Canadian businesses report higher levels of fraud than global counterparts
By Julie King | November 19, 2009
Economic crime reached its highest level in six years, with Canadian companies reporting higher levels of economic crime (56 per cent) than their global counterparts (30 per cent) in the past 12 months.
While reports of crime dropped 14 per cent globally compared to a 2007 survey, the numbers in Canada have risen 10 per cent compared to 2003 levels, according to the PricewaterhouseCoopers (PwC) Investigations & Forensic Services' Global Economic Crime Survey 2009.
Almost one quarter (24 per cent) of Canadian companies that were victims of fraud during the survey period estimated their fraud-related losses to be greater than US$500,000.
Types of crime
Canadian companies reported higher levels of asset fraud and money laundering than their global counterparts.
Asset misappropriation or theft was the most commonly reported type of crime (83 per cent in Canada and 67 per cent globally), followed by accounting fraud (31 per cent in Canada and 38 per cent globally and money laundering (28 per cent in Canada and 12 per cent globally). At 7 per cent bribery and corruption reports were lower in Canada, compared to 27 per cent globally.
Perpetrators of crime
Canadian companies also reported a higher level of external fraud than their global counterparts.
Amongst Canadian companies that were victims of economic crime, 59 per cent said the crime was perpetuated externally, while 38 per cent said the perpetrator was an employee. In comparison, global respondents attributed 44 per cent of crime to external sources and 53 per cent to employees.
Cost of fraud extends beyond the balance sheet
The cost of fraud can affect an organization in more ways than the immediate financial loss. Economic crime can harm the organization's brand name or reputation and it can negatively affect its relationships with suppliers, customers, regulatory bodies and other key stakeholders.
When it comes to quantifying the damage caused by fraud to companies, the main impact is perceived to be financial. Less than 24 per cent of Canadian companies perceived a "significant" or "very significant" impact on the organization in terms of the following elements: employee morale (24%), business relations (21%), brand or reputation (7%), share price (3%) and relations with regulatory bodies (3%), indicating that these additional factors can be difficult to quantify.
Henderson comments, "Experience has shown that negative employee morale can result in additional losses for a company because it can lead to reduced performance and future detrimental behaviour such as committing crime."
Claudiu Popa, the author of The Canadian Privacy and Data Security Toolkit for Small and Medium Enterprises, explains that the most dangerous type of fraud is when there is collaboration between employees and an external party. This type of crime is particularly successful because there tends to be better planning and once the fraud is executed, it is often repeatable.
Popa advises companies to take a layered approach and make sure that you have not only policies, but policy enforcement in place.
Many leaders and senior managers look for a checkbox type of approach to protect the company, but this often leads to a company only implementing half of the solution, which can create the false sense that the company is protected. When this happens there are lots of gaps and if the gaps are not dealt with, the company is at risk.
"The critical part is not jotting something down," says Popa, "but rather communicating and enforcing it."
Popa offers the following advice for companies that want to protect themselves:
- Verify the degree of awareness and accountability at the employee level. Do spot checks on policy enforcement and make sure people realize they are accountable for the assets they are privileged to access
- Address fraud not only from a liability perspective, where you have a legal process in place to deal with theft or fraud, but also from a preventative perspective to stop crime before it happens. This means paying attention to the monitoring aspect of your security, as this is what will help you prevent crime. Use monitoring controls and take a layered approach with systems in place - administrative controls, IT controls, accounting controls, etceteras - to protect different aspects of the company.
- Realize tech is an enabler, in that it enables you to acquire something that will give you better visibility into your processes than you had before. However, it is only the first step. To be effective you need to take an end-to-end approach and invest in configuration / implemenation, adequate notice to employees and employee training at all levels from the janitorial sub-contractor to senior management. That's what you call a complete security program.
- Get people on your side. When it comes to protecting corporate assets, Popa notes that you need to be able to trust your people and your people need to be able to rely on the fact that the company has a foundation / culture of security.
If you enjoyed this article, be sure to visit CanadaOne's article knowledge base for more informative articles.