Over the past 15 years, there have been visible advancements in corporate governance and the way companies do business. Improvements in policy, procedures and enforcement have all combined to level the playing field. Nevertheless, financial misstatement, procurement fraud, corruption and bribery, continue to make the headlines in the media.
The big question is: do these governance improvements come from an internal willingness to change the company culture, or is it due to increased regulatory enforcement?
In truth, it is a bit of both. Following several high-profile fraud cases, governments around the world have introduced swathes of legislation to make companies, and the executives that run them, more accountable. With that, companies introduced more robust codes of conduct and ethics policies.
Policy without enforcement is futile
However, the introduction of robust policies is only part of the equation. EY's recent Asia-Pacific Fraud Survey found a disconnect between these policies and their enforcement in the real world. In Singapore, despite its strong regulatory framework, 59 percent of survey respondents admitted that while their anti-bribery and corruption (ABAC) policies were good, they did not work well in practice. This finding is not dissimilar with other markets around the region, although the level of disconnect ranges. Despite the policies that are being put in place, there is little action taken by companies to educate their people or enforce such policies.
Such a gap leaves companies open to attack by fraudsters. Just because a company has a code of ethics or conduct in writing does not mean that these in themselves can prevent fraud. In some cases, these documents are not taken seriously, with employees signing them blindly. Further, due to lack of training and education, employees that have been with a company for a longer period of time, tend to forget about the existence of such policies.
Further, a lot of companies have ventured in high-growth markets in sought of revenue growth. The pressure to prove performance in these markets may also motivate management or employees to cut corners, commit fraud or bypass rules and procedures, especially during challenging times.
Missing opportunities in technology
A robust and effective ABAC program always starts with the right cultural tone set at the top. Policies alone do not solve the issue; it needs to be combined with communication and education at all levels, covering how issues will be handled, escalation procedures, acceptable behaviours of employees, and the consequences when fraud is committed and discovered.
Beyond policies, communication and education, there are other tools that companies can exploit to detect and mitigate fraud. While business processes and application controls that are in place are adequate for prevention of common errors and basic fraud from taking place, these may not be effective in preventing or detecting the more complex frauds that can (and do) occur. This is where technology can be used fill the gap.
Sign up for CIO Asia eNewsletters.