from 11% in 2007.
“These are worrying statistics for shareholders and audit committees, because these are the very two groups they rely on to lead the fight against corporate fraud,” says Mike Roos, director, Barnstone Fraud Risk Services. “These are global figures, but they are borne out by local ones from the 2009 Global Economic Crime Survey from PriceWaterhouseCoopers (PWC), which show that 62% of South African respondents had suffered economic crime in the past few months—and 78% of South African respondents believed that that the risk of economic crime was greater in the current economic circumstances, substantially more than the 40% of global respondents. The PWC also showed that senior South African management committed 17% of reported fraud, slightly above the global average of 14%.
“The message is clear: unpalatable as it may be, senior management, particularly senior financial management, could present a risk for corporate fraud.”
Roos notes that the Committee of Sponsoring Organizations of the Treadway Commission (COSO) has issued guidance on monitoring internal control systems to help combat fraud. One of the approaches it strongly endorses is continuous monitoring of transactions, with the aim of ensuring operational effectiveness and efficiency, reliability of financial reporting, and regulatory compliance.
“Typically, monitoring takes place at intervals, and is usually associated with the internal audit function,” says Roos. “As such, it is of a retrospective nature, so it might well be too late. Other considerations are that the average analytics systems are hugely dependent on the expertise of the human writing the query and extracting the data. Financial systems are increasingly complex and heterogeneous, with some financial functions occurring in one system and then reported into the enterprise resource planning system. Conventional analytical tools find it hard to work across systems. ”
The big development in this area has been the emergence of sophisticated tools that monitor financial transactions across all systems in real time, producing exception reports frequently. The checking cycle could be as frequently as every three minutes, Roos observes—underscoring the point that the chances of catching fraud early on is enhanced. And because the data extraction and analysis are automated, dependence on human expertise is reduced making the process highly repeatable.
“Traditional monitoring relies heavily on the parameters that are set by management, so you really have to think of the possible fraud first in order to set the system up to detect it. By contrast, the modern continuous monitoring software relies on sophisticated analytics to identify trends as well, and will then report on deviations from them,” Roos explains.
Roos goes on to add that the typical implementation of continuous monitoring software takes roughly three months to complete, with the first results coming through within weeks. “Its value goes far beyond detecting fraud because it is also helps detect operational inefficiencies and compliance issues—and, best of all, typical payback time on the investment is about eight weeks, meaning that it’s an investment that is easy to make, even in tough times. Yes, the threat of fraud is ever present, but now we have a very practical way of catching it early—something that will help shareholders and audit committees sleep easier!”