Reducing fraud, bribery and corruption in your private business: 6 things you can do now 1
With an increased focus on global commitments to mitigate fraud, bribery and corruption, there remains an ongoing challenge for private companies to identify, manage and prevent inappropriate conduct. Here are six things that you can do now to help you understand, reduce and prevent fraud, bribery and corruption from impacting your private business. All statistics based on EY s 14 th Global Fraud Survey 2016, Corporate misconduct individual consequences.
1 It s not just a large, public company issue As a private business owner, it s important to recognize that the risks of fraud, bribery and corruption are real and your business may be impacted at some point. It s mistaken to believe that these behaviours remain other people s problems or that fraud only happens with public organizations fraud is about human behaviour. According to EY s 14th Global Fraud Survey 1 : 39% 21% 32% of respondents consider bribery and corruption practices to happen widely in their country. of respondents reported that such behaviours are widespread in developed markets. of respondents reported they have personal concerns when asked about bribery and corruption in their workplace. With a focus on combating fraud, bribery and corruption, and with regulators scrutinizing executive behaviour, you can always look for ways to do more to reduce your risk. You can take steps to minimize the risk of corruption in your operations, so that it s quickly identified and mitigated in the event it occurs. It starts with you as the owner, senior members of your business team leading by example and demonstrating your commitment to fraud prevention and detection. 1 Based on data from EY s 14 th Global Fraud Survey 2016, Corporate misconduct individual consequences. 1
2 Make it your priority to understand cyber risk Given the potential impacts of a cyber breach, you should understand your cyber risks. A successful cyber attack can represent an existential threat to your business. Destructive attacks can significantly disrupt your company s operations if data is lost or equipment disabled. Stolen information can be a potentially devastating by-product of a cyber breach, leading to loss of confidence and diverting management attention. 72% of Canadian survey respondents recognize cybercrime as a risk.2 To position your business well for any potential cyber breaches, you should consider tailoring your cyber security environment to your unique risk profile. It s also important to understand your most likely attackers motivations, tactics, techniques and procedures. To be proactive in identifying potential risks, you can undertake a cyber risk assessment for yourself and any third-party business partners that you work with. Developing a cyber breach response plan that brings all parts of the business together in a centralized response structure can help your staff and leadership teams quickly react in a way that can lessen the impact of the breach. 2 2 Canadian statistics based on data from EY s 14th Global Fraud Survey 2016, Corporate misconduct individual consequences.
3 Enable whistleblowing Early identification of issues is critical to your ability to manage risk. The people best placed to know about the issues facing your business are your employees. It s important to establish clear whistleblowing channels and policies that not only raise awareness of reporting mechanisms, but encourage your employees to report misconduct. 94% of employees say that loyalty would NOT prevent them from reporting.3 You ll want to confirm that your investigation capabilities for qualifying reported incidents are adequately resourced to respond. Having detailed policies and procedures in place for whistleblowing and encouraging the use of reporting mechanisms can help encourage people to report incidents. As you prepare or review your whistleblowing policies, be sure to evaluate the accessibility of your whistleblowing channels on an ongoing basis and ensure confidentiality for whistleblowers. 3 Canadian statistics based on data from EY s 14th Global Fraud Survey 2016, Corporate misconduct individual consequences. 3
4 Data analytics For many private companies, the role of data analytics remains uncharted territory. In an environment where employees may be reluctant to raise concerns, the data your company holds can be the key to identifying instances of potential impropriety. Data analytics can allow your organization to extract, analyze, interpret and transform your business data to help detect potential instances of fraud and implement effective fraud-monitoring programs. Analysts can run tests specifically designed for the needs of your business based on the known issues, key risk areas and available data. Investing in the right technology and software may help you save money in the long-run, by proactively helping you prepare to respond in the event that potential impropriety is identified. 4
5 Know who you re working with If you work with third parties, you should be aware that entering into such partnerships can bring additional risks. There s appetite from regulators to hold you responsible for the conduct of any third party acting on your behalf. This means that regardless of whether the inappropriate conduct is by your company itself or a third party acting on your behalf, there s potential liability repercussions that you may be subject to. 16% of Canadian survey respondents aren t including the identification of third parties in their forensic or anticorruption due diligence.4 It s essential to undertake robust anticorruption due diligence on third parties before entering into a business relationship with them. You ll want to confirm the ownership, conduct and track record of third-party relationships, including agents, distributors and potential acquisition targets. As you consider potential business relationships, it s essential that you assess corruption risk by performing proper anticorruption due diligence on potential partners and intermediaries and treat due diligence as an ongoing process. 4 Canadian statistics based on data from EY s 14th Global Fraud Survey 2016, Corporate misconduct individual consequences. 5
You have to win trust to 6 breach trust Trusted employees often have the greatest opportunity to commit fraud. When there s a high level of trust, there s often less direct supervision. When combined with their intimate knowledge of the internal control environment and a lack of segregation of duties, trusted employees can be in the perfect position to commit fraudulent activity undetected. Fraud is often committed by long-term employees who have an established comfort level with you and your senior management team. These individuals tend to be in a position of trust and have access to assets, which can add to the allure of fraudulent activity. Incidents of employee fraud can cost your business significant cash losses. To manage your risk of employee fraud you should undertake a comprehensive risk assessment that can help identify potential risk areas, the likelihood of fraud occurrences and assess the internal controls relied on to mitigate the identified risks. Reviewing your internal control environment can also help safeguard your assets and establish proper segregation of duties which can act as a deterrent to fraudulent behaviour. 6
We can help Fraud, bribery and corruption can all cause significant financial and reputational damage to private companies of all sizes. It can happen in any industry and no business is too small to be targeted. As a private business owner, you should take a proactive approach towards prevention and understand where your business may be most susceptible to risks. Our Private Mid-Market team is focused solely on private companies. We welcome the opportunity to discuss how you can protect your business against fraud, bribery and corruption. To learn more, visit us at ey.com/ca/private. 7
8
9
EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization and may refer to one or more of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. 2016 Ernst & Young LLP. All Rights Reserved. A member firm of Ernst & Young Global Limited. 1929632 ED None This publication contains information in summary form, current as of the date of publication, and is intended for general guidance only. It should not be regarded as comprehensive or a substitute for professional advice. Before taking any particular course of action, contact Ernst & Young or another professional advisor to discuss these matters in the context of your particular circumstances. We accept no responsibility for any loss or damage occasioned by your reliance on information contained in this publication. ey.com/ca