How to Combat Corporate Fraud and Corruption: A Hands-On Approach
Published 02/17/2023
Written by Alex Vakulov.
Businesses are facing significant challenges from fraud and corruption. These issues result in financial losses and harm the company's reputation. Furthermore, it creates a hostile environment within the organization. Let's see how to prevent fraud and corruption in your company.
According to PwC, two-thirds of tech businesses experienced some form of fraud. 46% of organizations reported experiencing fraud or financial crime over the last two years. The primary forms of fraud in the business world are colluding with counterparties, misusing company assets for personal gain, and engaging in corrupt practices.
Despite the fact that the problem is dire and pressing and the financial losses from such incidents are substantial, relatively few business executives take appropriate steps to address it. According to Deloitte analysts, about 80% of organizations, even after experiencing fraud, plan to maintain or decrease their investments to prevent internal incidents. However, neglecting this area can lead to an uptick in other types of incidents and worsen the security situation.
What is corporate fraud and how to counteract it
Corporate fraud is the misappropriation of any company's assets, including property, cash, documents, sensitive data, etc., and the manipulation of these assets for personal gain, selling to rivals, extortion, or any other damage.
One of the most common corporate fraud schemes involves colluding with competitors and passing them important information about sales, service costs, and contracts. This information is disclosed to an interested party for substantial financial compensation.
Fraud and corruption are always intentional crimes involving deception, falsification, etc. Although there is no specific statute for "corporate fraud" in criminal law, these types of crime are encompassed by multiple criminal code articles in most countries.
Fraudulent actions can lead to various negative consequences, such as a loss of clients, assets, and damage to reputation, strained relationships with partners, a decrease in employee retention, a decline in sales and product/service quality, and a reduction in profits.
To effectively combat fraud, a business must put in place a number of different controls and measures in regard to its staff. It is necessary not only to put in place a system for the prevention of corporate fraud and corruption but also to create an internal audit service.
Corporate corruption
Corruption in a company is an abuse of an official position with consequences unfavorable to the organization. This may include commercial bribery, kickbacks, or the unauthorized sharing of confidential information.
An illustration of this type of rogue behavior is when a person in charge of evaluating technical aspects of a tender document is bribed. Consider a scenario where a specific information system fails to meet the client's needs. After accepting a bribe, the corrupt individual falsifies his tech assessment, enabling the organization to win the bid and implement the flawed system. This leads to the system being unable to fulfill the organization's requirements and can result in severe consequences.
One potential cause of corruption within a company could be a lack of motivation or interest among management in ensuring the success and profitability of the organization. Additionally, it can be challenging to identify and hold individuals accountable for corrupt actions if there are technical or legislative challenges in identifying and punishing those responsible.
In some countries, corruption may be more prevalent historically, and individuals may not be held accountable for their actions. Various organizational and technical measures can be implemented to combat corruption within a company.
Organizational measures against fraud and corruption
To prevent illegal activities within an organization, the following organizational measures can be implemented:
- Creating and implementing a set of organizational and administrative documents that clearly outline prohibited actions and requiring all employees to familiarize themselves with and sign these documents.
- Including special clauses in employment contracts that hold employees accountable for committing illegal acts.
- Regularly informing all employees about any incidents of illegal activities and holding those responsible accountable through disciplinary or legal action.
- Implementing the "Four Eyes" principle where two senior company representatives must approve legally or financially significant decisions.
- Implementing a system of complementary verification of officials endowed with a wide range of powers.
- Introducing a system of periodic assessment of employee loyalty, for example, using the employee Net Promoter Score (eNPS).
- Incorporating various incentives such as corporate events, bonuses, and competitions to increase employee engagement and motivation.
- Implementing ongoing control and audit procedures and establishing a dedicated unit to oversee these activities, with a focus on verifying the legitimacy of financial statements.
Technical measures against fraud and corruption
Technical measures to prevent and combat fraud and corruption can include software and software-hardware combinations. Their functionality should cover the following key tasks:
- Protecting sensitive information from changes.
- Preventing data breaches and other unauthorized disclosure of information.
- Implementing strict controls on access to the company's information systems.
- Implementing a project management system.
- Systematic polygraph testing of personnel.
- Installing audio and video surveillance systems.
- Implementing a physical access control system (PACS).
- Ensuring the possibility of searching and identifying errors, contradictions, and inconsistencies in the reporting documentation and data arrays that indirectly indicate fraud.
To effectively combat corporate fraud and corruption in an organization, it is advised to implement and configure DLP and SIEM systems.
DLP, which stands for Data Loss Prevention, is a technology that helps to prevent data breaches. It includes features such as:
- Monitoring email correspondence and Internet access to prevent the transmission of sensitive information through these channels.
- Tracking changes and any operations with files on workstations and servers.
- Recording keyboard input to verify the information that is entered.
- Observing user behavior to identify abnormal actions and take appropriate measures.
- Records all suspicious user actions in a separate log file. This log can be used to evaluate the current situation and investigate fraud and corruption within an organization.
It is advisable to set up a Security Information and Event Management system (SIEM) that gathers and examines data on security incidents, monitors alerts from information security tools and network devices, examines the collected data and looks for correlated events, keeps an eye on the infrastructure on a regular basis, and alerts responsible parties if there is any deviation from the usual activity.
Combined, these anti-fraud and anti-corruption technologies can ensure a high degree of protection for confidential information. Furthermore, the records (logs) these systems keep can serve as evidence in legal proceedings.
Lastly, implementing all the measures outlined above should fall under the purview of the company's financial and information security departments or staff with the appropriate authority. Their compensation should be closely tied to their ability to promptly detect and curb instances of corporate fraud, as well as the effectiveness of the preventive measures put in place.
Conclusion
Companies that do not make a concerted effort to counteract fraud and corruption should remember that such occurrences are inevitable. The more neglect is given to this issue, the greater the damage caused. In some instances, when corrupt employees deliberately sabotage the organization and transfer confidential assets to rivals, it can even lead to bankruptcy. In any case, the financial losses from fraud and corruption can be staggering and run into millions of dollars. Moreover, the organization may also be embroiled in scandals or illegal activities for which it will face administrative or criminal penalties. It is crucial to put in all effort to prevent fraud and even the potential for corruption schemes to be considered by employees. This includes implementing internal controls and educating employees on Internet safety rules and best practices to protect confidential information online. The more companies take action, the healthier the business environment will be, and incidents of fraud and corruption will decrease.
About the Author
Alex Vakulov is a cybersecurity researcher with over 20 years of experience in virus analysis. Alex has strong malware removal skills. He is writing for numerous security-related publications sharing his security experience.Related Articles:
A Vulnerability Management Crisis: The Issues with CVE
Published: 11/21/2024
Democracy at Risk: How AI is Used to Manipulate Election Campaigns
Published: 10/28/2024
File-Sharing Fraud: Data Reveals 350% Increase in Hard-to-Detect Phishing Trend
Published: 10/21/2024