Today almost everyone speaks about the importance of proactive compliance strategies, in opposition to reactive ones. Of course I fully agree on the importance of proactivity. But, it is important to remember that it requires a well-developed nervous system that allows the brain (the top management) to control and receive the information from the body (the organization).
How is the nervous system of your compliance department?
I hope that your organization can rely on an active control system. With this term I mean a multi-channel informative system that controls business daily life with the aim to identify suspicious activities.
Generally, compliance offices rely on three main channels to detect fraud:
- Accounting reports
- Auditors’ indications
- Whistleblowing and formal communication from teams/individuals.
Unfortunately, extensive empirical and forensic evidence has proved that these three informative channels are not sufficient. In this context, the compliance office can develop multiple alternative channels and control tools. I mention other two that I consider most important and effective.
First, in addition to financial indicators, compliance department can develop non-financial indicators that can match the financial ones. Productivity indicators (both on the production and on the commercial side) can be useful to verify the reliability of financial indicators. For example, in the trial of Richard Scrushy, CEO of HealthSouth prosecutors highlighted that both the CEO and the board must have known that something was wrong with the company financial reports: there was a significant discrepancy between the increase of revenues and the dramatic reduction of the facilities of the firm.
In this sense, the compliance department can develop multiple non-financial indicators to control the different activities of the firm. This issue is extremely important in particular, when firm manages geographically-dispersed subsidiaries that operate in difficult environments. (A good interesting article to read about this issue is: Brazel et al Using nonfinancial measures to asses fraud risk, Journal of Accounting Research, 47 (5), 2009).
Second, corporate compliance offices can develop (or eventually contract) a small team of corporate intelligence specialists to conduct random controls on individuals, teams and or business units. (Here I will not enter in the details about how to structure and manage these teams, it will be object of discussion in the future.). In this context the corporate intelligence unit can search, in the full respect of the law, for indicators of suspicious activities looking through alternative channels.
For example, a central European company that I advised a couple of years ago discovered, as a part of a random investigation, that the sister of one of its top managers had suspiciously opened a new firm in the very same sector where the business unit of that top manager was operating. Further investigation lately proved that in reality the top manager was conducting a parallel business during working hours, using corporate time, information and resources for self-gain.
The morale behind these considerations is that the higher the number and variety of reliable control systems, the higher your capability to detect frauds and suspicious activities.
But, don’t forget, the control should be always active. Otherwise, fraudster will use your lack of attention to undertake some new illegal business on the expenses of your company.