Corporate directors fear they will have to pay closer attention to the prevention of fraud and misconduct over the next two years according to a recent report from Deloitte Touche Tohmatsu India in cooperation with the Institute of Directors. Corporate boards should consider what type of adjustments can be made to their internal controls and how they can beef-up risk management systems in order to prevent disruptions caused by the covid-19 pandemic and the introduction of new technologies from fueling corporate corruption and misconduct inside their organization.
According to the report, “Corporate fraud and misconduct:Role of Independent Directors”, nearly 63 percent of independent directors surveyed said they felt that current business disruption could be a catalyst for fraud over the next two years. The respondents highlighted the following top factors that could contribute to an uptick in fraud:
• Large-scale remote working arrangements that can make it challenging to apply internal controls effectively (21.79%)
• Cash flow crunch leading to business operations taking a priority over compliance and corporate governance (20.09%)
• Limited communication/ education to employees on preventing fraud, misconduct, and noncompliance (19.66%)
Additionally, the report cited cybercrimes (23.90%), financial statement frauds (20.96%) and leakage of sensitive information including insider trading (12.87%) as the frauds most likely to be experienced in the near future.
And independent directors surveyed recommended focusing on increasing employee awareness of ethics, integrity and reporting fraud or misconduct issues (21.18%); investing in fraud prevention and detection technologies (15.69%); and special review of significant material items (15.29%) are some best practices that could be deployed to improve risk management practices.
Responsibility and Accountability
This report serves as a reminder that the responsibilities of corporate directors continue to expand, and the entire board must be willing to anticipate potential problems and mitigate them before they have an adverse effect on the company. When it comes to fraud and misconduct, there must be a clear understanding of who is accountable to whom when it comes to reporting, investigating and handing out punishment for misdeeds—at every level of the company, including management and the board. At the very least, a rigorous review of the company’s fraud detection systems and protocols, as well as any fraud and misconduct whistleblower reporting systems should be checked for reliability. Then the company rules regarding those systems should be clearly communicated to all employees by management.
Corporate board members should take it upon themselves to increase their knowledge of cybersecurity risks and other fraud schemes currently used by bad actors. Increasing the board’s level of awareness of new regulations regarding cybersecurity, accounting rules and misconduct will also help mitigate risks. For example, the SEC has signaled that it will likely begin checking to make sure companies are properly disclosing material events related to their cybersecurity programs and vulnerabilities, including timely disclosure of any cybersecurity lapses or breaches. Companies should make sure they are prepared to comply with those rules and others regarding risks or misconduct that may be critical for investors to know.
Running a few simulated emergency situations as a test of the company’s fraud detection systems and emergency readiness would be a good exercise if it could be arranged. Finding out if everyone knows what to do in those situations before they become real would go a long way toward improving fraud and misconduct prevention.
And finally, a more difficult assessment would be determining if the board culture and risk management protocols allow individual board members to hold each other and the management team accountable if misconduct is suspected. The board audit committee might want to conduct a confidential survey of directors and key executives to determine if people felt empowered enough to act if they became aware of misconduct. This could be the ultimate test of whether the company can stop disruptions caused by a rouge actor from within.