india fraud survey report 2010

8/11/2019 India Fraud Survey Report 2010

1/33

India Fraud Survey Report 2010 ADVISORYFORENSIC

ForewordWith greed increasingly informing the thought process and the actions of a large number of

persons, fraud has a bigger presence in our lives than ever before. Fraud, an intentionaldeception made for personal gains or to damage another individual, is a significant factorworldwide in todays competitive world, and in entities irrespective of their size. Fraud is a major source of risk which can have disastrous effects on the finances of a company. It cancause irreversible and often irreparable damage to the image and reputation of a company.In recent times, with increase in awareness, companies have started focusing on pro-activerisk management strategies. However, a lot remains to be done, especially having regard tothe complexity of instruments and the speed of transactions.India has had its share of frauds and their incidence has often significantly impacted investorconfidence. In an atmosphere of doubt and disbelief financial statements are often viewedwith scepticism. This has also led to erosion of confidence and reduced trust amongparticipants in the financial system.The KPMG India Survey Report 2010 is an effort to provide a clear picture of what reallyhappens in corporates today. The findings are, to put it mildly, disquieting. The mistrust ofemployees towards their senior management is unmistakable. Despite this, controlmechanisms are not in place in most organisations and hence, the need for risk mitigatingstrategies is unquestionable. It is time that India Inc. sits up and ends its tolerance ofunethical behaviour, bribery and corruption. Managements of companies have not only to actethically but also to intensify their efforts to protect their companies from fraud. They shoulddevelop pro-active risk management mechanisms that can anticipate, prevent, understand,detect and respond to fraud.This report highlights the urgent need for action from managements of companies againstfraud. Even a strong regulatory system cannot always prevent fraud. The key lies inmanagement decisions and recommendations to establish formal control systems that canhelp prevent or at least deal with fraud. I am hopeful that this survey will not only enhanceawareness but also persuade corporates to move faster on the road to fraud prevention andrisk mitigation.M. Damodaran

Advisory Board Member Audit Committee InstituteKPMG in India

Amongst words that were often heard or read in the media during 2009 like credit crisis, and recession, fraud also featured prominently, especially in the Indian media.

Regulatory activities, the economic downturn of 2009 and recent corporate frauds have allcombined to impact the perceptions of fraud levels in India. Outsourcing, increase in the useof third parties and technology have combined to open up new avenues of frauds like ecrimeand Intellectual Property (IP) theft. These developments have intensified the debate onthe readiness of Indian companies to effectively deal with fraud and the importance thatcompanies assign to fraud risk management.The investor community and stakeholders now expect company boards and auditcommittees to take the onus of proactively monitoring their companies efforts to understand and mitigate fraud risks. Non-executive directors are expected to play a majorrole in challenging management on the adequacy of their fraud risk identification andmitigation plans.In such a scenario, it is useful to analyse the extant and extent of fraud and fraud riskmanagement practices in corporate India.KPMGs Forensic practice in India has been undertaking the India Fraud Survey once every two years since 1995 to provide India Inc. with insights into the degree of fraud awareness,nature of fraud risks, trends in fraudulent activities, and the required mitigation strategies.The survey questionnaire was published as an e-survey in Jan 2010 and sent out to close to1000 leading organisations in India. The survey respondents include Chairman/ ManagingDirectors, Chief Financial Officers, Heads of Internal Audit and Compliance, Fraud RiskManagers and other senior management personnel across various industry segments.We take this opportunity to express our gratitude to the people and organisations who tooktime to respond to the survey. The report and its findings would have been unaccomplishedwithout the support of the respondents and all of those who made this survey possible.We hope that you will find this survey insightful.Richard RekhyHead of AdvisoryKPMG in IndiaDeepankar SanwalkaHead of Forensic Services


2/33

KPMG in IndiaThere is a rise in the incidence of fraud ineffective control systems anddiminishing ethical values are key contributors to this trend

An overwhelming majority of the respondents indicated that the incidence of fraud, overall andspecifically within their industry and company, is rising thereby indicating that India Inc needsto deal with fraud risks firmly. Supply chain fraud (procurement, distribution and revenueleakage) is the single most exposed area. Weak internal control systems, eroding ethicalvalues and a reluctance on the part of the line managers to take decisive action against the

perpetrators are cited as the most vital underlying reasons for frauds being on the rise.

75 %Fraud in corporate India ison the rise.

54 %Fraud is on the rise withintheir industry.

45 %Fraud (suspected andactual) has increased withintheir organisations.Stakeholders view financial statement frauds as one of the major concerns in IndiaStakeholders in India continue to perceive financial statement fraud as a major area ofconcern. A desire to achieve / exceed targets and earnings of senior executives linked tofinancial performance are the reasons for senior management involvement in such frauds.Ineffective whistle-blowing systems, lack of objective and independent internal auditfunctions with forensic skills, inadequate oversight of senior management activities by theaudit committee and weak regulatory environment are the reasons for growing worries inrespect of financial statement fraud.

81 %Financial statement fraud isa major issue.

63 %Desire to meet / exceedmarket expectations the mostsignificant reason to commitfinancial statement fraud.

62 %Disagree that strictdisciplinary actions areimposed for cases involvingfinancial statement fraud.

41 %Do not have a formal fraudrisk managementframework.

60 %Usage of technology tools indetecting trends and anomaliesin data is average to poor.


3/33

58 %Data analytics are either notused or only partially used.Fraud risk management is not prevalent in India Inc.Indian companies have a reactive approach to dealing with fraud. Even amongst those that

do undertake a fraud risk assessment, the focus is more on financial frauds rather than aholistic assessment. The usage of data analysis tools to analyse critical patterns and trendsin data and understanding scenarios of potential fraud which should be inter-woven into thefraud risk assessment process is still work in progress. Respondents suggest that a fraudrisk management program should be a shared responsibility across the company board,senior management, internal audit and risk functions.

Executive Summary

47 %Frauds are unearthed byinternal audits.

35 %Legal action initiatedagainst the fraudster.The enemy within continues to pose the biggest threatCommitting frauds is not confined to a select few, both junior and senior employees areperpetrators of frauds. The quantum of fraud in value terms is also increasing. The encouragingsign is that fraud detection mechanisms have improved with a majority of the frauds beingdetected through internal audits and whistle-blower mechanisms rather than by accident (asindicated in our 2008 Fraud Survey). However, the incidence of legal action against fraudsters islow with a majority of the frauds being investigated and dealt with internally.Bribery and corruption continue to remain a challenge in conducting businessBribery and corruption is viewed as an inevitable aspect of doing business in India. Briberyand corruption are most rampant in seeking routine regulatory approvals and to win newbusiness from prospective clients. Despite the presence of anti-corruption laws, weakregulatory enforcement has contributed to the current impasse. With Indian companiesgoing global, we see an increasing trend of Indian companies pro-actively taking measures

to adhere to international anti-bribery laws/ regulations (e.g.: Foreign Corrupt Practices Act)and strengthening their code of business ethics at the board and senior management levelsto regulate dealings with external stakeholders.

38 %Bribery an integral featureof industry practices.

37 %Bribes are mostly paid toget routine administrativeapprovals from Government.

56 %Tone at the top critical tocombat bribery andcorruption.Intellectual Property, computer-related fraud, bribery and corruption andsupply chain fraud are going to be the risk areas in coming yearsWhilst supply chain and bribery and corruption will continue to dominate the fraud horizon,Intellectual Property and e-crime are emerging as the new dimensions and organisations inIndia seem ill equipped to fight these threats. Strong enforcement of Intellectual Propertyand anti piracy laws, the right to audit within third party contractual arrangements, vendor


4/33

compliance / performance reviews and technology preparedness through documentmanagement and retrieval systems are important focus areas if organisations have tosuccessfully counter these new types of fraud threats.

53 %e-commerce and computerrelated fraud are thebiggest threats goingforward.

62 %IP laws are poorly enforced.

75 % All fraudulent activities,except Intellectual Property(IP) fraud were perpetratedby employees.

Perception of fraud in India 010915253637Feeling the pain: Fraud experience in organisationsGetting the house in order: Fighting the menaceShades of things to comeConclusionProfile of respondentsNature and perpetrators of fraud 09Value of frauds 12Fraud detection and response 12Strengthening corporate governance 15Fraud risk management 18Bribery and corruption 25Intellectual Property fraud 29E-crime 31Supply chain fraud 32

Table of contentsFraud is on the rise 01Financial statement fraud continues to be a major concern 02Processes vulnerable to fraud 05Factors contributing to an increase in frauds 05

Perception of fraud in IndiaVolatile economic conditions coupled with increasing business and technologicalcomplexities have led to increased opportunities for fraud. Organisations have toconstantly deal with fraud and compliance challenges in todays business environment.


5/33

Not surprisingly, a majority of the survey respondents perceive an increase in the leveloffraud in India, in general, and also within their industry.Fraud is on the riseSeventy five percent of the respondentsbelieve that fraud incidences in India have

increased in the last two years, however,only 54 percent believe that fraudincidences have increased in their industry.Further, 45 percent of the respondentsbelieve that fraudulent activities haveincreased in their organisation, againsuggesting a rising trend in white-collarcrime.

An industry-wise analysis of responsesreveals that respondents from FinancialServices and Consumer Markets industrysegments perceive the level of fraudulentactivities to be significantly high in India andtheir respective industry.

75%

fraud incidences in Indiahave increased in the lasttwo yearsFraud perception in industryFraud perception in India100%50%0% 50% 100%CMFSRE & InfraICEIMOthersFigure 1: Perceptions of fraudSource: KPMG in Indias Fraud Survey 2010 FS - Financial ServicesBreakup of these industry segments is given in the profile of the respondents

IM - Industrial MarketsCM - Consumer Markets RE - Real Estate and InfrastructureICE - Information, Communication and EntertainmentIndi a Fr aud Sur vey Repor t 2010 02

Financial statement fraudcontinues to be a majorconcernConsidering the current economicenvironment, 81 percent of the respondentsperceive financial statement fraud as amajor issue in India. Over 60 percent of therespondents believe that enforcement ofregulations and regulatory environment areinadequate in dealing with financialstatement fraud.In a recessionary environment, cost reduction initiatives increase the potential for internalcontrol breakdowns and frauds, especially financial statement fraud. Therefore, withemerging signs of economic recovery, it becomes imperative for companies to re-evaluatetheir cost reduction initiatives. Companies should consider whether the cost reductioninitiatives will stand the test of time, especially, once the economy turns back to growth.34%8%19%57%19%20%26%62%5%


6/33

55%50%46%11%0%12%12%14%4%10%10%5% 9%4%3%8%I have faith in my organisations internal controls indetecting Fraudulent Financial ReportingThere is a timely redressal of regulatory violationsinvolving Fraudulent Financial ReportingStrict disciplinary actions are imposed for casesinvolving Fraudulent Financial ReportingRegulations in India are effective in deterringFraudulent Financial ReportingFinancial Statement Fraud is a major issue in IndiaStrongly Agree Agree Disagree Strongly Disagree Not SureFigure 2: Perceptions of financial statement fraudSource: KPMG in Indias F raud Survey 2010Forms of financial statement fraudTypically, financial statement frauds take the

form of manipulation of critical accountssuch as revenue, capital expenses etc.Advance revenue recognition and Unrecorded/ concealed liabilities and expenses are the most common forms of financial statement fraud (42 percent each).Figure 3: Common forms of financial statement manipulations (multiple choice)Source: KPMG in Indias Fraud Survey 2010 42%29%32%26%42%19%19%24%25%4%16%

Advance revenue recognition (from a futurefinancial period)Creating fictitious revenueDeferring expenses (to a future financial period)Capitalizing operating expensesUnrecorded / concealed liabilities and expensesReclassifying or overvaluing assetsInadequate / inappropriate omissions or disclosuresFailure to provide for bad or doubtful debtsInconsistent application of accounting policies / standardsUse of offshore entitiesRelated party transactions to shift profits / lossesIt is more harmful than any financialmisappropriation when the head honcho manipulatesorganisational objectives on a continuous basis to suitpersonal agendas and beliefs. President of a Publishing HouseContributing factors

As for the motive of resorting to theaforementioned forms of manipulation,63 percent respondents indicate pursuitof meeting market expectations and 61percent respondents indicateperformance based remuneration as themain reasons. Further, 66 percentrespondents identify managementoverride of controls as a key factor thatfacilitates the occurrence of financialstatement fraud.25%


7/33

63%22%37%35%Performance based 61%remunerationRaise finance or meetdebt covenantsEvade taxationContinuation ofemploymentMeet marketexpectationsDiversion of fundsInadequate monitoring by the Board / 48%

Audit committee56%Inadequate whistle-blower mechanisms orWeak/inadequate internal controlsManagement override of controls 66%Not really seen as a fraud 37%40%Lack of independent audit functions(both internal and external)Figure 4: Reasons behind financial statement fraud (multiple choice) Figure 5: Factors facilitating financial statement fraud (multiplechoice)Source: KPMG in Indias Fraud Survey 2010 03 Indi a Fr aud Sur vey Repor t 2010

Reasons for financial statement fraud

63 %pursuit of meeting marketexpectations

61 %performance basedremuneration

K P M G I N S I G H T

Combating financialstatement fraudDrivers, risk areas and red flagsFrom our experience on variousengagements related to financial statementfraud, the following key issues haveemerged:? Financial statement fraud is oftenorchestrated by senior management andusually involves a group rather than anindividual. Motivation at this level can bevaried, and is usually more complex thansimply financial gain, it could includeanything from pressures to reportfavourable results or enhance share price value to enhancing performancebased incentives.? Experience gained by KPMG Forensicthrough assisting clients, as well as ourobservation of other reported events hastaught us that certain items within thefinancial statements are especially proneto manipulation. These, together withthe forms that the manipulation cantake, are illustrated in the Figure below.

The damages caused byaccounts manipulation can


8/33

be severe and invariablyspread far wider than theorganisation concerned.The Satyam case last yearsharply brought into focus

the impact that a financialstatement fraud can inflicton a company and itsstakeholders.? An alarming increase in the use offalsified documentation to give asemblance of legitimacy to fraudulenttransactions has been observed.Perpetration of fraud in this mannermakes detection immensely difficultduring regular audits or managementreviews, unless these are focussedforensic reviews.Warning signs are usually present in thefinancial information of a subsidiary, division,

joint venture or a group, and can sometimesbe woefully evident on hindsight. While theprecise signs are dependent on the sectoror industry in which the organisationoperates, some generic indicators include:? items within the profit and loss accountare based on judgment rather than harddata.;? high levels of manual journals andaccruals without automatic adjustment;? Unusual fluctuations in sales or forwardpurchase orders, particularly around theyear end;? reported results are consistently in linewith the budget; and? Profits do not appear to be convertedinto cash, etc.

Though there is more interest andawareness around financial statement fraudamongst audit committees and companymanagements, there are deficiencies ininstituting appropriate prevention, detectionand response mechanisms. Going forward,we do expect lot many companies toproactively use and invest in technology,institute focussed fraud risk managementexercises and encourage transparency ininternal and external financial reporting toeffectively respond to the growing menaceof financial statement fraud.Indi a Fr aud Sur vey Repor t 2010 04Discount/undisclosedbenefitsMisrepresent creditstatusBad debt under/overprovisionFalse sales/debtors

Advance billingManipulating depreciationperiods for fixed assetsJoint ventures withconnected partiesTransfer at other thanmarket valueReports inconsistent withaccount recordsSuspendeditems Pledging assets Teeming & l adingMisuse of groupcash flows Manipulation of


9/33

time periodFalsequantity/qualityStandard costmanipulationMisvalueFalse statusRebates/chargesmanipulationHidden contractterms

Misrecordingcapital/revenueFalse capitalisationof costsDelaying/advancingpaymentsUnder/overaccrualFalse consultingcontractsFalseclaimsTransferpricingReturnsSalesOthersCash StockPurchases AccountsmanipulationCommon forms of accounts manipulation

Processes vulnerable to fraudOur survey results indicate Procurement and Sales and Distribution to be the most vulnerable processes across industries. Notably, 57 percent of the respondents from realestate and government industry segment rate Procurement as high risk while 44 percent of the respondents from consumer markets industry segment rate sales and distribution as high. Interestingly, respondents perceive lower levels of risk in Finance and Payments, Treasury and Administration functions. Figure 6: Processes perceived as most vulnerable to fraud risks (multiple choice)Source: KPMG in Indias Fraud Survey 2010

Factors contributing to anincrease in frauds

An effective control framework is essentialto help minimise the risk of fraud. In fact,survey respondents indicate weaknesses inthe control framework as a major factor forthe occurrence of fraud.Similar to our 2008 Fraud survey, 63 percentidentify inadequate internal controls/compliance program as a key contributingfactor. Additionally, a combination ofdiminishing ethical values (48 percent) and afailure on the part of line managers /departmental heads to act against deviations(40 percent) from established policies andprocesses were cited as reasons for theincrease in instances of fraud.

63 %Inadequate internal controls/compliance program is a keycontributing factor to increasein frauds05Sales & Distribution Procurement Inventory Finance / Payments Treasury AdministrationConsumer Markets Information, Communication & Entertainment Real Estate & Infrastructure Financial Services Industrial Markets44%24%29%57%21%29%0% 0%36%15%33%44%


10/33

24%30%16%39%4% 3%28%9%12%8%6%3%

22%12% 11%12% 11%12%Figure 7: Factors contributing to an increase in fraud (multiple choice)Source: KPMG in Indias Fraud Survey 2010 40%Failure on the part of line managers/departmental heads to actagainst deviations from established policies and proceduresDifficult economic scenario 11%Inadequate internal controls or compliance programme 63%Diminishing ethical values 48%Inadequate oversight by the Board/Audit Committee 10%28%Lack of proper framework for monitoring and enforcingcompliance of the companys code of conduct Inadequate redressal of reported fraud cases 13%Inadequate background checks on employees and vendors 27%21%Inadequate utilisation of technology tools available toidentify red flags

Senior management override of controls 15%At times, operating management may interpretred flags differently or ignorethem completely Head of Internal Audit of a largeconglomerateIndi a Fr aud Sur vey Repor t 2010 06

Why internal controls failto prevent frauds?Internal controls that address fraud risk could reside across ? Failure to implement early warning indicators or continuousdifferent layers of the organisations hierarchy, making it important monitoring processes i.e. through usage of data analysi s toolsto ensure that there is proper alignment between multiple levels. to identify trends and inconsistencies in data sets, which canprovide a holistic evaluation of the control deficiencies, theTypically, from our experience, the following are some of the key underlying root causes and their potential impact.reasons for ineffectiveness of internal controls:? The lack of periodic assessment of the effectiveness of? The lack of clarity in assigning ownership for internal controls supervisory controls (i.e. controls that monitor the operationfor instance compliance teams becoming responsible for of other controls such as an effective internal audit function) tofinancial controls result in control responsibilities not being minimise the potential for management override of controls.embedded within the business.Companies where the internal audit reports functionally to the? Inadequate oversight of the control environment in times of audit committee and not to the CEO/ CFO have stronger antichangeand lack of alignment of the organisational roles to the fraud monitoring mechanisms. In these organisations, the auditconfiguration of roles (IT rights) within the IT systems. For committee plays a key role in explicitly approving the audit pl aninstance, in implementing IT systems, certain individuals are including the scope, coverage, skill sets and tools used to auditassigned super user rights in the initial part of the fraud risk areas and the results of these assessments.implementation and these rights are not appropriatelymonitored/ revoked post implementation.

K P M G I N S I G H T07 Indi a Fr aud Sur vey Repor t 2010Indi a Fr aud Sur vey Repor t 2010 08

Feeling the pain: Fraud experience in organisationsThe threat of fraud looms large, no matter the size of the company. The value, type andfrequency of fraud vary based on several factors such as the effectiveness of internalcontrols, the degree to which responsibilities are devolved and complexity of automatedsystems and processes. However, whatever be the type of fraud, internal parties(management and non management employees) tend to have a higher propensity to


11/33

commit fraudulent activities than external parties (customer, vendor or businessassociate).Nature and perpetrators offraud

As indicated previously, 45 percent of therespondents indicate that they have

experienced fraud in their organisation overthe last two years. Majority of therespondents have experienced theft offunds/ goods and bribery and corruption(including kickbacks). Specifically, while 73percent of the respondents indicate thatthey have experienced diversion/ theft offunds/ goods (through false invoicing, falseclaims, and pilferage), 57 percent indicatethat they have experienced bribery andcorruption related fraud. Among other typesof fraud, e-commerce and computer-relatedfraud was experienced by 23 percent of the

respondents. 73 %Have experienced diversion/ theftof funds/ goods as the mostcommon fraud in their organisationFigure 8 a: Types of fraud experienced by respondents (multiple choice)Source: KPMG in Indias Fraud Survey 2010 Bribery & corruption (including kickbacks) 57%Diversion/theft of funds or goods (through 73%false invoicing, false claims, pilferage)e-Commerce & computer related fraud 23%Regulatory non-compliance 22%Financial statement fraud 18%16%Intellectual Property fraud(counterfeiting, piracy)Corporate espionage 14%Money laundering 9%Others (please specify) 15%

A profiling of the fraud perpetrators in therespondent organisations reveals that over75 percent of all fraudulent activities, exceptIntellectual Property (IP) fraud wereperpetrated by employees, reaffirming thatthe Enemy within poses the highest risk. External parties such as customers, vendorsand business associates are perceived topose the highest risk in areas such as ecommerceand computer-related fraud,bribery and corruption and IP fraud.Further, among employees, nonmanagementemployees are perceived topose higher risks than managementemployees. Over 50 percent of therespondents indicate that non-managementemployees were involved in most of thefraudulent activities. However, financial

statement fraud and regulatory noncomplianceare typically attributed to themanagement cadre.Ethics and Values need to be driven strongly with appropriate rewardsand recognition Head of Compliance of a leading IT firmSource: KPMG in Indias Fraud Survey 2010 Figure 8 b: Key fraud perpetrators (multiple choice)Indi a Fr aud Sur vey Repor t 2010 10Management employees (Sr Managers & above)Intellectual PropertyFraud (counterfeiting,


12/33

piracy)8%50%42%25%17%Corporate espionage60%20%10%30%

Financialstatementfraud46%23%8%31%Moneylaundering29%57%14%14%Regulatorynon-compliance38%13%13%44%e-Commerce &computer related

fraud18%65%29%24%18%Bribery & Corruption(including kickbacks)69%21%43%19%26%Diversion/theft of fundsor goods (through falseinvoicing, false claims,pilferage)22%69%15%30%11%Non management employees (Managers & below) External parties:CustomerExternal Parties: Vendor/Agent External Parties: Business AssociateThere is an increasing trend of the customer, outside elements and bank staff colluding together tocommit frauds resulting in investigation of frauds allthe more difficult without the help of enforcementauthorities Senior Vice President Compliance of an Indian Bank0% 0% 0% 0%


'Enemy within' Why employees are oneof the key perpetrators of frauds?Why an employee commits a fraud? Why it does not get noticed?

An employee often commits fraud Often when it comes to fraud,because of four key reasons, namely, organisations are in denial and critical redgreed, financial stress, dissatisfaction with flags may be ignored on the pretext thatthe employer/managers or just to these are isolated instances. Also, ethicalexperience the thrill of surpassing critical employees ideally should have nothing tocontrols. fear from whistle-blowing. However, inreality, whistle-blowing is not alwaysFor instance, in a case investigated by us, perceived to be an independent andan employee having an authority to issue painless/undemanding mechanism. Theinternational money card for employees whistle-blower may feel insecure andtraveling abroad, outstripped the controls, choose to remain silent, especially incamouflaged the documentations, cases where a senior member of the


13/33

authorised international money card in the organisation or a known member isname of multiple employees and involved in fraudulent activities. Despitetransferred funds from such cards to his the efforts of organisations in establishingpersonal bank account. the ethical culture within, the social barrieris a phenomenon that needs to beHowever, the employee had not utilised addressed. Moreover, as employees arethe money transferred to his account. the part of system it is easier for them toDuring an enquiry, he revealed that he camouflage the fraud.

enjoyed the thrill of breaking the controls.What are common red flags/Why is it easier for an employee to indicators of an employees commit fraud? involvement in fraudulent activities?

An employee by virtue of his/her position The common warning signs that mayis aware of the processes and internal indicate potential fraud by an employeecontrols within the organisation. Therefore, are marked by:it becomes easier for him to circumvent ?personality changescontrols. For instance, an employee in the? late working hoursprocurement department was well awareof the process that required him to obtain ? reluctance to take leavea minimum of three quotations for any ?sudden change in lifestylepurchases. He, in connivance with a ?cuts corners or bends rulesvendor created two fake quotations and? does not produce supportivepassed the procurement transaction atdocuments etc.more than reasonable rate to the vendorfor kickbacks.In our view, undisclosed conflict of interestwith vendors/ suppliers/ contractors, isone of the key frauds committed byemployees.

Employee fraud is notuncommon these days. Thetrend from the survey reportclearly depicts thatemployees have causedsignificant damage to theorganisations by committingfraud. At this juncture weneed to understand fourcritical aspects relating toemployee fraud.11 Indi a Fr aud Sur vey Repor t 2010

Value of fraudsThe perception of India Inc that fraudulentactivities are on the rise in India in last twoyears is not unfounded. The survey resultsindicate that the quantum of frauds hasincreased manifold over our 2008 Fraudsurvey. 87 percent of survey respondentsstate that their organisation had incurredfraud losses of more than INR 1 million asagainst 47 percent in our last survey.13%29% 48%10%< INR 1 mn INR 1 - 10 mn INR 10 - 100 mn > INR 100 mnFigure 9: Value of fraudSource: KPMG in Indias Fraud Survey 2010

Fraud detection and responseIn the past, our surveys have revealed thatmost of the fraudulent activities weredetected by accident. With the change in the


14/33

corporate culture and organisational controlframework, we believe that the trend indetection of frauds has changed for thebetter. True to this belief, 47 percentindicated that fraud incidents in theirorganisation were detected through internalaudit. Further, 26 percent indicate whistleblowermechanism as a means for detecting

fraud, and 38 percent indicating anonymouscalls/ letters.Figure 10: Mode of fraud detection (multiple choice)Source: KPMG in Indias Fraud Survey 2010 26%47%5%38%24%21%13%27%Whistle-blower hotlineInternal auditStatutory audit

Anonymous call / letterBy accidentData analytics (trends)IT controls

Others (please specify)

87 %fraud losses more than INR 1millionIndi a Fr aud Sur vey Repor t 2010 12Others include: vendor complaints, background verification, etc.The detection mechanism reflects the Majority of the survey respondentsorganisations fraud control mechanism, indicate that upon detection, their ethics, culture and tolerance to fraud. An companies respond by initiating aneffective framework to detect fraud internal investigation and disciplinaryinvolves an independent and empowered action. Specifically, 81 percent of theinternal audit and risk functions and a well respondent organisations initiated anpublicised and documented whistle- internal investigation and 68 percentblower mechanism. Once fraud is initiated disciplinary action against the

detected, organisations should respond perpetrators. However, only 35 percentappropriately and initiate remedial action respondent organisations initiated legalto undo the damage, to the extent actions against the fraudsters. Typically,possible. companies refrain from taking legal actionand prefer separating the fraudsters(employees and external parties).Only 35% of the respondents initiatedlegal action against the fraudster Action taken by organisations greatlydepends upon their outlook and tolerancetowards fraud as well as their appetite todeal with law enforcement and legalchannels.Indi a Fr 13 aud Sur vey Repor t 2010Figure 11: Corrective action steps adopted (multiple choice)Source: KPMG in Indias Fraud Survey 201010%25%6%56%68%29%35%The fraud was investigated internally 81%

An external agency was hired to investigate the fraudWrongdoers were disciplined fairly regardless ofposition/appropriate disciplinary actiontaken against the vendorImplemented new or changed existing controlsLegal action taken against the fraudsterVoluntary disclosure of the details on the unearthedfraud and the ensuing investigation to concerned


15/33

regulatory authorityCommunicating details on the unearthed fraud &manage ments corrective action to a wider employee population No action takenIndi a Fr aud Sur vey Repor t 2010 14

Getting the house in order: Fighting the menaceThe key to preventing fraud is to understand the ways in which it can affect a company,and introduce controls to recognise and prevent it from occurring. Strong governancepractices and a structured Fraud risk management process assists organisations inidentifying and addressing potential fraud risks that could have a major impact on thecompany. Proactive detection and mitigation of the fraud risks inherent to businessprocesses are integral components of an effective Fraud risk management program.Strengthening corporategovernanceCompanies should create a broad programthat manages and integrates fraudprevention, detection and response efforts.Responsibilities of managing such a programshould be shared across the companyboard, senior management, internal audit

and risk functions.The company board along with the auditcommittee constitutes a critical componentof the companys fraud risk management program. An independent and empoweredboard/audit committee goes a long way instrengthening the fraud risk managementframework.In response to a question on boardindependence, an overwhelming 95 percentof the respondents indicate that they arereasonably sure of the independence oftheir board of directors. Further, 92 percentindicate that their board/audit committeereviews and discusses issues raised duringthe organisations fraud an d misconduct riskassessment. Additionally, 86 percentindicate that their board/audit committeereviews and discusses with internal andexternal auditors the quality of theorganisations antifraud programs and controls.On the issue of whistle-blower mechanism,77 percent of the respondents indicate thattheir board/audit committee reviews thefunctioning of this mechanism or a similarmechanism.Typically, respondents segregate Fraud riskmanagement responsibilities as follows:? Prevention: The responsibility ofprevention is primarily with the board,along with C suite officers. ? Detection: The responsibility of detection

is primarily with internal auditors and therisk and compliance head.? Investigation: The responsibility ofinvestigation is with internal auditors andrisk and compliance head.*Degree of responsibility depicted by Harvey Balls based on score: 95 -100: 1; 75-94: ; 50-74: ; 25-49:; < 25: 0. Score indicates the percentage of survey respondents highlighting degree of responsibility forfraud risk management across various levels.Prevention* Detection* Investigation*Board 4 0 0

Audit Committee 2 1 1

CEO/Managing Director 3 1 0


16/33

Chief Financial Officer 2 2 1

Risk & Compliance Head 2 2 2

Chief Security Officer 1 2 2

Internal Auditors 1 3 2

External Auditors 0 2 1Figure 12: Responsibility on Fraud risk managementSource: KPMG in Indias Fraud Survey 2010

A well defined ethics policy, open channels of communication and strong internal control systemsare important to minimise fraud in an organisation. Vineet Kapur - Chief Financial Office, Carrier IndiaIndi a Fr aud Sur vey Repor t 2010 16


Strengthening corporate governance tocombat fraud effectively A three prongedstrategy adopted by leading organisationsEnhance the effectiveness of theaudit committee? Explicitly review and approve the suspected instances of fraudappointment of auditors and the including the adequacy of theaudit plans for adequacy of scope, reporting process.coverage and performance.Establish an objective and? Proactively monitor major financial independent internal audit functiontransactions, choice of accounting? Establish reporting lines of thepolicies and compensation policiesChief Internal Auditor to the Auditincluding coordination with otherCommittee and not management.board committees.? Help ensure that internal audit? Conduct in camera executive teams undertake process reviewssessions with internal and externalof key strategic projects / newauditors separately without theoperations to identify controlmanagement being present.weaknesses / fraud risks.? Review and approve anti fraud? Help ensure that as far asprograms and controls.practicable financial/ operational? Scrutinise related-party and IT audits are seamlesslytransactions closely including combined so as to help ensureseeking independent advice from that the IT implications ofexperts. operational controls are

appropriately assessed.Establish an effective anti-fraud? Help ensure that internal auditprogram undertakes ethical audits to? Putting in place a formal program assess the importance given tofor identification, assessment and ethics and how ethical violationsmonitoring of fraud risk areas. are dealt with.? Review of the internal and external ? Review the skill sets presentaudit assurance plans to assess within internal audit to effectivelyhow they address fraud risk areas. audit fraud risk areas (knowledgeof the business, forensic skill sets,


17/33

? Review the organisations tools seniority within the organisationand techniques to combat fraudand ability to leverage technology).(data analytics, key performanceindicators, segregation of duties).? Review the organisations

approach to investigate fraud and17 Indi a Fr aud Sur vey Repor t 2010Fraud risk managementForty one percent of the respondentsindicate that their organisations do not havea formal Fraud risk management framework.Perhaps because of the buoyant regionaleconomies, management of fraud risk wasnot hitherto at the top of the agenda. Theincrease in frauds and adverse reputationconsequences that come in its wake makesit imperative that organisations adopt a proactiveapproach to fraud risk management.Though the respondents perceived that theirorganisations had effective board oversightof fraud risks, it has to be considered in lightof the fact that only 59 percent of therespondent organisations undertake a formalfraud risk assessment exercise.Figure 13: Fraud risk management framework in organisationsSource: KPMG in Indias Fraud Survey 2010

41 %do not have a formal fraudrisk management framework41% 59%Yes NoIndi a Fr aud Sur vey Repor t 2010 18


Fraud risk managementWhy is fraud risk managementessential?? Many organisations are geared to committing fraud. This highlightsdeal with fraud in a reactive the importance of appropriatemanner, in that they are not aware corrective action and the way inof the various ways in which fraud which it could greatly reducecan occur. These companies fail to future fraud risks.understand that the price theymay have to pay for a fraud is Fraud risk management: A broadsignificantlyhigher than the cost based approachof a robust anti-fraud mechanism An effective, business-driven fraudand misconduct risk management? Often, the tsunami of fraud, leadsapproach is one that is focused on

to significant loss of marketthree objectives:capitalisation, loss of a talent poolbuilt and nurtured over years, loss ? Prevention: controls designed toof clients gained and grown over reduce the risk of fraud anddecades, and in some instances, misconduct from occurring in thealso threatens the very existence first placeof the organisation? Detection: controls designed to? Many fraudsters always test the discover fraud and misconductcontrols framework with when it occurs


18/33

insignificant values and basic fraud? Response: controls designed toschemes to start with, to see iftake corrective action and remedytheir frauds are detected, beforethe harm caused by fraud orthey move on to larger values and

misconductmore sophisticated schemes of A comprehensiveassessment of fraud risks,is essential for themanagement to gainknowledge on critical riskfactors and deployappropriate controls toavoid losses.19 Indi a Fr aud Sur vey Repor t 201043% 7% 18%62% 5% 4%

50% 5% 13%52% 7% 23%42% 9% 20%52% 13% 18%36% 11% 37%59% 20% 8% 13%41% 17% 27%29%32%29%32%18%29%17%16%15%14% 9% 48%Mitigating factors adopted by companiesWhile establishing controls to assist intimely detection of fraudulent activities andtaking corrective action is essential, it isequally important for companies to establishcontrols to reduce the risk of fraud andprevent it from occurring in the first place.Over 70 percent of the respondents haveimplemented or plan to implement criticalfraud prevention controls such as processspecific fraud controls, employeebackground checks, vendor/ customer/senior management due diligence andestablishing internal whistle-blowermechanism.It is pertinent to note that over 50 percent ofthe respondents have implemented / areplanning to implement additional controlslike external whistle-blower mechanism andsetting up dedicated fraud investigation unit.

70 %of the respondents haveimplemented or plan toimplement critical fraudprevention controlsFigure 14: Status of implementation of various control measures by respondents (multiple choice)Source: KPMG in Indias Fraud Survey 2010 Establish a framework to monitor and


19/33

ensure co mpliance of the companys Code of Conduct / Code of EthicsIntroduce process-specific fraud controlsEmployee background checkDue diligence of Senior Managementand Board MembersImplement a whistle-blower mechanism/fraudreporting hotline (INTERNAL)Implement a whistle-blower mechanism/fraudreporting hotline (EXTERNAL)Conduct fraud awareness trainingsSet up a dedicated/separatefraud investigation unitVendor due diligenceCustomer due diligenceImplemented Partially implemented Plan to implement in the next 6 to 12 months OthersOthers include: "Not important hence not implemented" and "Important but delayed by practical difficulties"Indi a Fr aud Sur vey Repor t 2010 20

K P M G I N S I G H TIn operationalising the code ofbusiness ethics, organisations arechallenged largely due to thefollowing:? The organisations reward system Monitoring compliance with theis mis-aligned to its core values. code of conduct There is aWhen it comes to performance perception amongst many that theevalua tion, achievement of hard code of conduct is a soft issue and targets gains precedence over incapable of being audited. Leading ethical conduct. organisations with diversifiedoperations are however prepared to? As companies pursue newer challenge this line of thought bymarkets to take advantage of undertaking ethical audits. The ethicalgrowth opportunities, cultural gaps audits typically focus on:and differences in businesspractices emerge which become ? Areas where staff is not gettingdifficult to overcome. enough training on the meaning ofthe code.? The culture does not allow thediscussion of difficult, ? Areas where senior / executivecontroversial or sensitive matters management is turning a blind eyewith the senior management and to suspected/ actual ethicalthe board. breaches because of performance/ results pressures, i.e. super-? Information received by the board performers, are tolerated.on whistle-blowing incidents iscensored by the management and ? Reflect on whether seniorperhaps far away from the truth. executives and businessmanagers value the work ofIn our experience of working with internal auditing.organisations, there are two broad? Survey if evidence on stafffocus areas:attitudes about the importance ofCommunicating the code of conduct control and compliance flags a

Organisations need to continually disconnect between what the

communicate the code of conduct leadership is saying and what isthrough a variety of means actually happening.encompassing training on the code ofethics within employee induction ?Monitor whether there are anyprograms, ethical dilemma workshops trends in the issues employeesand annual self compliance are raising.mechanisms.

Code of conduct compliance21 Indi a Fr aud Sur vey Repor t 2010Proactive data analytics


20/33

Compared to the 2008 Fraud survey inwhich only 27 percent of the respondentorganisations had adopted proactive dataanalytics for analysing e- data, this years survey indicates:? Over 42 percent have implementedproactive data analytics in variousstreams in the organisation

? Over 22 percent have partiallyimplemented data analytics in variousstreams in the organisationLeveraging technology can help strengthen corporate governance, facilitate theimplementation of more effective and focused internal controls, reduce potential futurelosses, and help identify recoverable actual losses. 60 percent respondents believe that thecurrent technology tools in detection of anomalies and identification of red flags or earlywarning signals are average to poor.Technology is the best bet to drive- in transparency Vice President Finance of a l eadingHealthcare OrganisationFigure 15: Status of implementation of proactive data analytics (multiple choice)Source: KPMG in Indias Fraud Survey 2010Others include: "Not important hence not implemented" and "Important but delayed by practical difficulties 55%42%49%

66%49%44%23%27%29%23%31%34%4%7%10%3%4%4%18%24%12%8%

16%18%Receivables and collectionsSales and distributionVendor and paymentsPayroll andre-imbursementsTime and physicalaccess controlsEmails and externalcommunicationsImplementedPartially implementedOthersPlan to implement in the next 6 to 12 monthsOver 42% of respondent organisationshave implemented proactive dataanalytics in various streams in theorganisationIndi a Fr aud Sur vey Repor t 2010 22Figure 16: Current technology tools in detection of anomaliesSource: KPMG in Indias Fraud Survey 2010 40%2%51%7%

AverageGoodNon-existentPoor


21/33

K P M G I N S I G H THowever, organisations considering allocation of adequate resourcesimplementing data analytics to to get the data into format readyprevent and detect fraud have to for analysis is important.overcome the following key? Definition of an anomaly: Fraud, bychallenges:nature, is constantly evolving and? Lack of skilled resources: Skilled hence there is a need to Resources does not just mean constantly update known fraud well-trained tool-experts. Skills in scenarios, expertly monitor dataunderstanding various analytical analysis scenarios and then aligntechniques that are available and them to business operations.applying them for detecting fraudrequires a combination of ? False positives: False-positives arebusiness understanding, data a serious issue in any fraudunderstanding and adequate detection system. As falsetraining on use of analytical positives consume a lot of timesoftware. Organisations have to and resources in resolving them,look at building skills in all the proactive data analysis has to beareas to get maximum mileage done to constantly suppress falsefrom software/hardware positives.investments made on AnalyticsProactive data analytics involves? Limited resources: Limited taking routinely collected unrelatedresources spread across various data sets and then conductingfunctions/activities limits the comparisons, summaries, andeffectiveness of data analyses in aggregations to detect anomaliesFraud Detection. Fraud detection known to be indicative of potentialshould be driven with disciplined fraud and misconduct. Key benefits ofdata analytics processes to data analytics among others include:address this challenge. ? Identification of hidden? Ability to evaluate the full relationships between people,transaction: Sampling data for organisations, and eventsfraud detection or suspicious ? A means to analyse suspiciousactivity detection is a wrong-start. transactionsHowever, the challenge to evaluatefull transactions is the volume of ? An ability to assess thedata and horse-power it requires effectiveness of internal controlsto crunch millions of transactions intended to prevent or detectbusinesses generate each year. fraudulent activities? The potential to continually? Different systems and differentdata formats: Growing number monitor fraud threats andand diversity of applications churn vulnerabilitiesdata in different formats. This data ? Analyse thousands of transactionsneeds to be integrated in a in less time, more efficiently andmeaningful way for proper cost effectively.analysis. Data integration takes alot of time. A robust plan and

Proactive data analyticsTechnology has creatednew ways for organisationsto respond to the challengeof preventing and detectingfraud and misconduct.Increasingly, companies areemploying analytical


22/33

techniques in their efforts.Most companies, today,prefer to be proactive in leveraging data analytics.This enables them to

highlight any red flags and/or potential fraudbefore the damage is doneto the organisation.Proactively analysing dataalso helps companies inidentifying controlweaknesses and fixing themupfront before theseweaknesses open thepossibility of a fraud or

misconduct.23 Indi a Fr aud Sur vey Repor t 2010Indi a Fr aud Sur vey Repor t 2010 24

Shades of things to comeSurvey respondents identify the following types of frauds as posing a higher risk in thecoming years:? Bribery and corruption (including kickbacks) (47 percent)? Intellectual Property fraud (counterfeiting, piracy) (34 percent)? E-commerce and computer related fraud (53 percent)? Supply chain fraud (procurement and sales and distribution) (50 percent)Bribery and corruptionCorruption is a serious offence, often not Contributing factors

appropriately recognised by many Obtaining routine administrativeorganisations. The World Bank has approvals from the Government orestimated that, globally, bribes paid each governmental agencies and attempts toyear amount to over USD 1 trillion. win or retain business emerge as theBribery and Corruption is on the risk key reasons for bribery and corruption inradar of Governments, regulators, law corporate India.enforcement agencies and businessesworldwide. With the increase in public Forty two percent of the respondentsscrutiny of multinational organisations, it indicate that bribery has come to beis pertinent for companies to adopt considered as an acceptable behaviour.essential controls to mitigate the risk of Further, 38 percent of the respondentscorruption. rationalise by indicating that bribery is anintegral feature of the practices in theirindustry. These figures indicate the extent towhich bribery and corruption has embeddeditself into the way of conducting business inIndia. Further, over 30 percent of therespondents believe that the inadequacies inthe regulatory and enforcement frameworkhave failed to curb bribery and corruption.

As indicated above, respondents highlight their operations across the globe.lack of effective regulatory framework, Primarily these laws suggest effectivespecifically weak law enforcement, as a policies and governance as a key measurefacilitator of corruption. Companies in to prevent bribery and corruption.India are increasingly expected to adhere However, compliance with theseto Indian - Prevention of Corruption Act, regulations is scarcely monitored.1988 and international anti-bribery laws/regulations (e.g. Foreign Corrupt Practices

Act (US), Anti bribery bill (UK), owing to


23/33

31%37%10%22%Bribery / Kickbacks to win or retain businessBribery to get routine administrative approvals from Government agenciesUnauthorised use of resourcesInfluence people in making/delivering a favourable treatment

Figure 17: Common forms of bribery Figure 18: Factors facilitating corruption (multiple choice)Source: KPMG in Indias Fraud Survey 2010 38%42%28%28%37%33%Inherent nature of thewhich your organisation operatesindustry inConsidered as acceptablebehaviourLack of awarenessamong employeesPoor internal policies /procedures / administrationLack of effective regulatory &compliance mechanism

Weak law enforcementCorporates and industry bodies should be aggressive advocates of clean businesspractices. Independent bodies should rategovernment agencies (like internationalratings of countries) against standardparameters. Chairman and Managing Director of a IT and DesignSolution companyIndi a Fr aud Sur vey Repor t 2010 26Knowledge of applicability of FCPADespite serious regulatory implications, 30percent of the respondents were not awareif their organisation was subject to FCPA.Prevention of corruption is as much aboutorganisational culture as it is about rules andcontrol systems. Although there is asignificant increase in awareness levelswhen compared to the earlier survey, it ispertinent to note that ignorance to complywith anti-corruption laws cannot protect theorganisation from being prosecuted.Corruption and bribery need to beaddressed at the entity level by the boardand senior management. Companies shoulddevelop and promote unequivocal policiesthat curb bribery and encourage disclosureof facilitation payments. The way in whichorganisations operate with their externalstakeholders (e.g. vendors, customers,regulators, tax authorities and minorityshareholders) often has a tremendousbearing on how the senior management andthe board are perceived internally by

employees.Figure 19: Applicability of FCPASource: KPMG in Indias Fraud Survey 2010 32%37%30%Yes, it is subject to US FCPA No, it is not subject to US FCPA Dont know

42 %bribery has come to beconsidered as an acceptable


24/33

behaviour

77 %India Inc. should adopt a zerotolerance approach to combat briberyand corruption, which includes legalaction against perpetratorsMeasures to combat corruptionSeventy seven percent survey respondents believe that India Inc. should adopt a zerotolerance approach to combat bribery and corruption, which includes legal action againstperpetrators. Further, 56 percent of the respondents believe that tone at the top is crucial inestablishing a corporate culture that discourages bribery.Figure 20: Measures to fight corruption in India (multiple choice)Source: KPMG in Indias Fraud Survey 2010 52%77%28%32%37%68%By improving the tone at the top 56%Stringent disciplinary proceduresRegular trainingsThird party due diligenceBribery & corruption reviews and due diligenceZero tolerance approach to bribery and corruption (liketaking legal actions against the perpetrator)Transparent disclosures about organisationalpolicies on bribery and corruptionZero tolerance to fraud, bribery and corruption is a key factor for a company'ssuccess. Sheila Sarkar, Global Internal Audit Head,Nokia Siemens Network27 Indi a Fr aud Sur vey Repor t 2010

Applicability of FCPA for companies inIndia and risks associated with facilitationpayments

Applicability of FCPA to companies in normally not intended to obtain or retainIndia business. These payments are normallyBroadly, FCPA is applicable to: demanded by junior public officials.? Companies listed in U.S includingWhile FCPA does not prohibit facilitationforeign companies or foreign affiliatespayments, Prevention of Corruption Act,that are listed on US stock exchanges1988 (PCA - Indian Anti-Corruption Law),(Issuer). prohibits such payments. However, in? Subsidiaries and joint ventures in practice the PCA has not been strictlywhich the issuer has significant share. enforced with respect to such payments.? Agents, business partners, Therefore facilitation payments have beencontractors of the issuer or foreign considered an acceptable way ofaffiliate or subsidiaries/ joint ventures conducting business in India. In the past,of the issuer. businesses would have rather paid bribesthan face bureaucratic delays.FCPA is becoming increasingly applicableto many companies in India. As more and However, the challenge which companiesmore Indian companies expand into have is being compliant while remainingforeign markets, it becomes imperative competitive in the marketplace.for these companies to gain a good Companies can meet these challenges byunderstanding of the regulatory establishing policies and trainingenvironment in these markets, specifically programs to ensure compliance with antiregulations around bribery and corruption. bribery and corruption laws. Suchprograms must include:FCPA primarily prohibits payment of ?a commitment from the top down


25/33

bribes to foreign officials (Government that bribery in any form will not beofficials including representatives of toleratedGovernment or Government owned? designation of a Compliance Officer toentities). The lack of awareness of foreignaddress questions and overseebribery and corruption regulations hasreviews and audits of company

been identified as a major reason in someproceduresrecent bribery and corruption relatedprosecutions. ? targeted training for those whointeract with public officials or theirBribery and facilitation payments are agents, managers and supervisors,interrelated as these refer to any and financial analystspayments made for influencing a person ?proper evaluation of vendors andto act favourably. agents, to ensure compliance withanti-bribery lawsFacilitation payments ?background checks of businesspartners to ensure legitimacyFacilitation payment is a form of pay offs Although these steps are not exhaustive,made to a public official to expedite or they serve as a reminder that compliancefacilitate routine governmental actions/ can be achieved once a commitment isapprovals. Facilitation payments are made to abide by anti-bribery laws.

K P M G I N S I G H TIndi a Fr aud Sur vey Repor t 2010 28Intellectual Property fraudIn todays knowledge intensive economy Maximum number of responde ntswhere innovation and technology are identified counterfeiting and parallelviewed as key differentiators, it is not supply chain as the most prevalent formsurprising to witness a dramatic increase of IP fraud. Companies in consumerin intangible assets, especially market segment and IT space sufferIntellectual Property, as a proportion of severely on this account and lose a largethe total assets. As the significance of amount of revenue on this account everyIntellectual Property increases, the year.accompanying risks, especially fraud risk,also dramatically increase.Key perpetratorsWhile 39 percent of the respondents identify competitors as a key perpetrator of IP fraud,28 percent identify employee as a key perpetrator.Contributing factorsWhile respondents identify IP fraud as anemerging area of concern, 43 percent of therespondents identify ambiguous nature of IPlaws as a major factor that facilitates IPfraud. Additionally, 62 percent of therespondents identify weak enforcement ofIP laws as another key stumbling block.

43 %Identify ambiguous nature of IP lawsas a major factor that facilitates IPfraud

39 %Identify competitors as a keyperpetrator of IP fraudsThe Intellectual Property Right Laws 43%are not clearOriginal products are more expensive 40%43%Easy availability of thepirated / counterfeited productsThe enforcement is not strong 62%Inadequate infrastructure 15%34%Lack of awareness and training


26/33

among employeesLack of awareness among consumers 28%Figure 22: Key reasons for IP frauds (multiple choice)Source: KPMG in Indias Fraud Survey 2010 Figure 23: Major threat of IP fraudSource: KPMG in Indias Fraud Survey 2010 10%28% 39%23%Consumer Competition Employee Dealers and Distributors

Figure 21: Common forms of IP frauds (multiple choice)Source: KPMG in Indias Fraud Survey 2010 Counterfeiting27%Parallel supplychain47%Under-reporting oflicenses/fees13%Privacy(Software)27%29 Indi a Fr aud Sur vey Repor t 2010


Counterfeiting and parallelsupply chainHow counterfeiting affects theorganisation:? Counterfeiting is one of the mostsignificant threats to the free market. Itnot only steals the value of intellectualcapital, it also stifles innovation and robsthe customer of the quality they expectfrom the brand.?Worldwide, inconsistency of standardpractices relating to Intellectual Propertyrights creates significant challenges forbusinesses wishing to protect theirinnovations, brands, and processes inglobal economy.? The increasing threat of counterfeitinghas a direct impact on the brand equity,

and the reputation of an organisation. Byreducing revenue and damaging brandequity, counterfeiters of brandedproducts are eroding the integrity ofsupply and demand business model.

Among other risks, counterfeiting in supplychain has significant impact on the brandreputation of the product in question. Thecompanies should organise:? In depth field investigations on brandprotection aiding in understanding andmapping the illegal supply chain,identifying key players that operatewithin the supply chain, and takingcorrective action against perpetrators onthe basis of accurate and in depthintelligence collected from the market.? Conducting surprise field visits to assessthe availability of counterfeit products.? Channel reviews of the supply chain tohelp ensure there are no apparentleakages from the supply chain and noapparent involvement of channelpartners in counterfeiting.? Effective strategy needs to be broadbased which should aim to attack thecounterfeit operations from as manyangles as possible.


27/33

Illegal replicas of brandedproducts are flooding themarket place, cutting intocompanies revenues and hampering their ability to

invest in research anddevelopment.Indi a Fr aud Sur vey Repor t 2010 30

E-crimeWhile, on one hand, technology tools While 68 percent of the respondentsassist companies in enhancing believe that customer data could beproductivity and efficiency, on the other classified as an asset with a high risk ofit increases their vulnerability to an electronic attack, 42 percent believesophisticated cyber crime attacks. business sensitive information such asElectronic crimes weaken the profit and loss figures could be classifiedorgani sations IT backbone. For instance, as a high -risk target.theft of customer information from acompanys computer system could not only expose the company to litigationrisks but also to reputation risks thatcould cripple the companys business.

68 %Believe that customer datacould be classified as anasset with a high risk of anelectronic attack

52 %Emails are highly vulnerablein terms of potentialexploitation by cybercriminals.Figure 24: Key business assets that are targets of electronic attacks (multiple choice)Source: KPMG in Indias Fraud Survey 2010 68%40%35%42%18%36%Customer dataIntellectual PropertyCompany informatione.g. Legal / Financial informationBusiness sensitive informatione.g. P and L figuresPersonal identifiable information of employeesLogin/password informationFurther, 52 percent of the respondentsindicate emails as a component of the ITinfrastructure that has the highestvulnerability in terms of potentialexploitation by cyber criminals. Additionally,while 43 percent identify internet as anothervulnerable component of the ITinfrastructure, 36 percent identifyapplications hosted on the web as avulnerable component.Figure 25: Components of IT infrastructure and their vulnerability to e-crime (multiple choice)Source: KPMG in Indias Fraud Survey 2010 7%2%36%43%


28/33

52%8%21%16%32%12%24%

Applications hosted on the WebConnections to and from the InternetEmailHome workersMaintenance access to systems fromcontractors or third partiesMobile data devicesServers

Applications for uploadingand downloading data

Applications for downloading software updatesWireless networksOthers (please specify)Indi a Fr 31 aud Sur vey Repor t 2010

Supply chain fraudTodays globalised and intertwined markets Forms of supply chain fraudhave vastly contributed to increased Among the various forms of supply chainbusiness complexities, especially in the frauds, employee theft is viewed as mostarea of supply chain. The risk of supply common, with 61 percent of thechain extends from primary sourcing of the respondents experiencing this form of

raw material to the distribution of the fraud. Additionally, 43 percent indicate thatfinished products. In fact, survey fraudulent activities in the supply chainrespondents, as discussed previously, have were committed by third parties byrated supply chain (procurement and sales siphoning off stocks, through stockand distribution) as the most vulnerable pilferage.areas for fraud.

61 %Employee theft is the mostcommon form of supplychain fraudFigure 26: Forms of supply chain fraud (multiple choice)Source: KPMG in Indias Fraud Survey 2010 18%7%43%Employee thefts 61%Siphoning of stock bythird party vendorsParallel importationProduct diversionContributing factorsWhile 66 percent of the respondentsidentify lack of effective internal controls asthe main reason for supply chain leakage/fraud, 36 percent of the respondentsindicate lack of appropriate inventorymanagement system as a reason.

Additionally, 34 percent of the respondentsidentify lack of due diligence on thirdparties as one of the key reasons for thefraud.Indi a Fr aud Sur vey Repor t 2010 32

While entering into a sourcing relationship, acompany must ensure that a comprehensivedue diligence is conducted on the supplierand that they are adhering to the companys code of conduct. Moreover, while it isimportant to know the business partner priorto developing a relationship and signing awritten contract, it is also essential toregularly monitor third party activities byconducting regular audits and performanceevaluations.Figure 27: Key reasons for leakage in supply chain (multiple choice)


29/33

Source: KPMG in Indias Fraud Survey 2010 36%28%34%Lack of effective 66%internal controlsLack of due diligenceon third party vendorsComplex supply chainLack of appropriateinventory managementsystemFifty three percent of the respondentsindicated that establishing a specialprocurement function with specialists as akey preventive measure to mitigate supplychain fraud risk. Direct control on end-to-endsupply chain (49 percent) and initiatingbackground checks of employees/ suppliers(49 percent) can aid in mitigating the supplychain fraud risk.Figure 28: Preventive measures to reduce fraud in supply chain (multiple choice)Source: KPMG in Indias Fraud Survey 2010 49%Direct control on end-to-end supply chain49%Background checks of employees

Special EXIM Compliance (screening of 4%imports and exports)35%Computerised data analysisSpecial procurement function (procurement 53%professionals who provide your company with sound pricing knowledge,market intelligence on supplier performance, and/or negotiation skills)Open-book accounting (suppliers provide details of all their costs 12%on a project and work to an agreed set of mark ups and margins)

49 %Conducting backgroundchecks of employees andsuppliers can aid in mitigatingthe supply chain fraud risk.33 Indi a Fr aud Sur vey Repor t 2010

K P M G I N S I G H TEnhancing integrity insupply chainWith growing business needs and or distribution of stock at prices less thanfootprints in various markets the supply fixed by the company. Disproportionatechains are becoming more complex cost of distribution to that of the marketthereby enhancing the risk of fraud at share and undisclosed conflict of interestvarious touch points. Fraud risks in supply with distributors are key indicators ofchain can occur during the procurement these types of frauds.(or sourcing) of the products, inventory orstorage or during the sales and Another challenge faced by thedistribution. companies today is on the channelmanagement as most of theseProcurement relationships are self reporting. Based onHistorically companies have seen KPMGs experienc e 70 percent of the selfprocurement as merely a transactional reported statements are incorrect.arm to place purchasing orders and tomanage contracts instead of a function What are the red flags of supply chainreally to drive profitability. However, this fraudneeds to be changed as companies needSome indicators could be as follows:to view this as an integral part of thesupply chain. Depending on the nature of ? Reluctance to change the vendor/your business, you may be susceptible to distributor by employeescertain risks such as ?Low quality of goods procured at high


30/33

? phantom vendors: where fictitious pricesvendors are set up in your vendor ? Unusual increase in sales towards endmaster file and a list of payments are of the financial yearmade. ?Different prices in the market than? bid rigging: where theres collusion prevailing price of the company between your procurement personnel ?Poor documentation pertaining toand the bidders. stock handling? grey market: where counterfeits and ? Frequent complaints or return of

knockoffs can occur or where your goodssuppliers generate unauthorised? Quantity sold by retailers in theproduction putting your products atmarket are more than the maximumrisk.stock sold to wholesale distributor atany point in timeSales and distribution? Sales/ procurement staff demandingTheft of goods is a common phenomenon more lead time before gettingin supply chain industry. With stocks prepared for an auditspread at multiple locations and in transit,companies face difficulty in preventingstock losses or thefts. Further theemployees in connivance with thedistributor get involved in theft of goods

As indicated by therespondents supply chain isone of the riskier functionsof the organisation. Supplychain disruptions directlyimpact the revenue, marketshare and costs associatedwith distribution.Indi a Fr aud Sur vey Repor t 2010 34Indi a Fr 35 aud Sur vey Repor t 2010

ConclusionIn summary, the fallout from fraud and misconduct can be significant, including punitivedamages, tarnished corporate and brand image, lost revenue, plummeting shareholder valueand inability to attract and retain human capital.To combat frauds effectively, organisations need to adopt a holistic approach that takescognizance of fraud risks emanating from the organisations strategy and the adequacy of mitigating measures at multiple levels i.e. entity level, process level and functional levelcontrols.Despite the apparent awareness of the risks posed by a multitude of fraud types asindicated by this survey, organisations tend to focus more on the adequacy of controlsmitigating financial frauds and there is a considerably lesser focus on anti-fraud programsand controls to mitigate non-financial fraud risks.*Degre e of adequacy depicted by Harvey Balls based on score: 95 -100: 1; 75-94: ; 50-74: ; 25-49: ; < 25:0. Score indicates the percentage of survey respondents who rated their control measures for theaforementioned fraud types as adequate.

At the organisational level (senior management and the Board), it is important to have acomprehensive approach to fraud risk management which also considers the organisations preparedness in terms of skills, tools and technology to implement the desired control

mechanisms. In other words, implementation and intent need to go hand in hand to combatfraud effectively.

50 %Controls for managing IPfraud, supply chain fraud, ecrimeand bribery andcorruption risks needsimprovement or are nonexistent


31/33

Adequacy of controlsIndi a Fr aud Sur vey Repor t 2010 36

Profile of respondentsProfile of respondent organisation Annual turnover of respondent organisations

An Indian firm with onlydomestic operations

An Indian Multinational Multinational20%28%52%Source: KPMG in Indias Fraud Survey 2010 Source: KPMG in Indias Fraud Survey 2010 < INR 500 crore INR 500 crore - INR 1000 croreINR 1000 crore - INR 5,000 crore INR 5,000 crore - INR 10,000 crore> INR 10,000 crore38%19%20%7%16%Profile of respondentsSource: KPMG in Indias Fraud Survey 2010 Chairman/ Managing DirectorChief Operating OfficerChief Financial Officer/ Head of finance

Head of Internal AuditHead of ComplianceHead of HRHead of investigations divisionGeneral ManagerOthers (please specify)14%3%25%5% 12%5%5%5%26%Industries that respondents represent (multiple choice)Consumer Markets Information, Communication & EntertainmentSource: KPMG in Indias Fraud Survey 2010 Source: KPMG in Indias Fraud Survey 2010

ConsumerproductsFood andbeverageRetail Tourism andleisure58%11%47%5%Electronics Communications(includingIT hardware)ITeS (including MediaBPOs)Software42%

14%61%2%19%Indi a Fr aud Sur vey Repor t 2010 38Real Estate and InfrastructureSource: KPMG in Indias Fraud Survey 2010Financial ServicesSource: KPMG in Indias Fraud Survey 2010 Industrial MarketsSource: KPMG in Indias Fraud Survey 2010 55%15%10%


32/33

20%Building andconstruction/Real EstateTransport anddistributionGovernment andgovernment

funded bodiesHealth careservices53%21%29%15%Banking and finance Insurance Private Equity Securitiesand commoditiesbrokerage

Automotive34%Chemicalsandplastics23%Energy,petroleum,mining21%Industrialproducts34%Pharmaceuticals9%39Industries that respondents represent (multiple choice)

in.kpmg.comKPMG in IndiaMumbaiLodha Excelus,

Apollo Mills Compound,

N.M. Joshi Marg, MahalaxmiMumbai 400 011Tel: +91 22 3989 6000Fax: +91 22 3983 6000DelhiBuilding No. 10, 8th FloorTower B, DLF Cyber CityPhase ll, GurgaonHaryana 122 002Tel: +91 0124 307 4000Fax: +91 0124 3074300Pune703, Godrej CastlemaineBund GardenPune - 411 001Tel: +91 20 3058 5764/65

Fax: +91 20 3058 5775BangaloreMaruthi Info-Tech Centre11-12/1, Inner Ring RoadKoramangala, Bangalore 560 071Tel: +91 80 3980 6000Fax: +91 80 3980 6999ChennaiNo.10, Mahatma Gandhi RoadNungambakkamChennai - 600034


33/33

Tel: +91 44 3914 5000Fax: +91 44 3914 5999Hyderabad8-2-618/2Reliance Humsafar, 4th FloorRoad No.11, Banjara HillsHyderabad - 500 034Tel: +91 40 3046 5000

Fax: +91 40 3046 5299Richard RekhyHead of AdvisoryTel: +91 124 307 4303e-Mail: [email protected] UtamsinghHead of MarketsTel: +91 22 3090 2320e-Mail: [email protected] Servicese-MailForensic Servicese-MailVivek SubramanianExecutive Director, Forensic ServicesTel: +91 22 3090 2390e-Mail: [email protected] PuriExecutive Director, Forensic ServicesTel: +91 124 307 5011e-Mail: [email protected] SanwalkaHead of Risk & Compliance GroupTel: +91 124 307 4302e-Mail: [email protected] MahajanExecutive Director,Tel: +91 80 3065 4200: [email protected] AnandExecutive Director,Tel: +91 124 307 4704: [email protected]

KPMG ContactsKolkataInfinity Benchmark, Plot No. G-110th Floor, Block EP & GP, Sector VSalt Lake City, Kolkata 700 091Tel: +91 33 44034000Fax: +91 33 44034199Kochi4/F, Palal TowersM. G. Road, RavipuramKochi 682 016Tel: +91 484 302 7000Fax: +91 484 302 7001The information contained herein is of a general nature and is not intended to address the circumstances of any particularindividual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that suchinformation is accurate as of the date it is received or that it will continue to be accurate in the future. No one should acton such information without appropriate professional advice after a thorough examination of the particular situation. 2010 KPMG, an Indian Partnership and a member firmof the KPMG network of independent member firmsaffiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks ofKPMG International Cooperative (KPMG International), a Swiss entity.Printed in India

india fraud survey report 2010

Documents