By Jesman Howera
Isn’t it all too easy to think of fraud as someone else’s problem? When people set up their own businesses, the threat of fraud may not be a
major concern — its importance may only gradually dawn on them. Most managers in Zimbabwe may tend to be more worried about the Bank Manager, the Tax Inspector, Central Bank officials and the auditor than the threat of fraud.
The threat of occupational fraud has always existed in Zimbabwean organisations in all sectors, however, the opportunities for it have expanded with the hyper inflationary and deteriorating economic environment which has brought real and substantial corporate crime threats and difficulties that have seriously affected organisational perfomance by interrupting business operations as evidenced by the reduction in foreign direct investment, closure of companies, volatile stock prices and erosion of shareholder, employee (brain drain) and market confidence.
As such occupational fraud in Zimbabwe has in the past two years escalated, taking a variety of forms ranging from minor employee thefts of basic commodities and unproductive behaviour to misappropriation of assets, revenue skimming and breaches of the country’s exchange control regulations, payroll fraud, accepting kickbacks or profiting from conflicts of interest and fraudulent financial reporting.
A number of highly publicised cases in Zimbabwe have also heightened the awareness of the effects of fraudulent behaviour in the work place and have led many organizations and regulatory authorities (RBZ and government ministries for example) to be more proactive in taking steps to prevent, deter or detect its occurrence.
Misappropriation of assets has nonetheless resulted in substantial losses to a number of Zimbabwean organisations where dishonest employees had the incentive (pressure or need), opportunity, predisposition (attitude and justification) and most importantly capability to commit fraud.
Research has shown that up to 6% of organisations’ revenues may be lost annually as a result of fraud and abuse [ACFE, 2004] and in Zimbabwe the economic impact of occupational fraud has been significant, also most bringing the economy to a halt.
Fraud studies have also shown that about 80% of occupational frauds are committed by lower level employees and account for only about 20% of the losses in dollar value.
On the other hand senior management commits about 20% of occupational frauds which account for about 80% of the losses. It has also been proved that most frauds directed at organizations originate from and/or a link ‘within’ (ACFE, 2004; AICAPA, 2005).
Given the facts recited above, how can organisations in Zimbabwe stem losses due to occupational fraud at all levels and in the process of doing so, get better the bottom line?
First and foremost, clear organisational objectives relating to fraud prevention and reduction must be identified and communicated throughout the organization.
Whilst it is true that internal controls in every organisation provide reasonable assurance that organisational objectives are achieved, without specific objectives to reduce occupational fraud to tolerable levels, what will efforts to improve internal controls for fraud produce? Suboptimal results if not nothing.
The economic environment currently obtaining in Zimbabwe does calls for a strategic fraud risk management approach which combines prevention, deterrence, and detection measures.
However, since fraud is not always very easy to detect as it often involves concealment through falsification of documents or collusion among management, employees, and / or third parties (and regulators), how about organisations rather placing a strong emphasis on fraud prevention, which may reduce opportunities for fraud to take place; and fraud deterrence, which could dissuade individuals to commit fraud because of the likelihood of detection and punishment?
Moreover, prevention and deterrence measures are much less costly than the time, expertise and expense required for fraud detection and investigation.
Secondly organisations need to carry out a fraud risk assessment process to identify and evaluate the risks of occupational fraud in order to implement relevant processes, procedures, and controls needed to mitigate the risks and reduce the opportunities for fraud.
Neither fraudulent financial reporting, misappropriation of assets nor a petty theft occurs without a perceived opportunity to commit and conceal the act (Cressey, 1973).
The fraud risk-assessment process should therefore consider the vulnerability of the organisation to fraudulent activity and evaluate whether or not any of those exposures could result in a material misstatement of the financial statements or material loss to the organization.
Once management has identified areas posing a higher risk of fraudulent activity in terms of the entity’s operations, its financial reporting process and circumvention of controls it can then decide which fraud risk to tolerate (accepting), transfer, treat or terminate.
It is only the fraud risk that management decide to treat that need effective preventive and detective internal controls whether automated or manual, which should include a well-developed control environment, an effective and secure information system, and appropriate control and monitoring activities.
For example, fraudulent financial reporting by lower levels of management and employees may be deterred or detected by appropriate monitoring controls, such as having higher-level managers review and evaluate the financial results reported by individual operating units or subsidiaries.
For fraud risks that an entity may choose to transfer, why not for example sell certain segments of the organisation’s operations, cease doing business in certain locations, or reorganize its business processes to eliminate unacceptable risks. It may be possible to reduce or terminate certain fraud risks by making changes to the entity’s activities and processes.
For example the risk of corruption may be reduced by strictly monitoring the entity’s procurement process.
The risk of financial statement fraud may be reduced by implementing shared services centres to provide accounting services to multiple segments, affiliates, or geographic locations of an entity’s operations.
Thirdly it is from a forensic auditing perspective fundamental that organisations deal with occupational fraud by creating and maintaining a culture of honesty and high ethics based on a set of core values in addition to implementing measures to reduce wrongdoing or criminal activity.
These values provide a strong message about the key principles guiding employee actions and clearly articulating that all employees will be held accountable upon failure to act within the organization’s code of conduct.
Organisations should also be conscious that almost any employee may be capable of committing fraud given the right set of circumstances.
Forensic auditing experience has shown that fraudulent activities by upper-level management typically involves override of internal controls within the financial and other business processes because management has the capability to override controls, or to influence others to perpetrate or conceal fraud.
Accordingly, management should develop a heightened ‘fraud awareness’, an appropriate fraud risk-management program supported by senior management, and an appropriate oversight process from the Board of Directors or Audit Committee as the potential for management override increases the need for appropriate oversight measures.
* Jesman Howera is a Senior Manager — Fraud & Forensic Services at PricewaterhouseCoopers — Zimbabwe