Fraudulent acts and corruption have become increasingly prevalent and have eaten deeply into the fabric of our society. The demand for forensic services vary based on the markets in which such entities operate. As corporate firms grow and become more complex, the growth and complexity of fraud risk also increases. As you may recall, a decade ago corporate firms attempted to control only a narrow spectrum of risks through internal audit. Then with the emergence of codes of corporate governance, more firms required advisory services including IT advisory which particularly addresses the risks related to IT and CT, as well as quality control audits, value for money audits, Sarbanes Oxley Compliance Testing, etc., to name a few. Given the growing demand for forensic services, BDO Sri Lanka and Maldives Partner – Risk, Forensic and IT Advisory Services Ashane Jayasekara speaks about the latest developments:
Nowadays technology’s involvement in the execution of fraud is immense. So how do you and your team deal with these challenges when doing forensic audits?
Let me explain how our forensic team works. We have a Sri Lankan team which is closely networked with our foreign member firms especially in India, Singapore and Malaysia. Our member-firms mutually share global resources whenever it is required. This is the most efficient way of deploying global resources by networking. A couple of decades before people used to index and store books on shelves. However, nowadays, knowledge is accessible at the desired place and time in a matter of a few clicks. Since knowledge, competencies and resources are accessible to our globally networked teams, we are at the forefront in getting continuous updates on the latest technologies and trends which we use in our forensic audit assignments.
People always think forensic means investigation. It that correct?
Yes, investigation is in fact a major part of the forensic services we provide. I would say it is a post-mortem, detective exercise where once the fraud has occurred, we try to find out how it happened, how long it was happening and who the perpetrators are and gather evidence. In this exercise we try to get to know the entire picture of the fraud and suggest remedial action including implementation of internal controls to avoid such fraud in the future. In addition to that we also assist our clients in terms of preventing fraud occurrence, to ensure fraud losses are minimised.
These services include:
• Employment/educational background verification
• Whistle-blowing hotline service
• Fraud risk assessment
• Forensic data analytics
• Electronic discovery
• Fraud awareness programs
In our experience, the value of fraud losses are quite high and the chances of recovering assets are very minimal. That is why we recommend companies to carry out preventive checks and have a strong internal control environment. It is like a person undergoing a heart bypass operation which is very costly, whereas, if he had gone for regular health check-ups, he could have avoided the need for a bypass operation altogether and could have lived a healthy life avoiding unexpected risks and costs. It is the same with any organisation. That’s why I would like to recommend any company to have regular health check-ups done.
Is it only organisations which have perceived suspicion of fraud that should perform such check-ups?
Of course not. It’s always better to be safe than sorry. The BDO Risk Advisory services are not limited to entities which have suspected fraud or that are vulnerable to fraud. Most organisations that are keen on achieving their business objectives without any hiccups require our advisory services. Performing a fraud risk assessment would identify the symptoms of fraud and mitigate the risks immediately. This will help the entity to avoid any major setbacks when doing business.
Where do you see most frauds taking place? Would you say it’s in the bigger companies or the small companies?
I would say fraud may possibly occur in any organisation despite its size. It’s all about how much importance is given by the organisation and their tolerance level.
Do you think a smaller company can afford to do these health checks and is it worth doing it?
Yes. As explained before, the health check-up is not as expensive as the heart bypass. If you look back over the past couple of decades, only the bigger corporates were performing internal audits. However, nowadays even most of the small and medium size businesses also carry out their internal audits, and some of them have their in-house internal audit functions. What does this mean? Is there any regularity requirement? No! This is because of the increasing awareness and desire for good corporate governance, and since small and medium enterprises want to grow, obviously there is a correlation between the growth of the company and the complexity of transactions, which makes preventive measures a necessity than a luxury. According to a recent survey done by the ACFE in the Asian Pacific region, the median fraud loss for companies having more than 100 employees is $ 104,000 whereas for a company having less than 100 employees was $ 200,000. So, the small and medium size company fraud loss is higher than for the big corporates.
What is reason for fraud incidents to be higher in smaller companies?
This is simply because of two reasons. Firstly, the smaller companies operate significantly on trust. If you look at some of these smaller companies, they tend to recruit people who are known to them or related to them or in other words, people whom they trust. Therefore the management relies largely on their employees’ integrity rather than on the effectiveness of the internal control processes and procedures. Secondly, one element in the fraud triangle is opportunity. In larger organisations, the opportunities are minimised through internal controls, policies and procedures, etc. whereas the small companies unknowingly give more opportunities for their employees to perpetrate fraud.
Why are frauds not exposed?
According to the recent global study on occupational fraud published in the report to Nations magazine by ACFE, most of the fraud cases are detected through the tips or whistle-blowers only. However, this is not happening in the Sri Lankan context for certain reasons such as:
1. Lack of awareness
2. Non-existence of an appropriate channel for reporting
3. Level of confidentiality is in doubt which may lead to retaliation
4. Whistleblower protection is nil
5. Unwillingness to become a witness
6. Very lengthy litigation processes
7. Mental stress
8. No transparency in the actions for the past reported cases
9. Lack of confidence in the management
Therefore, 50% of the cases will not be exposed effectively through tipping-off or blowing the whistle as explained. The balance 50% comes from more than 10 channels excluding internal and statutory audits. In Sri Lanka, w-hatever the cases which are reported are generally through internal audit or statutory audit.
Can you name some big investigations you have recently performed?
We cannot disclose the names of our clients. However, we have been working on forensic assignments with large insurance companies, leading telecom companies and banks.
Tell us about your new Director?
Jegan is an experienced forensic professional and Certified Fraud Examiner who has worked on several forensic engagements in various industries and was a part of a big four audit firm. He was also part of one of the biggest fraud investigation teams in India. Prior to joining BDO, he has served in various roles including Internal Audit Manager, Financial Controller, Head of Fraud investigation Unit, Director of Finance, etc. in diverse industries.