Who will be promoted?

Consider the following case. Two sales managers, each with five years experience, are working in adjoining areas for your company. Mr.Slick knows every trick for getting a sale, including how to get around the rules when he needs to. Inappropriate or excessive entertainment, obtaining information on competing bids in a tender process, exaggerating specifications…yet he is careful not to go too far. Mr. Clean on the other hand takes the Code of Conduct more seriously, and follows both the spirit and the letter of company policy. Both salesmen regularly achieve their quotas, but Slick has achieved better results than Clean in 7 of the last 8 quarters. In your company, which is more likely to be promoted to regional sales manager, Slick or Clean?

Do we really mean it?

This case example could be re-written to fit different positions and organizations. The question is, to what extent do we include ethical behavior when we evaluate employee performance? If we punish good behavior and turn a blind eye to successful rule breakers, we will wind up with a company full of rule breakers and ethical time bombs.

Can you protect me from yourself?

As Frodo said to Aragorn, in Tolkien’s Lord of the Rings, “Can you protect me against yourself?” Herein lies the paradox of management fraud. The greatest risk comes from the very people responsible for managing it. The fox is guarding the hen house! The problem is not necessarily the character of the fox, or of Aragorn, but rather the tendency of an obvious temptation to gradually become overwhelming.

What is the solution?

We continue to look for ways to improve Corporate Governance, with auditors and audit committees comprised of independent directors. There is of course always the deterrent of potential criminal prosecution. Yet temptation and the paradox remain, we cannot readily remove it. We can however work to increase awareness of the risk, educate board and audit committee members, and executive management. By keeping the risk of management fraud on the agenda, we can help avoid trust becoming blind trust.

“a corporate executive is an employee of the owners of the business. He has direct responsibility to his employers. That responsibility is to conduct the business in accordance with their desires, which generally will be to make as much money as possible while conforming to the basic rules of the society, both those embodied in law and those embodied in ethical custom”

Friedman’s view has gotten plenty of support, and is legally sound. Executives can do what they like with their own private resources, but not with corporate resources. The executive has a fiduciary responsibility to shareholders manage their corporate resources to achieve their objectives.

The Opposing View

Some opponents to Friedman’s view have argued that executive managers also have fiduciary obligations to other stakeholders, even beyond the requirements of the law. In other words, managers are responsible to protect the environment, ensure product safety, avoid exploitation of minors, share benefits with local communities et cetera. While this view seems morally comfortable, its legal basis is questionable. No matter how good the cause, managers do not have the right to promote it with shareholders’ money unless they have shareholders’ approval, or it is compatible with shareholders’ interests.

But Corporate Responsibility is Profitable..

Executive managers have avoided the dilemma on the assumption that doing the right thing is also in the best long term interests of shareholders. Corporate Social Responsibility is firmly established, with varying degrees of sincerity, in most major corporations. Management simply cannot afford to ignore the interests of customers, consumers, key suppliers, employees, local communities and other stakeholders. Still, the question remains. Are managers justified to go beyond shareholder considerations, beyond strategic stakeholder considerations to do what is right even when that creates significant costs with no apparent short term or long term benefits for shareholders? Kenneth Goodpaster (1991) described this as the “Stakeholder Paradox”

“It seems essential, yet in some ways illegitimate, to orient corporate decisions by ethical values that go beyond strategic stakeholder considerations to multifiduciary ones”

Code of Conduct and Ethics Statements

Corporations certainly are not shy about claiming the moral high ground in their various policy documents. General Electric for example, writes in their Code of Conduct document “The Spirit & The Letter”:

“For well over a century, GE employees have worked hard to uphold the highest standards of ethical business conduct. We seek to go beyond simply obeying the law — we embrace the spirit of integrity.”

Does that mean that GE executive management has a mandate from shareholders to do the right thing, even to the potential disadvantage of shareholders? Shareholder objectives, which management is legally obligated to pursue, are defined in the General Electric Charter, or Certificate of Incorporation. In this document we find no mention of ethics at all. Instead we read, under Objectives:

“The purposes of the corporation are as follows:….. (D) To engage in any activity which may promote the interests of the corporation, or enhance the value of its property, to the fullest extent permitted by law, and in furtherance of the foregoing purposes to exercise all powers now or hereafter granted or permitted by law, including the powers specified in the New York Business Corporation Law“

In other words, taking the two documents together, GE works to uphold the highest standards of ethical business conduct, as long as that will promote GE interests or increase its value to the fullest extent permitted by law!

Making Room for Morals

Many shareholders of GE and other leading corporations would, I expect, be willing allow executive management some flexibility when it comes to doing the right thing. Perhaps the time has come for shareholders to consider ethics in the mandate they define for executive management, in fact to not only allow true ethical business conduct, but to require it. For example, the Certificate of Incorporation might be modified to state:

“….to engage in any activity which may promote the interests of the corporation, or enhance the value of its property, to the extent permitted by law and compatible with ethical the principles of honesty and fairness towards those who may be affected by our activities“

In other words, perhaps it is time for shareholders to make room for morals in the Corporate Charter or Certificate of Incorporation.

Fraud will happen

In practice, good management and strong internal control cannot guarantee the absence of fraud and malpractice. Every organization, to varying degrees, decentralizes authority and responsibility to its members. Management cannot maintain absolute control over the actions of employees, suppliers and business partners. The owners cannot fully control management. We simply cannot manage without trust. As a result, there will always be opportunities for fraud to occur. When it does, if the incident is detected, competently investigated and appropriately resolved, that is a sign of management strength, not weakness!

Be Prepared

We need to change our attitude towards the risk of fraud and malpractice. Typically, managers see these as an unlikely events, exceptions. We know they are possible, but we don’t expect it will happen in our organization. As a result, when a serious incident occurs we are caught off guard, embarrassed, and anxious to cover-up. We need to change our mindset and recognize that some amount of fraud and malpractice is highly probable. We can and should take reasonable preventive actions, but we should also be prepared to handle the incidents that will occur. By preparing a response plan, we can in a calm and organized manner set priorities, identify resources, and assign responsibilities. Then when the time inevitably comes, we can manage the investigation not as a crisis but as a normal business process.

Silo Mentality and Investigations

Various functions in the organization might have some capacity or mandate to investigate. There is internal audit, security, legal, HR, certainly line management, and others. If incident response plans are not formalized, the function that owns a particular investigation is often the one who first learns about it. There have been cases where two parallel internal investigations were started by different functions, each ignorant of the other! A formal incident response plan ensures that information is shared by a small, central group and that each investigation is managed by the persons most qualified to do so. More on this subject later!

A question of perception

Our decision to commit fraud, or to refrain, is determined by our perceptions. The opportunity we see may be real or illusory, and the probability of detection and punishment may be higher or lower than we imagine. The need we feel may stem from a real crisis, financial or otherwise, or from an unsatisfactory comparison of our situation relative to those around us. And finally rationalizations are pure perception. We create a convenient perception, even distort reality, in order to fit our requirements!

The concept of “Rationalisation” is familiar to students of fraud. According to Donald Cressey’s famous “Fraud Triangle”, people are able to commit fraud when three factors are present; a perceived need for money or personal advantage, a perceived fraudulent opportunity to obtain it, and an ability to rationalize the fraudulent actions. Traditionally we spend most effort designing controls that reduce fraud opportunities. We also pay some attention to the need factor, by designing incentive systems that align employees interests with those of the organization, and by screening employees before hiring. But what about the third side? Perhaps we do not do enough to counter the human tendency to rationalize inappropriate or unethical behavior.

Analyzing Rationalizations

The third side of the triangle has received the least amount of attention. Can an organization take proactive measures that reduce employees’ tendency to rationalize inappropriate behavior? To answer the question, we attempted to categorize common rationalizations used by fraudsters. In the figure below, the vertical line represents the individual dimension. To what extent is the individual consciously breaking the rules? The horizontal line represents the perpetrator’s perception of his social environment. Is the organization lenient towards rule-breakers, or are the rules strictly enforced?

Four Categories of Rationalization – Taken from the book “The Anatomy of Fraud and Corruption” (Brytting, Minogue, Morino). Reprinted with the permission of Gower Publishing.

Detatched

In the first quadrant, ‘Detached‘, the subject deliberately violates the rules in an environment where rule breaking is not tolerated. The rule-breaker perceives the situation as so exceptional either due to force majeure, or implying a right of self-defence, or saving oneself or one’s employer from a financial crisis, that they can ‘detach’ themselves from the norm altogether. A person with insurmountable debts to pay, for example, might find fraud justifiable. Similar is the situation in which an individual regards himself as so important, or so special that he is above the moral standards that apply to others. They are detached from the official norms by virtue of their own perceived superiority. We also find it in the career criminal who has no intention of following the rules.

Decadent

The second quadrant, ‘Decadent’, describes a situation in which the fraudster see rules being broken all around them, and are able to use that as an excuse for doing the same. They know what the rules are, and realize that they are about to do something in violation but doubt whether anyone will care, or stop them; they perceive the environment as corrupt.

Devoid

In the third quadrant the perpetrator of a fraudulent or corrupt act does not perceive that their act is a violation of valid rules. Similar to the second quadrant, the fraudster sees rules being broken by others, but they also perceive that these others seem to be devoid of any guilt or shame at all, and the rule book devoid of relevance. The fraudster in this category is just going along with the crowd; it seems to be the normal thing to do. “I just do what they tell me to do”.

Denial

Finally, the fourth quadrant describes a situation in which the perpetrators are in a state of ‘Denial’: they conceal their actions and know that others will not approve of their actions if they are detected, but they have created rationalizations that trivialize their fraud. The employee borrows from the cash box, telling himself he will make good later. He is not fully aware that the rationalization is a lie, that he will not return the money for instance.

Changing Names

This suggests an approach to fraud prevention. Rationalization is about changing names. As long as the tempting opportunity comes with a label attached calling it ‘fraud’ or ‘corruption’, it will be condemned. Fraudsters change the label to something more acceptable or trivial. If we can raise employee awareness about what constitutes fraud, we can reduce the availability of the unconscious or subconscious rationalizations in the “Devoid” and “Denial” quadrants. And, if we can eliminate the misperception that the organization tolerates misbehaviour, we can reduce the availability of “Decadent” and again the “Devoid” rationalizations. Through employee training and other forms of internal communication we can expose rationalizations for what they are and render them ineffective. And most people, no longer able to rationalize fraudulent actions, will instead refrain.

The remaining hard cases

Of course we are left with the quadrant where fraudsters have detached themselves from the need to follow the rules. The narcissists, career criminals and desperate cases are perhaps beyond the reach of awareness training. But if we raise awareness throughout the organization, these few individuals may be easier to isolate and address through other means.

Conclusion

The persistence of fraud as a significant cost for organizations of every kind and around the world suggests both that fraud is a common occurrence and that prevention efforts are inadequate. While it may be impossible to prevent fraud completely, we believe that organizations could greatly improve their success by concentrating on all three sides of the fraud triangle. The importance of effective controls to reduce fraud opportunities is already well understood. Management and incentive systems should be designed with care, to avoid creating unreasonable pressure. And fraud awareness programs are required to deflate rationalizations by increasing employees’ understanding of appropriate behaviour and ensuring that they maintain an accurate perception of the organization’s lack of tolerance for fraud.

A longer version of this article features in the Feb/Mar 2011 issue of Fraud Intelligence (www.informaprofessional.com/fi).

The law of the jungle

Deception comes naturally. We find plenty of examples in the animal kingdom, with animals who camouflage themselves to surprise their prey, or prey who make themselves appear frightening or less edible. While this is perhaps adapted behavior rather than true deception, it illustrates the value of deception as an acceptable tactic according to the law of the jungle. Human beings did not get to the top of the food chain through virtuous means, or through physical prowess; we are expert deceivers. So if we can use these natural skills to get what we want, why not?

Survival of the Group

Mankind evolved as a social animal, since the group is far more effective at hunting and defending than a lone individual would be. The group can only function through cooperative trust, so we have developed the psychological ability and the cultural tools that allow us to work together. We carry within us not only the egotistical fraudster but the reciprocal team player.

Fraud is a strategic option

There is a risk that fraudulent individuals might exploit the fruits of cooperation. This is not in the interest of the larger group! But because it happens all the time, we have also developed the ability to suspect and detect fraud, and a tendency punish fraudsters. The point is that fraudulent behavior is nothing abnormal. It is simply one of the strategic options that we carry with us as part of our behavioral repertoire. In our daily lives, our fraudulent abilities are countered by social cooperative strategies designed for the common good, and if we are guilty of fraud against the group, a betrayal of trust, we keep it well hidden.