Jun 13, 2014

    One in 3 execs here OK with misstating financials

    MORE than one-fourth of senior executives in Singapore feel it is justifiable to misstate financial performance in order to survive an economic downturn. The staggering statistic was one of many in Ernst & Young's (EY's) 13th and latest Global Fraud Survey.

    The exercise, which involved 2,719 interviews with senior decision-makers in the largest companies in 59 countries - conducted between November and February - looked at the perceived levels of fraud, bribery and corruption across the world in current times.

    It found that financial-statement fraud risk is still prevalent. Aside from Singapore's response, EY's survey found that - across the globe - 6 per cent of respondents said that misstating financial performance is justifiable in order to survive an economic downturn. This is an increase from 5 per cent two years ago.

    EY noted that this is driven by responses from emerging markets where, in some jurisdictions, a significantly higher proportion of respondents stated that they could justify such actions. Compared with Singapore (28 per cent), 24 per cent in India and 10 per cent in South Africa felt misstating financial performance was justifiable.

    "Our survey results show... that executives at senior levels are as likely to justify certain questionable or unethical acts as their more junior colleagues. This should be a significant concern, given their ability to override internal controls," EY's survey report said.

    It found that, in general, C-suite respondents are as likely to justify misstating financial performance, but that CEOs are more likely to justify it than other colleagues.

    "Our results therefore reinforce the need for compliance programmes to fully encompass senior management. The risks posed by these individuals acting unethically have the potential to cause the most serious damage to their organisations."

    Another major risk faced by corporations is cybercrime. EY said its survey results suggest that some executives may be naive when it comes to the scale and severity of the threat posed to their business.

    In addition, the results also suggest that businesses may be slow in adapting to the source of these threats.

    Almost half of the respondents in EY's survey said they see cybercrime only as a very or fairly low risk to their business. Yet, research by the Economist Intelligence Unit shows nearly a third of all businesses sampled see an increase in the number of cyber security attacks over the past year.

    Respondents in EY's survey also said they see hackers as the biggest concern - and are underestimating the risk from organised crime syndicates as well as "advanced persistent threats".

    "Developing an effective response is more difficult without a proper understanding of the potential sources of attacks," EY points out.

    Its survey also found that bribery and corruption continue to pose a serious risk. In 40 per cent of the countries surveyed, more than half the respondents said corruption was widespread. It also found that one in five CEOs surveyed was asked to pay a bribe.

    EY says that companies' current approach to compliance - focused only on managing the legal and regulatory risks - is insufficient.

    "The conclusion that boards and senior management should draw is that an assessment of the risk needs to involve a wide range of functions and business units. This is also borne out by our respondents who see better collaboration between legal, compliance and internal audit as something that would improve the effectiveness of the compliance function."

    EY says companies need a multi-pronged approach. Boards must challenge management on the quality and frequency of their risk assessments, particularly around new risks such as cyberfraud and cybercrime.

    Companies should also use forensic data analytics tools to improve compliance and investigation outcomes. Specialised due diligence, such as anti-corruption due diligence, should be the norm and not the exception.

    Companies should also have clearly defined escalation procedures, whether to respond to a whistleblower or a cyber incident, to minimise the damage being done and to speed the process of board notification.