Imperatives from crime prevention and ethical conduct

by Janette Minnaar

1. Introduction

The fourth Biennial Global Economic Crime Survey, undertaken by PricewaterhouseCoopers, in 40 countries, between April and July 2007, found that 72 per cent of South African companies were subject to white-collar crime, as opposed to only 43 per cent of companies globally.

The companies surveyed reported that spending more money on controls paid off – five or more controls in a company led to the detection of an average of 10 fraud cases, worth about R21 million. Controls alone, however, are insufficient. Companies have to establish a culture that supports the controls.

Previous research by the Association of Certified Fraud Examiners showed that companies lost 6 per cent of their annual turnover because of crime (2002 Report to the Nation on Occupational Fraud and Abuse).

More recently, KPMG’s 2007 “Profile of a Fraudster” survey found that 89 per cent of fraudsters were employees of the victims, that members of senior management represented 60 per cent of such criminals and that an additional 26 per cent of such crimes involved management. The same survey showed that 91 per cent of fraud committed by employees constituted repeat offences. Every third fraudster acted more than 50 times. Greed and opportunity together accounted for 73 per cent of frauds. In more than half of the cases, prior suspicion did not exist, but, in 21 per cent of crimes, the company neglected to act even when there was a suspicion of wrongdoing.

Deloitte’s Tip-offs Anonymous reported that white-collar crime had increased by 200 per cent over the 12 months to July 2008. There was also an increase in senior executives abusing their powers and circumventing controls.

2. King II

The well-known King II report on corporate governance recommends that companies implement sound crime-prevention policies, including ethics-training programmes.

In 2002, King II also adopted principles for developing an effective organisational ethics-management programme, as specified in the US Federal Sentencing Guidelines for Organisations (US Guidelines), in 1991. Some of these principles require organisations to implement:

• Compliance standards and procedures reasonably capable of reducing the prospect of criminal activity.
• Systems and procedures to introduce, monitor and enforce a code of ethics.
• Effective communication with and training of all levels of employees regarding ethics standards and procedures.
• Reasonable steps to achieve compliance, including systems for monitoring, auditing and reporting suspected wrongdoing or unethical behaviour without fear of reprisal.
• Consistent enforcement of compliance standards, including disciplinary mechanisms.
• Reasonable steps to respond to offences and prevent recurrence of transgressions.

The US Guidelines were updated in 2004 and, again, adopted by King II. The Guidelines now require US organisations periodically to measure the effectiveness of their ethics and compliance programmes and to “assess the risk of criminal conduct and … take appropriate steps to design, implement, or modify each requirement … to reduce the risk of criminal conduct identified through this process”.

3. King III

Similarly, to the King II Report, the new King III Report (to be published in 2009) enhances compliance with ethical standards. King III will require organisations to align their strategies and operations with basic ethical standards of what is good, right and fair. Ethics performance is seen as part of an organisation’s social performance, which is an indicator of sustainable development or the triple bottom line (economic, social and environmental) indicators. King III will stipulate that, for a company to be sustainable, it should run a sound business operation, live by ethical standards and build a culture of integrity.

King III will recommend that ethical risks be formally assessed (rated) in order to manage ethics performance (the principle of measure to manage). Once organisational values or standards have been formulated, they should be embodied in a code of ethics. An ethics programme should be adopted to institutionalise the chosen values. The standards set should become an integral part of the company’s identity (“who we are”) and culture (“how we do things”).

4. Legislative imperatives for crime prevention

In seeking to secure sound management of the revenue, expenditure, assets and liabilities of all governmental and affiliated organisations, the Public Finance Management Act (PFMA) of 1999 expects the development, implementation and maintenance of a strategy to prevent and detect economic crime. Section 51 of the PFMA stipulates that ‘irregular expenditure’, ‘fruitless and wasteful expenditure’ and ‘losses resulting from criminal conduct’ are to be regarded as financial misconduct. The PFMA requires all audit components to have a fraud-prevention plan.

The ambit of the Prevention and Combating of Corrupt Activities Act of 2004 is much wider than that of the previous Corruption Act of 1992. The 2004 Act criminalises corrupt practices committed by South Africans in foreign countries and makes it easier to prosecute, as well as attach assets of, white-collar criminals. A legal requirement has been placed on private and public organisations to report serious cases of corruption, failure of which may itself be regarded as a crime.

The proposed new Companies Bill (to be promulgated in 2010) suggests that audit committees, as part of their duties, ask the following questions:

1. Have all key risks been identified?
2. Are the related internal controls effective?
3. What does the assurance plan not cover?
4. Is internal audit effective?
5. Are there adequate accounting skills?
6. Can we rely on the information-technology systems?
7. Is the company a going concern?
8. What is the risk of significant fraud?

5. Conclusion

There are compelling reasons to prevent fraud and corruption and to improve integrity. Apart from these imperatives, it is safe to say that crime awareness and ethics training protect the reputation of an institution; assure sustainability; prevent crime and its negative consequences; and help to build public trust and service delivery. It forms part of sound governance to be compliant with the law and to ensure sustainability.

Janette Minnaar
August 2008
Tel: 012 342-2799