Who’s Really Stealing Company Assets?

By Sherry Harowitz

My dad was an honest man who also happened to be a business executive. While I think that my father was an exceptional person (as we all do, I’m sure), with regard to his honesty, I like to think that he represented the norm—that the Jeffrey Skillings and Bernie Madoffs of the world are the exception and that most CEOs and other senior executives, like most people, are basically honest. But KPMG’s latest white collar crime study shows that even if most executives are honest, the dishonest among them account for the largest chunk of the problem. Put another way, while the typical executive may not be a swindler, the typical swindler is in management, especially senior management. Staff cause the problem only 18 percent of the time.

The reason for this is obvious. Executives have the access to financial assets, and ironically, they are the ones whom everyone else, including security, tends to trust most and watch least. Weak internal controls were exploited in 74 percent of the cases (spanning 69 countries) that KPMG examined. In 50 percent of those cases, red flags (such as missing documents or complaints from suppliers) were ignored.

It’s also important to note that formal audits caught few cases. When it wasn’t just serendipity or dumb luck, it was informal and formal whistleblowers who led security to the problem. Fortunately, governments have been strengthening whistleblower protections around the world. KPMG notes that Switzerland is considering such legislation, which already exists in various forms in the United Kingdom and the United States.

Whistleblower protections remain a contentious issue in the United States, where business groups have fought hard against them. Since the spectacular Enron fraud exploded in 2001 and with the latest revelations about financial frauds that played a part in the current economic crisis, the political pressure has largely been in the other direction. But opponents of whistleblowing are always mounting a counteroffensive.

For example, as noted in this month’s “Legal Report,” even as the Securities and Exchange Commission (SEC) issues a final rule on the whistleblower program created under the Dodd-Frank Act, Rep. Michael Grimm (R-NY) has introduced legislation that would force employees to first report violations to their employers to qualify for monetary awards, and the bill would require the SEC to notify a company of whistleblower reports, giving it 30 days to conduct its own investigation.

This notification may sound reasonable, but consider that KPMG found the CEO to be the culprit 26 percent of the time. And KPMG warns: “Do not alert the suspect.” In that light, a mandate to let a company investigate the charges first makes no more sense than requiring law enforcement to give criminal suspects a 30-day warning before they show up with a warrant to search the premises. Whistleblower rules must be strong to be effective. And knowing whistleblowers can’t be subverted may incentivize companies to strengthen internal controls to avoid problems.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.