KPMG ANALYSIS OF GLOBAL PATTERNS OF FRAUD Who is the typical fraudster Executive summary kpmg.com/cee Contents The survey Fraud is up, defenses are down Key findings Profile of a fraudster In a position of trust Where the fraudster works Time at the organization before detection Solo or in collaboration Motivation for fraud Gaps in defenses Reporting of fraud incidents Warning signs Red flags not to be missed 1 1 1 1 1 2 2 2 2 2 3 4 4 © 2011 KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved. The involvement of the CEO in fraud cases has more than doubled from 2007 to 2011. This may be a result of the increased pressure that was placed on executives to meet performance targets during the economic downturn. The survey Fraud is up, defenses are down KPMG Forensic has released its international study “Who is the typical fraudster – KPMG analysis of global patterns of fraud.“ This study follows our European 2007 analysis of fraudulent behaviour, and this time draws on data from worldwide KPMG practices. The survey indicates that fraud and misstatement of results continue to be growing problems. The 2011 Study seeks to identify global patterns from individuals that have committed acts of fraud, values of the frauds committed and duration over which the frauds were committed. The 2011 Study is based on data compiled from a study of 348 actual fraud investigations conducted by KPMG member firms in 69 countries, over the period January 2008 to December 2010. While it includes some high-profile reported cases, most of the investigations were not publicised. Only where “white-collar“ crimes were committed and where the perpetrator was evident, did we include the investigation in the analysis. The results reveal a profile of the typical fraudster, corporate attitudes towards fraud prevention and red flags not to be overlooked. Furthermore, it outlines strategies to keep your business safe. The 2011 Study highlights the typical fraudster investigated by KPMG as: • A male • Between 36 and 45 years of age • Commits fraud against his own employer • Working in the Finance function or in a finance- related role • Who is a senior member of management • And has been employed by the company for a period of more than 10 years • Who most often colludes with others. © 2011 KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved. Conversely, responses to fraud are becoming less effective. Internal controls are now considerably weaker than in 2007 and management review is less robust. Consequently, with increased economic pressures on individuals, failure to address red flags and the prolonged time lapse between fraud inception and detection, there is the substantial likelihood that currently undetected frauds will emerge in greater numbers in the next two to three years. Key findings Profile of a fraudster The typical fraudster investigated by KPMG is between the ages of 36 and 45. This trend is in line with the 2007 survey. 87 percent of the fraudsters investigated, were males. This compares with the 85 percent of male perpetrators identified in 2007. We note however that more female perpetrators were the subject of our investigations in the Americas and Asia Pacific (22 and 23 percent respectively), than in those cases investigated in EMA (8 percent). In a position of trust We noted an increase in perpetrators at Board level – up from 11 percent in 2007 to 18 percent in 2011, and a decrease in the number of cases involving members of senior management, from 49 percent in 2007 to 35 percent in 2011. A small but increased proportion of cases involved staff members below management level – up from 14 percent in 2007 to 18 percent in 2011. Notably, the involvement of the CEO in fraudulent activities increased from 11 percent in 2007 to 26 percent in 2011. Who is the typical fraudster – Executive summary | 1 Almost 50 per cent of the frauds were exposed through informal methods, by accident or through whistleblowers. The detection of fraud ‘by chance’ is no substitute to a robust risk – based set of controls that are regularly reviewed by the organization. Where the fraudster works Solo or in collaboration 32 percent of the perpetrators investigated in 2011 worked for the finance function of the company, followed by 25 percent in operations/sales in 2011. In 2011, 61 percent of the perpetrators investigated, colluded with other parties (32 percent in 2007). The most common external parties to collusion were as follows: Where the fraudster works (excluding those unassigned to a function) 2011 2007 Finance Operations/Sales Procurement Back Office Suppliers – 48 percent • Customers – 22 percent. Looking at the demographics of the 2011 Study we noted that males (64 percent) were far more likely to collude with other parties than women (33 percent). Motivation for fraud Research & Development Legal 0% • 10% 20% 30% 40% Time at the organization before detection The survey once again highlights the fact that persons in the employ of the company for an extended period are most likely to commit fraud. In 2007, 51 percent of the perpetrators had worked for the company for more than five years before the frauds were detected, of which 22 percent had worked for the company for 10 years or more. In 2011, we found that 60 percent of the perpetrators investigated, had worked for the company for more than five years before detection of the fraud, with 33 percent having worked for the company for 10 years or more before detection. On average we found that it took 3 years from fraud inception to fraud detection. In the cases investigated, we noted that the biggest driver of fraud was personal financial gain, followed by fraudulent financial reporting. Increased pressure on meeting financial targets, safeguarding against loss of employment and enhancing bonuses were most common reasons for the misreporting of results. Misappropriation of assets (mostly due to embezzlement and procurement fraud) accounted for 43 percent of the frauds analyzed in 2011, which mirrors the findings in 2007. Gaps in defenses The exploitation of internal controls by fraudsters increased significantly from 49 percent in 2007 to 74 percent by 2011. Many frauds continue to be exposed by formal or informal whistleblowing or tip-off mechanisms. In this respect, the 2011 Survey found that: How the fraud was exposed 2011 Unclassified Formal external discovery methods Informal discovery methods Formal internal discovery methods 0% 10% 20% 30% 40% 50% 2 | Who is the typical fraudster – Executive summary © 2011 KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved. Section or Brochure name | 5 How was the fraud exposed? Reporting of fraud incidents Formal internal discovery methods There is a hesitation by companies to publicly disclose details of fraud, unless required by law or regulation, or where the materiality or magnitude of the loss impacts on the financial results for the current period or prior periods already reported. Principal reasons offered for this hesitation include fears of loss of investor confidence, reputational damage and possible regulatory fines. Management review 15.0% Formal internal whistleblowing report 10.0% Internal audit 9.0% Suspicious superior 8.0% Other internal control 3.0% Informal discovery methods Anonymous informal tip-off 14.0% Accidental discovery 13.0% Customer complaint 5.0% Supplier complaint 3.0% The 2011 analysis reveals that 77 percent of the fraud investigations undertaken were not reported to the public. This reluctance to disclose can further be illustrated in that internal communication of the matter dropped to 46 percent, compared to 50 percent polled in 2007. Those cases in which detailed internal announcements regarding the fraud were made fell significantly from 35 percent in 2007 to 13 percent in 2011. These findings suggest that companies are not taking the opportunity to leverage learning points or to instill a corporate culture of zero tolerance towards fraud. Formal external discovery methods Regulatory bodies 6.0% Other external control 4.0% External audit 3.0% Effective communication of a fraud incident provides the opportunity for management to send the organization and its business partners a clear message that fraud will not be tolerated. Unclassified Other 7.0% It is concerning to note that nearly half of the frauds were detected through tip-offs (formal and informal) or by accident. This would suggest that internal controls are either lacking, or are not functioning appropriately. Most of the frauds investigated, involved the exploitation of weak internal controls. © 2011 KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved. Who is the typical fraudster – Executive summary | 3 Companies are clearly failing to read the warning signs: in 50 percent of cases prior red flags associated with a fraud existed but had not been acted upon – up from 21 percent. Warning signs • Some practices within a function do not appear straightforward, and may even be illegal or unethical. Companies are clearly failing to read the warning signs: in 50 percent of cases prior red flags associated with a fraud existed but had not been acted upon – up from 21 percent in 2007. Ignored red flags are a message to perpetrators that they can continue operating with impunity. Acts of fraud are rarely one-offs: 96 percent of fraudsters in the 2011 survey carried out fraud on a repeated basis – up from 91 percent in 2007. • Where matters of financial judgment/accounting treatment are involved, the business consistently pushes the limits/boundaries. • Senior managers receive large bonuses linked to meeting targets. A division or department of the business is perceived as complex or unusually profitable, thereby diverts the attention of management and the audit functions. • Elsewhere in the industry, companies are struggling and sales and/or profits are declining. Your business appears to buck the trend. • Increases in profitability fail to lead to increased cash flows. • Complex/unusual payment methods, agreements between the business and certain suppliers/customers, may be set up in a deliberately opaque manner to hide their true nature. • A remote operation not effectively monitored by the head office. Red flags not to be missed Here are just some of the red flags to look out for: • • • • There are difficult relationships and a possible lack of trust between the business and the internal/external auditor. There are multiple banking arrangements rather than one clear provider–a possible attempt to reduce transparency over the business’ finances. Excessive secrecy about a function, its operations, and its financial results. When questions are asked, answers and supporting information are often stalled or withheld. High staff turnover within a function. Employees may be more likely to commit fraud in a business with low morale and inconsistent oversight. 4 | Who is the typical fraudster – Executive summary © 2011 KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved. In 2011, we found that 60 percent of the perpetrators investigated, had worked for the company for more than five years before detection of the fraud. As we have seen, there are certain characteristics that typify a fraudster. Employee awareness of other behaviors can help businesses identify frauds earlier. Be alert to the following employee behavioral red flags: • Refuses or does not seek promotion and gives no reasonable explanation. • Has opportunities to manipulate personal pay and reward. • Rarely takes holidays. • Is suspected to have over-extended personal finances. • Does not or will not produce records/information voluntarily or on request. • Persistent rumors/indications of personal bad habits/ addictions/vices. • Unreliable and prone to mistakes and poor performance. Cuts corners and/or bends rules. • Tends to shift blame and responsibility for errors. Seems unhappy at work and is poorly motivated. • Surrounded by “favorites” or people who do not challenge them. © 2011 KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved. • Accepts hospitality that is excessive or contrary to corporate rules. • The level of performance or skill demonstrated by new employees does not reflect past experience detailed on CVs. • Seems stressed and under pressure. • Bullies or intimidates colleagues. Volatile and melodramatic, arrogant, confrontational, threatening, or aggressive when challenged. • Vendors/suppliers will only deal with this individual. Selfinterested and concerned with own agenda. • Lifestyle seems excessive for income. • Micro-manages some employees; keeps others at arm’s length. Who is the typical fraudster – Executive summary | 5 Contact us Jimmy Helm Forensic Lead Partner Advisory, CEE T: +420 (222) 123 430 E: [email protected] Maria Peneva Partner Advisory Services, KPMG in Bulgaria T: + 359 (2) 969 74 24 E: [email protected] Michael Peer Lead Partner Dispute Advisory, CEE T: +420 (222) 123 359 E: [email protected] Richard Perrin Partner Advisory Services, KPMG in Romania T: +40 (372) 377 792 E: [email protected] Quentin Crossley Partner Advisory Services, KPMG in Slovakia T: +421 (2) 59 98 44 30 E: [email protected] Krzysztof Radziwon Partner Advisory Services, KPMG in Poland T: +48 (2) 25 28 11 37 E: [email protected] Tamas Gaidosch Partner Advisory Services, KPMG in Hungary T: +36 (1) 88 77 139 E: [email protected] Alex Verbeek Partner Advisory Services, KPMG in Czech Republic T: +420 (222) 123 431 E: [email protected] Ismet Kamal Senior Partner KPMG in Croatia T: + 385 (1) 539 00 33 E: [email protected] Stephen Young Senior Partner KPMG in the Baltics T: +371 (6) 703 80 62 E: [email protected] Nevenka Krzan Senior Partner KPMG in Slovenia T: +386 (1) 236 43 00 E: [email protected] kpmg.com/cee Boris Milosevic Partner Advisory Services, KPMG in Serbia T: +381 (11) 205 05 20 E: [email protected] The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. © 2011 KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved.