India Fraud Survey Edition II - Deloitte

 
CONTINUE READING
India Fraud Survey Edition II - Deloitte
India Fraud Survey
Edition II           Forensic
India Fraud Survey Edition II - Deloitte
India Fraud Survey Edition II - Deloitte
#letstalkfraud| India Fraud Survey, Edition II

                                            3
India Fraud Survey Edition II - Deloitte
#letstalkfraud| India Fraud Survey, Edition II

Foreword
Disruptive events, enabled by disruptive         consistently, will be more likely to emerge
technologies and business models are             winners in this race for economic
increasingly characterizing both the Global      dominance. A lot of this success would
and the Indian economy. The rapid pace of        also depend on how businesses structure
adoption of e-commerce, online banking,          themselves internally – such as having a
and social media means consumers today           strong focus on instituting robust internal
have access to information about products        processes and controls, reliance on
and services before they are formally            automation for monitoring transactions
introduced in the market, and are able to        and identifying suspicious activity,
pass judgement on their effectiveness.           gathering business intelligence through
Events such as the recent demonetization         analytics, and developing transparent
announcement by the government are               governance models. Incidentally, these are
further changing the dynamics of the             among the areas that India organizations
economic environment. Regulatory                 have traditionally been slow to develop.
frameworks, particularly those that govern
business conduct, are evolving to keep           The limited preparedness to foresee
pace with these developments.                    the impact of changing trends and build
                                                 a robust backend supporting system
In this dynamic environment, traditional         can slow down progress and make
businesses can no longer afford to sit           organizations vulnerable to several risks
back, unscathed by the changing world            including those of fraud. This edition
around them. Organizations have little           reveals the inertia among large and
choice but to adapt and remain relevant          small organizations in their fraud and
to customers. While some may see this            noncompliance management efforts. It also
as an unsurmountable challenge, fraught          provides suggestions that organizations will
with uncertainty, I feel we are fortunate to     find useful in their quest to know and fight
witness the evolution of a new economic          emerging fraud and noncompliance issues.
order.
                                                 I hope you find this report a compelling
India and Indian businesses, no doubt,           read, as I did.
will continue to grow in size despite the
challenges they face. Businesses that
succeed in becoming agile, leveraging            Regards
technology effectively, and innovating           N Venkatram

4
India Fraud Survey Edition II - Deloitte
#letstalkfraud| India Fraud Survey, Edition II

Introduction
“Fraud is rising in India,” “stopping fraud      mitigate old menaces such as bribery and
is the responsibility of the CEO,” “fraud        corruption, indicating a lack of commitment
cannot be eliminated,” and “junior people        and resources to dedicate towards fraud
commit frauds.” These are some of the            risk management. Given the inherent
sentiments on fraud we hear as part of our       limitations of these organizations, there is
jobs. One topic, multiple perspectives.          need for government intervention to help
                                                 small and medium enterprises tackle fraud.
Today everyone has an opinion on fraud.          In this regard, increased digitization in all
Be it a working professional, far from the       spheres of business combined with strong
rigors of the finance discipline or a small      enforcement of anti-fraud laws may benefit
company struggling to recover losses,            small organizations.
or a multinational concerned about
reputation. It is this diversity of opinions     Successful fraud risk management efforts
and experiences that makes the fraud             tend to go beyond strong internal controls
landscape in India complex. Consequently,        or the presence of policies. Employees
fraud risk management efforts tend to            can play an influential role in the success
become unique and challenging across             of fraud risk management efforts, as
organizations.                                   indicated by a majority of respondents to
                                                 our working professionals’ fraud survey.
This is what our survey results also indicate.   Perhaps it is time organizations – large and
Multinational organizations appear               small – nurtured a community of 'employee
to be primarily focused in preventing            influencers' who can reinforce ethical
known frauds such as bribery and                 behaviors and mitigate the risk of fraud.
corruption, diversion/ theft of funds and
vendor favoritism, even as the business          The 2016 edition of the India Fraud
landscape exposes them to new fraud and          survey also puts the spotlight on five new
noncompliance risks such as cybercrime,          business trends that will likely impact the
social media and anti-competitive behavior.      fraud landscape in the future –Blockchain,
So while we observe increased adoption           Internet of Things, Robotics, Cashless
of automation and continuous monitoring          transactions and Online market places.
as part of fraud risk management                 As a first, we also have perspectives from
efforts, these initiatives will always find it   the Deloitte member firms in Japan and
challenging to detect new and emerging           Australia on the fraud concerns in their
frauds.                                          countries and possible challenges faced by
                                                 some of their clients while working in India.
Small and medium enterprises on the
other hand, appear to be struggling to           We hope you find this survey report useful.

Uday Bhansali                                    Rohit Mahajan
President - Financial Advisory                   APAC Leader, Partner and Head – Forensic
Deloitte India                                   Financial Advisory, Deloitte India

                                                                                                                                             5
India Fraud Survey Edition II - Deloitte
#letstalkfraud| India Fraud Survey, Edition II

6
India Fraud Survey Edition II - Deloitte
#letstalkfraud| India Fraud Survey, Edition II

Contents
••Key findings                                         8

••Focused on safeguarding themselves                 12
  from well-known frauds, large
  companies grapple to understand
  emerging frauds

••Focused on growth, the commitment                  36
  to fight fraud is found wanting among
  small and medium companies

••Employees want to play an active role              52
  in fighting fraud - Perspectives from
  working professionals

••The future of fraud – Business                     58
  developments that can impact the
  fraud landscape in India

••Foreign perspectives on dealing with               70
  fraud in India

••Acknowledgements                                   73

••About the survey                                   73

                                                                                      7
#letstalkfraud| India Fraud Survey, Edition II

Key findings

8
#letstalkfraud| India Fraud Survey, Edition II

Large companies’ survey
- Perspectives from companies with over ` 200 Crore turn over
and/or over 200 employees

  70% of respondents felt incidents of fraud
  will increase in the next two years

  Top reasons that contribute to fraud include – diminishing ethical values (38%), lack of
  efficient control system (37%), inadequate due diligence (37%) and unrealistic goals linked
  to monetary compensation (37%)

  Vendor favoritism (42%), diversion/ theft of funds (33%) and
  bribery and corruption (30%) were the top fraud incidents
  experienced by organizations

  Procurement (35%) and vendor/ partner
  selection (25%) were considered the functions
  most vulnerable to fraud risks

  Junior and Middle management
  employees were considered the most
  likely to commit fraud

  Top three measures undertaken to prevent fraud include – Internal Audit/
  Risk assessment (89%), Tone at the top and implementation of anti-fraud
  policies (79%), and fraud awareness workshops and trainings (66%)

  Fraud is mostly detected through
  whistleblower hotlines

  Response to fraud is complex and determined on a case to case basis – 43% said investigations were
  commenced based on the severity of fraud; 36% said the fraudster was allowed to resign in lieu of pressing
  legal charges; and 33% said fraud was communicated to employees, the Board and regulatory agencies

  Preparedness to emerging fraud and noncompliance
  risks such as social media and anti-competitive behavior
  appears to be low

                                                                                                                                             9
#letstalkfraud| India Fraud Survey, Edition II

Small and medium enterprises survey
- Perspective from companies with under ` 200 Crore turn over
and/or under 200 employees
                               54% of respondents felt incidents of fraud will
                               increase in the next two years

                               Top three reasons that contribute to fraud
                               include the following – diminishing ethical values
                               (68%), limited/ lack of segregation of duties (68%)
                               and limited employee education on fraud (60%)

                               Top three frauds experienced by organizations
                               include – Diversion/ theft of funds (32%),
                               bribery and corruption (28%) and conflict of
                               interest (26%)

                               The most common forms of corruption
                               experienced include – collusive bribery (69%)
                               and facilitation payments (69%)

                               Procurement (44%) and sales and distribution
                               (29%) were considered the functions most
                               vulnerable to fraud risks

                               32% felt complying with anti-fraud regulation
                               placed additional burden on them

                               Fraud prevention efforts were found wanting –
                               48% felt there wasn’t enough commitment; 42%
                               felt there was inadequate budget and resource
                               allocation to prevent fraud; 25% reviewed their
                               fraud risk management frameworks only upon
                               an incident occurring; and 23% addressed fraud
                               observations within 1-2 months of the incident

                               Top three measures undertaken to prevent
                               fraud include – Independent Audits (71%),
                               implementing a code of conduct (62%), and
                               regular monitoring and assessment of fraud
                               risks (52%)

                               Deploying technology to curb fraud is
                               a challenge with 17% citing budgetary
                               constraints, and 23% claimed lack of clarity
                               around the utility of such tools

                               Response to fraud is complex and determined
                               on the basis of the materiality of fraud (19%)

                               Top actions taken upon detection of fraud
                               include – internal investigation (71%), review/
                               updating of existing controls (53%) and asking
                               the fraudster to resign (53%)

10
#letstalkfraud| India Fraud Survey, Edition II

Working professionals’ survey

               65% of respondents felt                      70% felt their employers
               incidents of fraud will increase             encouraged them to provide
               in the next two years                        enough opportunities to share
                                                            instances of unethical behavior

               Top three reasons that contribute
                                                      Are laws on curbing fraud
               to fraud include – Weak/ ineffective
                                                      effective? – Yes (47%), No (42%)
               controls (65%), technological
               advancements (43%), and general
               decline in ethical values (42%)

               Top three frauds experienced by
               organizations include – bribery        Primary responsibility to fight
               and corruption (43%), financial        fraud lies with the citizens (56%)
               statement fraud (40%), and
               embezzlement of funds (39%)

               Frauds personally experienced          Top three measures the Government
               by working professionals include       can take that will help reduce fraud in
               –bribery and corruption at             India – stronger enforcement (90%),
               government offices (59%), identity     greater adoption of technology (63%)
               theft (37%) and sector specific        and government advisory on key fraud
               frauds (31%)                           schemes (63%)

               In response to fraud, 55% of           Top 3 measures that corporates can take
               respondents claimed they did           to reduce fraud – openly discuss fraud
               nothing as there was no way to         and educate employees (61%), recognize
               recover losses                         and reward ethical behavior (59%), and
                                                      name and shame wrong do-ers (57%)

                                                                                                        11
#letstalkfraud| India Fraud Survey, Edition II

Focused on safeguarding
themselves from well-known
frauds, large companies
grapple to understand
emerging frauds
Conventional frauds continue to
dominate the fraud landscape

In line with our 2014 survey, around
70% of Corporate India continues to
believe that fraud will rise over the
next two years. Fraud was attributed
mainly to diminishing ethical values,
lack of an effective/ efficient control
system, inadequate due diligence
on employees/ third parties and
unrealistic targets/ goals linked to
monetary compensation, indicating
that fraud continues to be driven by
concerns internal to the organization.
Correspondingly, procurement
(35%), vendor/ partner selection and
management (25%), and sales and
marketing (18%) were identified as the
functions most susceptible to fraud.
Among the type of frauds experienced,
survey respondents indicated vendor/
customer/ business partner favoritism,
diversion and bribery and corruption as
the top three frauds. Further, the survey
indicated that organizations could lose
an average of between `10 Lakh and
`1 crore to fraud. A little more than a
quarter of respondents indicated they
were unable to quantify the fraud loss.

12
#letstalkfraud| India Fraud Survey, Edition II

Figure 1: Which of the following types of fraud/misconduct/ malpractice has your
organization experienced in the last two years?

      My company has not experienced any
                            type of fraud                                                                                 20%
                          Other (please specify)                              6%
                                      eCommerce
                                    related frauds                              8%
                                   Counterfeiting                                                  13%
                              Supply Chain fraud                                                                    18%
                 Capital market related frauds
                           like insider trading                          2%
                                    Intellectual
                               property fraud                                     7%
                                     Corporate
                                     espionage                           2%
                                         Data theft
                                                                                                                            21%
                         Financial misreporting                                            10%
                                      Regulatory
                                 non-compliance                                                      14%
                                  Internet and/or
                                      Cyber fraud                                                                 18%
                                      Bribery and
                                       corruption                                                                                                       30%
                   Vendor/customer/business
                           partner favoritism
                                                                                                                                                                     42%
                                     Material
                                    pilferage                                                                                                    21%
                              Diversion/theft
                                     of funds                                                                                                              33%

Note: This is a multiple choice question and responses will not add up to 100%

Interestingly, while respondents did not                   Given the robust anti-bribery and                           possible outcomes of indulging in private
rate bribery and corruption as the most                    corruption compliance policies that large                   bribery schemes. Upon unearthing of such
common fraud experienced by their                          domestic and multinational corporations                     schemes the organization in question may
organizations, favoritism in appointing                    have in place, it is heartening to note that                face reputational damage from the media,
vendors and business partners is often                     organizations may now be tackling public                    denial of capital from financial institutions
in the backdrop of kickbacks and bribes                    bribery better than they may have in the                    and volatility in stock prices. Although
being exchanged between colluding                          past. However, in our experience, private                   currently there is requirement for a law
parties. It appears that organizations may                 bribery schemes are no less dangerous to                    that specifically prohibits private sector
be differentiating between private bribery                 organizations.                                              bribery1, indulging in it may be a potential
and public bribery schemes: the former                                                                                 violation of the Companies Act, 2013 as well
does not involve a government servant,                     Potential conflict of interest, deteriorating               as Clause 49 of the SEBI Listing Agreement
but employees of private organizations                     product/ service quality as a result of                     that seeks to reinforce good corporate
colluding with each other for mutual                       hiring favored business partners, and                       governance and fraud risk management2.
benefits.                                                  diversion/ theft of funds are some of the

1
  The proposed amendments to the Prevention of Corruption (Amendment) Bill, 2013 cover organizations who indulge in bribe- giving, unlike the 1998 Act that
only covered public servants who were recipients of bribery. Further, the draft Indian Penal Code (Amendments) Bill, 2011 is the only proposed legislation that
encompasses graft / corruption by individuals, firm, society etc that undertakes any economic activity.

2
  The companies Act, 2013, looks at bribery and corruption as practices that may amount to fraud schemes such as procurement fraud, diversion of goods/theft etc.
Although, the act of indulging in bribery itself is not a violation of the Act, the resulting fraud and the inability of organizations to prevent it may result in a violation.
Similarly, if the end result of private bribery involves insider trading and unauthorized related party transactions, these actions may violate Clause 49 of the SEBI listing
agreement. Source - http://www.mondaq.com/india/x/434208/Securities/Disclosures+Under+SEBI+Listing+And+Disclosure+Regulations+2015
                                                                                                                                                                            13
#letstalkfraud| India Fraud Survey, Edition II

In the area of public corruption,                       in being enlisted on stock exchanges (in
there appears to be increased awareness of              India and overseas) (44%) and reduction in
how indulging in such practices can impact              profits (41%) were perceived to be the most
the organization. Overseas regulatory                   damaging outcomes of indulging in bribery
noncompliance (52%), potential difficulties             and corruption.

Figure 2: In your opinion, what are the ways in which corruption can impact your company?

                                                                    23%
                                                                     Corruption imposes
                                                                     additional costs on

             37%                                                     doing business
                                                                                                      41%
             None of these
             Corruption does not                                                                      Corruption reduces
             impact my business                                                                       profits

                                                                                                            34%
     28%                                                                                                     Corruption affects
     Corruption dents                                                                                       my reputation and,
     shareholder morale                                                                                     consequently, the ability to
     and results in                                                                                         win business and attract
     greater dissent                                                                                        talented professionals

      44%                                                                                               52%
      Incidents of corruption
      make it difficult for my                                                                           There is rise in regulatory
      company to get listed on                                                                          risks from foreign
      stock exchanges in India
      and overseas
                                                                 33%                                    legislations such as US
                                                                                                        FCPA and UK BA, owing to
                                                                 Incidents of corruption                the trans-national nature
                                                                 make it difficult for my               of our business
                                                                 company to seek funding
                                                                 from banks

Note: This is a multiple choice question and responses will not add up to 100%

Rising regulatory focus by the Indian                   of respondents believing that stringent
government is also building a case for a                enforcement of anti-bribery regulations
corruption free corporate India with 30%                could end this menace.

14
#letstalkfraud| India Fraud Survey, Edition II

Organizations are unable to tackle counterfeiting               extended to reputation in light of fierce competition for
Counterfeiting primarily occurs due to the inability of         market share. In recent times, the proceeds from counterfeit
organizations to educate employees and customers on the         products have also facilitated terrorist financing and
potential damages of dealing with duplicates and counterfeit    anti-national activities. Accordingly, about 39% of survey
products. While, in the past, counterfeiting’s primary impact   respondents have indicated that they were unsure/unable to
was loss of revenue for organizations, today it has also        quantify the effects of counterfeiting.

Figure 3: In your opinion, what is the perceived loss due to intellectual property (IP) theft and counterfeiting to organizations?

 18% Cannot be quantified                                                                      Dont't know/Unsure
                                                                                                                        21%
             as the effects are
             long term

 3%        More than 10%
           of revenues

 3%       5-10% of revenues                                                                                             8%
                                                                                                      Less than 1%
                                                                                                       of revenues

 13%          1-5% of revenues

 Note: 34% did not respond to the question.

According to survey respondents, organizations can take         using third party experts to gather intelligence, and through
several measures to curb counterfeiting such as drawing         employee education.
up clauses specific to counterfeiting/IP theft in contracts,

                                                                                                                                            15
#letstalkfraud| India Fraud Survey, Edition II

    Point of View: Leveraging technology to curb counterfeiting
    As consumerization in India grows, there is also an accompanied rise in the movement of counterfeit goods in the market. Several
    industry reports point to counterfeits amounting to at least 25 percent3 of total goods circulating in the market across various
    product categories. While corporates are aware of this menace, efforts to curb counterfeits often tend to be inadequate. In our
    experience, investing in anti-counterfeit technologies may provide better safeguards against counterfeiting. Some options are
    discussed below.

                  $

                                                                                                                   Working with digital marketplaces
                                                           Radio Frequency Identification                          – The proliferation of ecommerce has
                                                           (RFID) – RFID can provide labelling                     been accompanied by a rise in online
                                                           technology like barcodes, but with                      sales of counterfeits and duplicate
                                                           greater capability. Barcodes typically                  products. However, unlike physical
                                                           encode product-labelling information                    market places, it may be relatively easy
                                                           like names and serial numbers, but                      to combat online counterfeit product
                                                           nothing more. They require direct                       sales, if organizations work closely with
    Smartphone applications – These                        line-of-sight for access, can store only                web platform providers. A simple move
    allow consumers to quickly check if                    small amounts of information, and                       such as search engine optimization –
    an item is authentic prior to making                   have minimum size requirements for                      where organizations invest to create
    a purchase. It also empowers                           effectiveness. As such, small sized                     content that promotes authentic
    brand owners to identify, track, and                   items present challenges for item level                 products – can help consumers become
    prevent brand infringers from selling                  barcode labelling. RFID technology,                     more aware of authentic products, their
    counterfeit products. Typically, retail                on the other hand, embeds labelling                     features and pricing. Consequently, if
    companies can put a Unique Product                     information in non-volatile memory                      search results start showing authentic
    Identifier (UPI) on the product or on                  devices, which in turn embeds in a                      products in the top listings, fakes tend
    the packaging. Consumers can use                       product. Unlike barcodes, RFID tags                     to get pushed to the bottom where
    their smartphones to scan the UPI.                     come in various sizes (sometimes as                     they may not enjoy visibility. Further,
    If the item is counterfeit, the system                 small as a grain of rice), have greater                 by adopting a more visible digital
    will notify the consumer that the                      storage capacity, and do not require                    profile – such as having a web page
    product cannot be authenticated4.                      direct line-of-sight for access. The                    with online sales capability, a Facebook
    Some smartphone applications                           absence of size and line-of-sight                       page, Twitter handle, etc., brands can
    also allow users to take photos of                     limitations allows RFID tags to embed                   stymie efforts by counterfeiters trying
    possible counterfeits and upload                       virtually into any product for flexible                 to steal the ecommerce spotlight.
    them to an online map that’s linked                    labelling down to the item level. This                  Increasingly, ecommerce platforms are
    to a GPS locator5. This can alert other                capability enables automatic tracking                   also blacklisting vendors providing fake
    consumers of counterfeits in specific                  and inventory control with strategically                products and initiating action against
    locations.                                             placed interrogators.                                   them 6.

Like many other fraud schemes, it is                    industry has successfully embraced some                  options and adopt those that are cost
easier to prevent counterfeiting than                   of these technologies and managed to curb                effective and user friendly.
to respond to incidents of large scale                  counterfeiting to a significant extent. Other
counterfeiting. The luxury products                     product companies can also explore these

3
  Source: http://indianexpress.com/article/india/india-others/about-rs-39000-crore-loss-in-one-year-due-to-illicit-markets-in-manufacturing-sectors-ficci-report/
4
  The Smart phone App ‘Authenticateit’ follows this technique to check for counterfeiting.
5
  Black Market Billions is a crowdsourcing app that operates with this technique.
6
  Source: http://fortune.com/2016/11/14/amazon-counterfeit-items-lawsuit/
16
#letstalkfraud| India Fraud Survey, Edition II

Focus remains on mitigating                   the changing business landscape and push       stem from limited understanding and the
known frauds                                  to adopt technology in improving business      inability of organizations to detect patterns
Overall, there appears to be little change    outcomes, it is surprising to note that        that may point to such fraud risks. If the
in most of the trends discussed so far        organizations continued to rate concerns       current levels of fraud awareness were to
compared to our 2014 survey. Frauds           such as cybercrime, IP fraud, e-Commerce       continue, organizations may be unlikely to
identified as concerns have been limited to   fraud, and counterfeiting relatively low in    mitigate new frauds in the future.
well-known categories such as bribery and     terms of organizational impact. We believe
corruption, theft and favoritism. Despite     this inexperience of new fraud risks could

  Point of View: Organizations need to prepare for fraud arising from new business dynamics

  In the last two years, three of the most significant fraud and     potential fraud in adopting e-procurement models. In theory,
  reputational damage cases reported by the media arose due          while e-procurement may not pose the same fraud risks as a
  to social media exposure. These large global brands were           conventional procurement process, and may be touted as the
  questioned by consumers on their quality assurance practices,      ‘fraud free’ frontier for the procurement function, practical
  which upon investigation led to the discovery of noncompliance,    experience can show otherwise. For instance, our 2014 fraud
  malpractice and fraud. In two of these cases, the brands had to    survey indicated online payments, procurement of materials,
  recall products from the market resulting in huge losses, and      and trading in stock markets as areas vulnerable to fraud risks
  had to invest in brand re-building measures until consumers        in e-commerce transactions.
  could regain faith.
                                                                     Further, in the past, organizations were aided by relative
  Interestingly, these brands remain heavily invested in social      inaction from governments to bring about paradigm change
  media for customer engagement. Yet, they did not foresee the       in the way business was conducted. However, that appears
  potential risks arising from this platform.                        to be changing today. The last two years have indicated a
                                                                     determination on the government’s part to ensure ease of
  In our experience, large organizations in India continue to be     conducting business–whether that is by moving towards
  saddled with legacy practices and tend to remain fixated on        simplifying laws and tax structures or by pushing for cashless
  them–whether it is for business process improvements or            transactions. In such a scenario, organizations will experience
  fraud risk management. So, while one may see a very robust         new frauds, unless they proactively anticipate them and
  fraud risk management framework to prevent, say procurement        establish processes to mitigate these frauds.
  fraud, there may be little or no steps taken to anticipate

                                                                                                                                           17
#letstalkfraud| India Fraud Survey, Edition II

Preparedness to tackle emerging fraud and regulatory
noncompliance risks remains low

Limited understanding of cybercrime                 regulatory risks, were identified as the
Reputational damage, IP theft and                   most likely impact of cybercrime.

Figure 4: According to you, what is the greatest impact of cybercrime?

                                                                      50%
                                                                      Reputational
                                                                      damage
                                                                                                      34%
                                                                                                      Cost of
                                       40%                                                            investigation
                                                                                                      and damage
                                       Service
                                                                                                      control
                                       disruption

                                                                                                          33%
                              42%                                                                         Actual financial
                              Regulatory                                                                  loss from the
                              risks                                                                       activity

                                                    50%                               37%
                                                    IP theft,                         Theft or loss
        Note: This is a
        multiple choice                             including theft                   of personal
        question and                                of data                           information
        responses will not
        add up to 100%

18
#letstalkfraud| India Fraud Survey, Edition II

Considering the media has reported about        2014 fraud survey states that only 5% of
organizations losing several million dollars    survey respondents indicated that their
to cybercrime globally, it is surprising        organizations had sustained losses from
to note that survey respondents rated           cloud-based intrusions. Around 43% were
financial loss from cybercrime low on the       unaware of data loss or leakages arising
scale. We believe this could be due to the      from hacking or hijacking of cloud services
limited understanding of how cybercrime         and a similar percentage of those surveyed
can manifest itself.                            reported no losses. This is no different
                                                from what we observe today.
For instance, cloud computing fraud is one
of the manifestations of cybercrime. With       In the area of cybercrime prevention,
increasing number of users demanding            majority of organizations still appear to
simultaneous access to data and                 be grappling with cybercrime, with a third
applications over multiple devices such         saying they didn’t discuss the incident for
as desktop PCs, notebook computers,             fear of tarnishing their reputation. In our
smartphones, and now smart watches,             view, a clear plan to tackle cybercrime is
cloud computing is gaining appeal for both      the need of the hour. Such a plan would
enterprise and personal use. The current        comprise of a responsibility matrix in
state of technology makes it possible           case of an incident, root-cause analysis
to edit and share documents and data            and situational diagnosis of the potential
across multiple devices and locations.          impact of the incident, and remediation
Some subscriptions also allow users to          plan. In many cases, the onboarding of
collaborate and interact in real-time. As the   specialist third parties for undertaking
number of cloud-based service providers         these activities is also documented in the
grow, risk to systems and intellectual          response plan.
property have also grown.
                                                As the world moves towards increased
While well-known service providers have         adoption of digital technologies, it is
sophisticated security and access control       imperative for organizations to become
systems, the safeguards employed by             aware of the potential fraud risks involved.
scores of lesser-known service providers        Failure to do so can result in business
may not be relatively well documented.          disruption.
Some of the key risks that users of cloud
computing may face include data loss from
unauthorized use of low-quality systems,
hacking, theft of intellectual property, and
theft of confidential customer data. Our

                                                                                                                                          19
#letstalkfraud| India Fraud Survey, Edition II

Point of View: Hacking shows no signs of scaling down                               hackers discovered that such data was worth a lot of money on
                                                                                    the black market. Consequently, hacker focus has shifted in the
This year the world has possibly experienced the largest                            last few years from denying service to stealing data.
number of large scale data breaches ever7. Many of these
breaches–involving government departments as well as private                        There are various tools available today which can help hackers
organizations-were a result of hacking by third parties. Going                      attack thousands of victims in just hours. Varieties of such
by recent news, it is likely that such breaches and large scale                     tools and “ready programs” are available on the darknet8.
hacking are becoming more common.                                                   Additionally, hacker forums tend to exemplify the spirit of web-
                                                                                    based collaboration and education, offering a rich menu of
The economic drivers behind hacking have evolved dramatically                       tutorials, advice and technology designed to steal data.
over the years. In the past, hacking was done for amusement.
Hackers focused on defacement (also known as hacktivism)                            Unfortunately, many organizations have been unable to keep
to embarrass large organizations and their security set up.                         up with the advancements in the hacking ecosystem and
They would often black mail site operators with attacks that                        remain equipped with old cyber security models designed
brought websites down (a “denial of service” attack), leading to                    to keep the ‘hacker-of-the-90s’ out. This needs to change;
the invention of the network firewall to stop this. However, as                     organizations need to invest in building a robust preventive
companies began digitizing organizational data on a large scale,                    framework. Such a framework must include the following:

Data protection:                            Subscribing to suitable                      Continuous monitoring              Focused training programs –
Developing a robust data                    and up-to-date protection                    of internal controls can help      Organizations can segregate
classification regime that                  tools which can block links                  identify potential instances of    their employees into different
restricts data access to very               to known malicious sites can                 data leaks or breaches, as well    user groups based on the
few employees can be a start.               prevent access at an enterprise              as suspicious activity.            information they are privy
Several large organizations                 level. Further, encryption must                                                 to such as those in the
already restrict access to data             be strongly recommended                                                         procurement function, finance
around financial information,               for all devices accessing                                                       and accounts staff, customer
employee information,                       organizational networks                                                         relationship team, sales team,
business plans and client                   for data.                                                                       etc. Depending on the level of
details. Alongside this,                                                                                                    information these employees
organizations can also limit                                                                                                hold, focused training
the transfer of data to reduce                                                                                              programs must be organized
potential access points for                                                                                                 to help them recognize
hackers to invade internal                                                                                                  potential hacking scenarios
systems.                                                                                                                    and avoid them. Further,
                                                                                                                            any known instances of
                                                                                                                            hacking attacks can be shared
                                                                                                                            throughout the organization
In addition to a preventive framework, organizations must also                                                              to warn employees. A leading
invest in a cyber incident response plan to prevent large scale                                                             best practice is to have
hacking. This includes conducting a comprehensive forensic                                                                  the IT security team share
readiness assessment, investigation to understand the                                                                       this information alongside
potential scale of the incident, assessing the damages caused                                                               recommended actions.
based on the data that was sought, and having a remediation
plan, including root cause analysis.

As organizations mature, there is bound to be increased
reliance on digital platforms to host data. Without the right
security measures, these data platforms are likely to invite new
age hackers.

7
 Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
8
 A darknet is a computer network with restricted access that is used chiefly for illegal peer-to-peer file sharing.
20
#letstalkfraud| India Fraud Survey, Edition II

Social media–to be or not to be on               said their organizations used social media
it–remains a concern                             for publicity and advertising, followed by
A majority of survey respondents did             understanding customer behaviour and
not respond to the question of why their         engagement.
organizations used social media. Among
those respondents that did, the majority

Figure 5: What is the primary purpose of your company using social media?

                           5%                    @
             For direct
             selling of goods/                       $

             services

                                                                                                              2%
                                                         24%                                  To track information
                                           For Publicity                                      on fraudulent
                                           and advertising                                    activities in your
                                                                                              industry

                           2%                                                      9%
                                                                     Our organization
              To attract                                             does not use
              new talent                                             social media

                                                         15%
                                                                                                           1%
                                    To understand
                                     customer behavior                                        To track
                                      and engage better                                       competitor
                                       with them                                              activity

                                                                                   41%
                                                                     Did not respond
                                                                     to the question

                                              1%
                                             Don't know

                                                                                                                                            21
#letstalkfraud| India Fraud Survey, Edition II

When asked to identify the fraud risks                  information–both belonging to the           online, reporting concerns to the risk
that their organizations faced on social                company and to customers–that can be        management team. Creating a social media
media, respondents pointed to misuse                    misused for monetary gain by fraudsters.    policy for employees to follow and working
of intellectual property by unauthorized                                                            with social media vigilante organizations
users (68%), and use of fake profiles                   To manage fraud risks on social media,      to spot fraud early were identified as the
masquerading as the company to                          a majority of respondents said they         other common measures adopted by
fool customers (65%). Both of these                     relied on a dedicated social media team     organizations.
situations can result in loss of confidential           to monitor brand specific conversations

Figure 6: What measures has your company taken to
manage fraud and reputation risks on social media?
                                                                                         33%

     Social media risks are covered as part of the larger fraud
     risk management framework in our organization
                                                                                          36%

     Work closely with social media vigilante organizations to
     spot signs of fraud early and act on it
                                                                                          35%

     Created a social media fraud response plan with timelines
     and clear responsibilities to address social media fraud                               48%

     Have a dedicated social media team to monitor brand
     specific conversations online and report the same to the
     larger risk management team
                                                                                         33%

     Assigned dedicated spokespeople who can comment
     on the brand on social media

                                                                                         32%
     An optional training program, on social media use by
     employees, is made available
                                                                                          39%
     Created a social media policy that is to be followed
     by all employees

Note: This is a multiple choice question and responses will not add up to 100%

When asked how they reacted to being                    issue was being dealt with. Another 13%     as yet another channel for communication,
confronted by a smear campaign, most                    said they did not use social media, but     not very different from conventional media.
respondents did not respond. Among                      conventional media such as advertisement    There also appears to be a strong desire to
those who did, 27% said they engaged                    or press release, to respond to smear       control social media and drown out voices
with their audience by providing facts                  campaigns. These sentiments indicate that   of dissent. In our experience, this may not
and sharing status updates on how the                   organizations appear to view social media   help organizations in the long term.

22
#letstalkfraud| India Fraud Survey, Edition II

Point of View: Controlling the uncontrollable – How                   There have also been cases where fraudsters have created
organizations can stay safe on social media                           fake social media profiles offering job opportunities on behalf
                                                                      of organizations, which may be unaware of such misuse of
Many organizations are choosing to have a social media                their brand. Unethical competitors can run campaigns using
presence today in order to capitalize on its potential for            fake accounts posing as consumers or reviewers posting
inexpensive, large scale communication–whether it is to               unfavourable product/service reviews. Yet another example
further a cause, generate publicity, or generally be noticed          of social media fraud is identity theft. We have observed
by specific target groups. The genesis of social media lies in        that fraudsters use social media platforms to steal personal
promoting free thought and communication. Unfortunately,              information and use it to access financial information. Such
this very fundamental tenet tends to pose significant fraud and       frauds can be committed from anywhere around the world,
reputation risks for organizations.                                   making it difficult to identify the fraudster(s).

For starters, verification of facts prior to posting information      We have also observed cases where confidential
tends to be overlooked in the rush for being the ‘first to post’.     information pertaining to business plans, financials and
This can result in the rapid spread of misinformation, which can      intellectual property was released on social media by
be difficult to curb. Recently, social media in India has witnessed   fraudsters. In these cases, privacy laws tend to have limited
significant polarization of views pertaining to many current          effectiveness because these confidential documents may
topics – whether it be the release of certain films (possibly         likely reside in cloud storage systems making it difficult to
influencing stock prizes of the organization producing the movie),    limit the number of infringed copies. Further, social media
the government’s move towards demonetization of currency,             networks often change their privacy settings and unless
and organizational performance in B2C companies in light of           users monitor this carefully, they may inadvertently reveal
festival season sales. In other instances, customer complaints on     confidential information to all users of the platform.
social media have gone viral, with people trolling the company’s
accounts, thus preventing a chance for resolution.

                                                                                                                                            23
#letstalkfraud| India Fraud Survey, Edition II

       Removing offending posts on social media is difficult and,         be practical for all organizations, educating customers
       many times offense may appear to be the only defence for           on the best possible way to resolve complaints may help
       organizations. In our experience, the following measures           reduce instances of negative coverage on social media. For
       may help organizations safeguard themselves from social            instance, organizations can provide a confidential space on
       media fraud.                                                       social media–like a closed group that encourages private
                                                                          conversation–to report issues with their brand.

       •• Monitoring the brand for misuse of                             •• Having a social media fraud response plan –
          brand name – There are tools available to monitor brand           Organizations may not always be able to prevent social
          mentions and brand sentiment on social media. These               media fraud, but they can be better prepared to deal with
          can help understand how the brand is perceived and take           it. Having a reaction plan and corresponding timelines to
          corrective action wherever necessary. Often, such action          deal with well-known instances of social media fraud may
          can prevent undesirable information from going viral.             help limit the spread of misinformation and control the
                                                                            damage. Such a plan can include a list of actions that the
       •• Training and awareness for employees on social
                                                                            organization can take when confronted with social media
         media use – Clear guidelines on what content is
                                                                            fraud or reputational damage. This can include the process
         permissible for social media sharing, who is authorized to
                                                                            to investigate the issue and timelines for identifying the
         comment on the brand in their official capacity, disclaimers
                                                                            root cause(s), procedures for on-boarding of third party
         that employees must use on their personal profiles to
                                                                            experts to investigate the issue (should the need arise),
         isolate risks to the brand, etc. must be outlined. Further, a
                                                                            guidelines on communication to clients and employees to
         dedicated training program outlining common scenarios
                                                                            quell fears, and maintaining a list of authorized individuals
         that result in information compromise on social media can
                                                                            who can coordinate the organization’s response and post it
         help employees understand the potential implications of
                                                                            through official channels.
         their actions.

       •• Managing employee accessibility to social media                Social media provides an opportunity for organizations to
          sites through content filtering or by limiting network         improve their customer reach at a fraction of the costs that
          through-put to social media sites. Often,                         using traditional media may incur. If adequate safeguards
          employees use smart phones to access                                   are put in place to prevent fraud, this platform may
          social media sites, opening up the risk                                   become a robust channel for organizations to
          of malware that may post information                                          grow business, attract quality talent, and gain
          on social networks without their                                                 customer loyalty.
          knowledge. Appropriate controls may
          need to be installed and continuously
          updated on mobile devices to better manage
          such risks.

       •• Customer education – Disgruntled customers
          can pose a significant risk of bad-mouthing the brand
          on social media. To curb this, many organizations have
          a dedicated customer service channel on social media
          where customers are encouraged to post complaints and
          check the status of their complaint. While this may not

24
#letstalkfraud| India Fraud Survey, Edition II

Anti-competitive behavior – Are you           That this is a relatively newer risk in the
covered?                                      Indian context is corroborated by the
The last two years have seen rising           responses in our survey wherein a large
legislative action by the Competition         number of respondents have either
Commission of India (CCI). Companies          chosen not to respond or have chosen ‘not
have been collectively levied fines ranging   sure’/’don’t know as a response. Clearly,
from a few crores to as much as several       a greater degree of awareness needs
hundred crore rupees for violating the        to be created amongst businesses for
principles of competitive behavior outlined   requirements under the Competition Law
in the Competition Act. This exposes          and make them have robust compliance
organizations to a relatively newer risk in   processes.
the Indian context–that of their growth
strategies and consequent business
actions being scrutinized for inappropriate
behavior in regards to competition.

Figure 7: Do you believe your organization can be pulled up for anti-competitive
behavior by the CCI in the near future?

     41%

                           27%

                                                                                                                      14%
                                                                        8%                    8%
                                                2%

   Did not               No–Our               Yes–we are            Yes–we are a            No–Our                  Don’t Know
   respond to            organization         operating in          fast growing            sector
   the question          has a                a relatively          company                 doesn’t
                         reputation of        new sector/           and our                 come
                         being ethical        industry that         equally well            under the
                         and following        is fast growing.      established             ambit of
                         fair business        Our unique            rivals may do           the CCI
                         practices.           processes,            this in a bid to
                                              although              pull us down
                                              legal, may be
                                              disrupting
                                              the market
                                              and drawing
                                              the ire of our
                                              competitors

                                                                                                                                              25
#letstalkfraud| India Fraud Survey, Edition II

Figure 8: In your opinion, does being part of an anti-competitive behavior law suit
have a significant impact on your organization?

     No–our brand is large enough
     to be insulated (monetarily or
     otherwise) from the impact of               11%
     CCI proceedings

     Did not respond to the question                                                          41%

     Yes–only on our company’s reputation.
     Being seen as part of such a law
     suit may dent customer confidence
                                                   17%
     irrespective of the final verdict

     Yes–monetarily only. Fighting these
     cases using specialist lawyers is
     expensive and fines imposed by              9%
     the CCI can also be quite high

     Not sure                                                        22%

There appears to be lack of understanding          adversely impacted. The Competition Law
of the risk emanating from non-compliance          redefines business conduct and some
to Competition Law as also about what              of the traditional ways of doing business
actions/behavior may constitute an                 may now be looked upon as unacceptable
anti-competitive behavior under the Law.           business practices. There has been a
Most respondents to the survey believed            significant increase in the number of
they were unlikely to be impacted by a             information filings with CCI as well as the
CCI investigation whereas many others              number of investigations that it is carrying
were unsure when asked if a CCI law suit           out. The CCI has levied fines of more than
would have a significant impact on their           USD 2 billion over the past five years.
reputation.
                                                   Compliance with the requirements of the
Indian businesses will need to take this law       Competition Law is a subjective matter that
seriously else they risk significant penalties     can be extremely complex. Hence, there
being levied and their reputation being            seems to be some confusion in the minds

26
#letstalkfraud| India Fraud Survey, Edition II

of survey respondents while responding to               pertaining to anti-competitive behavior
our question with regards to compliance                 and including a section on anti-competitive
measures. When asked how organizations                  behavior as part of employee training
addressed potential risks arising from                  programs. Another set of respondents said
non-compliance to the Competition Law,                  their organizations had taken no specific
respondents shared mixed reactions.                     steps and that anti-competitive behavior
One set of respondents indicated hiring                 was subjective, making it difficult to prepare
specialist law firms to help draft policies             to handle such cases.

Figure 9: What measures has your organization taken to address the risk of anti-competitive
behavior?

                                                                             52%                         52%

           41%                              39%
                                                                                                                                    36%

   Anti-competitive                   The organization                A section on              We have hired a              We have a
   behavior is                        has not taken any               anti-competitive          specialist law firm          dedicated in-
   subjective and                     specific measures               behavior is               to help us draft             house legal team
   organizations                      to address the risk             included as part          policies pertaining          that counsels
   cannot prepare                     of anti-competitive             of the regular            to anti-competitive          our various
   specifically to                    behavior                        training programs         behavior; these              departments
   handle such cases                                                  undertaken by our         policies are                 against anti-
                                                                      employees                 implemented across           competitive
                                                                                                the organization             practices

Note: This is a multiple choice question and responses will not add up to 100%

                                                                                                                                                      27
#letstalkfraud| India Fraud Survey, Edition II

     Point of View: Mitigating chances of a CCI inquiry – Some          with the competition, customers and suppliers). These
     steps for consideration                                            programs should be focused on educating the participants
                                                                        on potential infringements and how to avoid them.
     To avoid punitive action under the Competition Act, Indian         Some examples of infringements include, salespeople
     business organizations need to evolve a strong culture             generally buying “shelf space” for their products and
     of compliance covering increasing awareness about the              imposing restrictions on wholesalers and retailers. This
     requirements of law, robust code of conduct, promoting fair        kind of conduct is exclusionary in nature as it prohibits
     business practices as also individual conduct while interacting    the wholesaler/retailer to stock competitor’s product.
     with competitors. Some specific considerations include:            Other examples include informally discussing prices and
                                                                        promotional schemes with competitors at industry events or
     •• Seek employee undertakings with regards to compliance
                                                                        social gatherings. Ideally, such training programmes should
        with the Competition Act
                                                                        be conducted every six months and reviewed annually.
     •• Develop an anti-trust law compliance manual – Such a
                                                                       •• Closely monitoring business information shared at
        manual should ideally contain the following: introduction to
                                                                          meetings with trade associations, which bring together
        the Competition Act and key requirements under the law,
                                                                          key competitors. At the very minimum,the agenda of any
        outline businesses, business processes and key personnel
                                                                          such meeting should be vetted by the legal counsel of the
        that carry high risk; do’-s and don’t’-s for the employees,
                                                                          company and details of the meeting’s discussion should be
        expected behaviour while dealing with competitors,
                                                                          shared with the legal counsel.
        suppliers, dealers, traders etc.
                                                                       •• Review all trade association memberships and prepare
     •• Create better awareness through regular training programs
                                                                          specific guidelines for participation in such meetings
        for competition law compliance – A broader programme
        should be designed for all employees and specific programs     •• Conduct mock raids to sensitize employees to the possibility
        can be developed for key business roles that have higher          of sudden scrutiny by the regulator.
        perceived compliance risks (teams who interact regularly

28
#letstalkfraud| India Fraud Survey, Edition II

Conventional processes dominate overall fraud
prevention, detection and response strategies
There are mixed reactions on who               Irrespective of who has the primary
shoulders the responsibility of fraud risk     responsibility to manage fraud risks, it is
management, with respondents indicating        important for a robust system to be in
that the Board should be responsible for       place to review fraud risk management
fraud prevention, whereas the Internal         measures. It is heartening to note that
Audit team should be responsible for fraud     39% of respondents indicated that their
detection and investigation.                   organizations undertook continuous
                                               monitoring of controls. However,
While leading practices and our own            organizations must also ensure that
experience indicate that the Chief Financial   controls are periodically updated in
Officer (CFO) and the Chief Risk Officer/      line with the business landscape and
General Counsel undertake primary              knowledge of potential frauds, failing
accountability for fraud risk management,      which they may not be able to prevent new
changing business and regulatory               frauds. As new data gets generated within
landscapes mean other stakeholders             organizations, an automated system of
need to assist these primary stakeholders      continuous monitoring is the way forward.
wherever appropriate. For instance, in
the information technology industry, the
role of the Chief Information Officer (CIO)
and Chief Information and Security Officer
(CISO) becomes important in case of
cybercrime, and these individuals and their
teams need to support the CFO in getting
information pertaining to the incident, as
well as help plug gaps in internal controls.
Similarly, in the real estate business,
procurement is a significant fraud risk that
is fraught with legal complications and
hence the Legal Head may have to support
the CFO in information gathering and
resolution of potential fraud. In the Pharma
industry, the Chief Compliance Officer
usually assists the CFO wherever there
are allegations pertaining to regulatory
noncompliance.

                                                                                                                                        29
#letstalkfraud| India Fraud Survey, Edition II

Figure 10: How often do you review your fraud risk management measures?

                                                                                  Annually
                                                                                              15%

22% Did not respond to
            the question

                                                                                             Once a
                                                                                                       1%
                                                                                             month

                                                                                             Once a
                                                                                                       10%
                                                                                             quarter

                                                                                       Once every
                                                                                                       2%
                                                                                        6 months

                                                                               We don’t review our
                                                                                                       8%
                                                                                framework unless
                                                                                  we encounter an
                                                                                          incident

                                                                          We review our framework
                                                                                                       3%
39% We undertake                                                              subject to regulatory
                                                                           requirements changing
            continuous
            monitoring of
            controls

30
#letstalkfraud| India Fraud Survey, Edition II

Point of View: Automation is the              is where, we believe, machine learning
future of fraud risk management               technology can be useful.

A fraudster is always one step ahead          Machine learning uses computer systems
and with technological advancements,          with artificial intelligence capability
he/she is also developing newer ways to       to autonomously learn, predict, act,
perpetrate sophisticated fraud schemes        and explain without being explicitly
that appear difficult to detect or prevent.   programmed. This means the computer
Recent instances of large scale hacking       can learn from the outcomes of analysing
and social engineering are indicators         existing data, and those learnings can
of what technology, in the hands of           then be applied to newly generated data
fraudsters, can result in. To stay ahead of   to provide insights. This can be better
the curve, organizations need to invest in    understood through the example of
the next generation of automated fraud        online chess. A computer which either
risk management measures to ensure            wins or loses, assigns a value to the series
safety.                                       of winning moves it used during that
                                              game. After playing several such games,
Historically, most organizations have built   the system can predict which moves are
home-grown systems that use business          most likely to result in a winning situation.
rules to manage their fraud detection
processes. These hand-crafted rules           Similarly, a machine learning system
which are framed as “if-then” statements      could learn to distinguish between
are called Robotics Process Automation        suspicious transactions (which are
(RPA) techniques. An example would be:        potentially outside the normal patterns
“if several transactions are made within a    of activity) and legitimate ones. Further,
short amount of time in a different state,    machine learning can also analyse big
then send the account for manual review”      data more efficiently, build statistical
or “if an isolated transaction takes place    models quickly, and react to new
by using a customer’s credit card from        suspicious behaviours faster.
a country other than what is mentioned
in the registered address, then send this     Machine learning can also be extended
transaction for further screening”. These     to multiple environments such as
rules have been built and refined based       ecommerce and m-commerce to prevent
on decades of manual experience of            and detect frauds. These systems can
analysing fraud data. Many of these rules     scale up to meet the demands of big data
are set up to provide additional analysis     with greater flexibility than traditional
for unusual transaction behaviour.            methods used for fraud prevention
Although proven to be very useful,            and detection. We are already seeing
particularly for the e-commerce and           increasing implementation of machine
m-commerce industries, RPA techniques         learning systems at banks and it is a
tend to work efficiently primarily in a       matter of time before this becomes
structured data environment.                  widespread across other industries. We
                                              believe the advent of machine learning
In today’s day and age, however, the          for fraud prevention will change how
amount of data being produced and             organizations manage their fraud risk
the complexity of analysis has grown          programs. Human oversight and intuition
to unprecedented levels. This is making       will remain critical to success, but
the manual process of building and            machines will increasingly do the heavy
maintaining business rules expensive,         lifting.
time intensive and less predictive. This

                                                                                                                                         31
#letstalkfraud| India Fraud Survey, Edition II

In the area of fraud prevention we are                  challenge for companies seeking details
seeing a rise in preference for conducting              for due diligence. Depending on the scope
due diligence prior to onboarding                       of relationship sought with the business
business partners. This is a welcome                    partner, due diligence needs may be
change, but can also be a challenge for                 outsourced to specialist organizations.
companies considering India still has a
very fragmented data regime, posing a

Figure 11 : What measures does your company adopt to prevent incidents of fraud?

                                Engage third party experts to assess
                   24%          our fraud risk management frameworks
                                at least once a year

                                       Dedicated fraud prevention unit that
                         30%           researches new frauds and communicates
                                       them to the fraud risk management teams

                                                                                                  Effective tone at the top, followed by
                                                                                   79%            implementing policies for fraud and
                                                                                                  consequence management, code of conduct, etc.

                                                                                 Conducting a due diligence check (Third party/
                                                             61%                 Senior Management/Business associate, etc.)

                                                                Dedicated training programs to address most

                                              50%               susceptible frauds such as bribery and corruption,
                                                                conflict of interest, procurement fraud, etc.

                                                                   66%               General fraud awareness trainings and workshops

                                                                                    Fraud risk assessment/monitoring of fraud control
                                                                 65%                frameworks–either manually or using technology such
                                                                                    as fraud analytics and fraud management systems

                                                                                              89%           Internal Audit/Risk Assessment

Note: This is a multiple choice question and responses will not add up to 100%

32
You can also read