South African companies have reported a significant increase in tax fraud and market fraud and to a lesser extent, insider trading as well, according to a new report issued by Professional Services Firm PwC today. Louis Strydom, head of PwC’s Forensic Services Practice, says that this increase is also reflected in a shift in the South African perpetrator profile towards senior management. In 2011, 36% of internal economic crimes were carried out by senior management, compared to only 17% in 2009. “These economic crimes require access to sensitive information and more sophisticated ‘know-how’ which senior management usually possess”.
“These crimes have previously not been as prevalent in South Africa and the increase could suggest that organisations need to revisit their fraud risk management frameworks to ensure that they are able to deal with the emerging threats.”
Latest crime survey results
The Global Economic Crime Survey, which is carried out every two years, was conducted among 3 877 senior representatives from more than 70 countries. In South Africa 123 organisations across 19 industries took part in the survey. The study shows that economic crime remains a challenge for business leaders worldwide, particularly in South Africa where 60 % indicated that they had experienced some form of economic crime in the 12 months preceding the survey, compared to the global average of 34%. On the positive side, the survey found that this overall prevalence of economic crime in South Africa has decreased from 83% in 2005.
The decrease in the overall incidence of economic crime is as a result of corresponding decreases in the misappropriation of assets, bribery and corruption and financial statement fraud. These three crimes have decreased steadily over the past six years. There can be a number of reasons for this. One of them may be that internal fraud risk management frameworks are making progress in South Africa and are getting better at detecting and preventing economic crime.
Further, given the focus of cybercrime in this year’s survey, some organisations may have classified other economic crimes involving the use of computers and the internet as cybercrimes instead.
Detection is key
Strydom says that detection is a key element in managing the risk of economic crime. The survey found that detection methods under management’s control were responsible for 69% of detections in South Africa, compared to 72% globally. This is encouraging as it vindicates the investment in anti –fraud controls. However, 14% of detections occurred by accident which means there is room for improvement locally.
The most effective detection methods were formal risk management procedures (including fraud risk assessments), automated suspicious transaction reporting (both contributed 16% of the detections) and internal audit (11%). The various tip-off methods (internal tip-off, external tip-off and formal whistle-blowing mechanisms), together contributed 20% of detections.
Given the effectiveness of formal fraud risk management structures, it is surprising that 28% of organisations had not performed a fraud risk assessment at all and 14% indicated that they were unsure whether any fraud risk assessment had been performed. The most common reason given by companies for not carrying out a fraud risk assessment was uncertainty about what such a risk assessment involves.
High levels of fraud
The countries that reported high levels of fraud (40% or more) include Kenya, South Africa, Australia and New Zealand, suggesting that fraud is not only endemic in developing countries. Jurisdictions that reported low levels of fraud (25% or less) include Japan, Indonesia, Italy and Greece. However, these results can be affected or distorted by ineffective fraud detection methods or the reluctance of organisations in those countries to report fraud.
For the first time since PwC carried out the survey, economic crime in South Africa is being committed equally by internal and external perpetrators. Globally, the majority of crimes are still being committed by internal parties.
Overall South African organisations resorted to criminal and civil action more often than their global counterparts. However, with regard to the most serious economic crime committed by insiders, South African companies took no action in 6% of cases, opted for employee transfers in 3% or warnings in 14% of cases. Strydom says this is worrying as it suggests that these perpetrators still remain within the organisation and may be able to commit further transgressions. It is important for organisations to demonstrate zero tolerance for economic crime and set the right tone.
Cybercrime has emerged as a significant contributor to economic crime losses in South Africa and is considered the fourth most common economic crime after the misappropriation of assets, bribery and corruption, and financial statement fraud. South African respondents indicated that reputational damage and direct financial loss were their two main concerns with regard to cybercrime.
Based on the PwC study, 60% of organisations felt that the risk of cybercrime had increased in the past 12 months, compared to only 39% globally. Strydom noted, “46% of South African respondents see the threat of cybercrime as exclusively external. Cybercrime usually requires access to protected information. Employees, agents, contractors, customers and other individuals that have access to an organisation’s premises and systems are likely to have access to such information.” It is therefore important that organisations recognise cybercrime as an internal threat as well.
Based on the survey’s findings, South African companies and their global counterparts still have some way to go in dealing with cybercrime.
For instance, the findings also show that few organisations have all the elements of a holistic cybercrime prevention and response mechanism in place. Strydom says that one would expect the overall responsibility of addressing the risk of cybercrime, to lie with senior management. However, the survey shows that in 10% of South African organisations the respondents were unsure who should be tasked with this responsibility. A further 37% thought the chief information officer should be responsible.
This is an interesting observation, as the King 3 Report on Corporate Governance recommends that the board deal with IT, which includes IT security.
Despite the declining overall prevalence of economic crime in South Africa, the risk remains pervasive and South African organisations will need to remain vigilant, especially in these depressed economic conditions. Advances in technology are fast-paced, as are fraudsters. Those organisations ready to understand and embrace the risks and opportunities of the cyber world, will be the ones to gain competitive advantage in today’s technology driven environment. Establishing the right ‘tone at the top’ is key in the fight against economic crime.
For more information on the Global Economic Crime Survey, please visit: www.pwc.co.za/crimesurvey