However, our research has found that while 78 percent of companies said that the use of technology to examine the transactions of a company would result in better fraud detection and more effective prevention of corruption, only just over half (53 percent) actually use technology to monitor activities at higher risk for bribery and corruption.
When we take into account the sheer volume of data that a company produces, we recognise that a compliance or internal audit team cannot go through that amount of information manually. The use of technology to analyse vast amounts of company data in a short period of time frees up the company's internal audit and compliance teams to focus on potentially dubious transactions or higher risk areas.
For example, technology can be used to uncover potential conflicts of interest in procurement by cross-referencing addresses and telephone numbers within vendor lists with HR files fairly quickly. A data analytical review of all expense or travel claims, which are common ways of hiding bribes and kickbacks, can establish if there are any patterns to claims for reimbursement.
The stigma with whistleblowing
As well, more companies are now making use of whistleblowing hotlines to investigate and monitor unethical behaviour. These hotlines, or tip-offs, are a common way of detecting misfeasance. Yet our survey revealed that such mechanisms are not actively used by most companies in Asia-Pacific, due to a fear of reprisal or exposure of confidentiality of the whistleblower.
To mitigate that, there must be clearly defined procedures on how the information is treated and the independence of such hotlines. That way, employees will understand what is legal and ethical to the company, and report breaches if any. Given the nature of whistleblowing and the fact that most programs allow for a report to be made anonymously, companies must be wary of vexatious or malicious complaints, and sort the wheat from the chaff, so to speak.
It is clear that having documented policies on ethics and codes of conduct only form one brick in a very big wall of governance, controls and ABAC programs within a company. The use of various other mechanisms, especially technology to wade through the vast amounts of data should not be an option; it is a necessity. To be able to analyse all the transactions of a company rather than just sampling, enables companies to ascertain, to a much higher degree, the trends, anomalies, and higher-risk areas. This in turn allows the companies to focus their limited resources in compliance and internal audit to the areas of greatest need. Also, educating and communicating to staff should not be a point-in-time endeavour; it must be a sustained and concerted effort by everyone in the company, especially those at the top.
Sign up for CIO Asia eNewsletters.