Following a rash of cyberattacks on some of the world’s biggest brands, cybersecurity has become a major priority for corporate board members, catapulting to the top of the agenda. However, boards must remember cybersecurity is one risk among many that can fall into the broader category of fraud, a significant and growing threat all organizations face.
Fraud takes a big bite out of the top line. Companies globally lose roughly 5 percent of their revenue to fraud each year, according to the Association of Certified Fraud Examiners (not to mention the toll it takes on customer loyalty and brand reputation). Consider this: While plane accidents and their aftermath steal media headlines, driving, which is far more dangerous, doesn’t get nearly as much attention. Similarly, major cyber breaches steal headlines, but fraud tends to quietly cost organizations more each year.
Boards are not directly responsible for enforcing a requirement for anti-fraud programs (like those that are emerging for cybersecurity from the Securities and Exchange Commission and other oversight bodies). However, individual board members could end up paying dearly if fraud occurs on their watch—from being fired from the board and/or company to having to deal with litigation and regulatory fines.
“By harnessing data analytics and automation, fraud detection can become more efficient and effective.”
Depending on the severity of the fraud circumstances and the organization’s industry, board members could even face personal civil or criminal risk. To wit, the recent case of Kobe Steel and the data fraud perpetrated there to make its products look better thus far has cost the chairman his job and upward of 80% pay cuts for other directors and executive officers.
Many emerging fraud threats are far removed from the inner sanctum—and could raise a board’s exposure to wrongdoing. These threats range from corporate malfeasance and corruption within corporate subsidiaries to conflicts of interest and money laundering among customers, partners, vendors and other affiliates.
In addition to the top line, fraud impacts the bottom line and long-term profitability potential of the organization, whether committed through weaknesses in procurement, payroll, travel and expense, benefits or other key business processes.
Adding insult to injury, as companies transition to fully digital enterprises, it creates that much more potential for bad actors to commit myriad types of fraud with just a few keystrokes.
However, digitization works both ways. By harnessing data analytics and automation, fraud detection can become more efficient and effective. Boards can help ensure their organizations have sharp fraud risk management systems and that they’re generating the best possible return on investment.
While board members may not implement anti-fraud programs directly, there are a few ways to ensure these initiatives are part of a comprehensive risk management program, protecting the organization from fraud of all kinds.
- Revisit the relevant committee charters to ensure fraud oversight.
Board members should revisit and, if necessary, revise their committee charters to make sure their fraud risk oversight responsibilities are up to date. (The audit and risk management committee charters should be considered in particular.) Boards must also evaluate the independence and oversight of these committees and ensure processes are in place so key leaders, such as the chief audit executive, are free to communicate their concerns directly with the board. Committee members should consult with management regularly to remain familiar with fraud risk management measures and evolving budgetary priorities.
- Balance the board and pick the right leaders.
While boards are stacked with CEOs and presidents, they often lack the diverse financial acumen and risk management skills necessary to know what questions to ask to ensure their organizations have adequate anti-fraud measures. Boards must act decisively to fill these gaps and, if necessary, recruit seasoned executives with strong backgrounds in risk management to drive the board’s risk oversight agenda and fraud-management strategy. Boards should not rely solely on dedicated risk professionals. Regardless of background, each member has a responsibility to their organization to be fraud-conversant and stay abreast of the fraud risk landscape within their industry.
- Consider third-party oversight reviews.
One of the most effective and increasingly popular ways for boards to improve their organization’s fraud risk consciousness is to engage third parties to conduct an independent review and ongoing monitoring of the organization’s fraud risk posture. Alternatively, internal audits can be effective in assessing the overall fraud risk profile of the organization and any particularly hot risk areas (although they’re not infallible). Either way, the key is a data-driven assessment that will help ensure the board is aware of any serious problems within.
Board members can be forgiven for expending more resources on cybersecurity. However, they can’t let rising investments in one risk area eclipse others. Taking inventory on existing anti-fraud measures and affirming their responsibilities (and exposure to risk) is a good place to start.