Do you know all your vulnerabilities
Posted 11 Apr 16 by Guy Underwood
Most organisations are aware of a range of risks that they face as they seek to add value to their stakeholders – be they staff, customers or shareholders. Many of these risks are common across organisations in both the profit and not for profit sectors, meaning that charities are just as at risk of declining revenue from donations and sponsorships as a corporate is from a slowdown in sales or increased competition.
However, what recent events have demonstrated is that there are a range of risks that organizations and senior management may be unaware of or have failed to properly address. Culture and ethics are top of mind for almost every major organisation in Australia after comments from influential people ranging from the Prime Minister to the Chairman of Australian Securities and Investments Commission (ASIC). Any director or business owner who does not believe that poor culture poses a significant risk to their business or has failed to introduce a program designed to foster ethical behaviour is exposed to risk in terms of reputation, financial, and potentially loss of license – either regulatory or social.
Likewise, directors and business owners must now be aware of the risks associated with their sensitive information entering the public domain. Whilst the dust may have settled around previous leaks via Wikileaks, the information provided to journalists from Panamanian laws firm Mossack Fonseca has created a storm whose damage will be felt for a long time to come. It has already led to the resignation of a Prime Minister (Iceland’s Sigmundur Gunnlaugsson), the Australian Taxation Office announcing it was reviewing 800 Australian taxpayers linked to this law firm, and the British Prime Minister announcing a new taskforce to tackle money laundering and tax evasion.
Some readers may believe that this case does not affect them or their organisations, but what about if any or all of the following scenarios related to you or your organisation:
1. Your accountant has recommended a trust structure to protect you and your family’s assets. This trust happens to have been set up via a complex web of corporate vehicles that are linked via virtue of their location in a known tax haven. Even though this is a legal structure, information is leaked to the press or other external parties and causes embarrassment and damage to your reputation.
2. One of your key suppliers is identified as using child labour in a developing country in South East Asia.
3. Your largest customer suffers an information leak that results in their business suffering a significant downturn in sales which leads to a large hit to your own revenue.
Aside from the risks identified as a result of the “Panama Papers” leaks, the recent release of the 2016 Global Fraud Study by the Association of Certified Fraud Examiners raises further issues that directors, business owners and management need to be aware of. The “Report to the Nations on Occupational Fraud and Abuse” sets out the a range of data relating to losses suffered by organisations around the world from fraud and corruption.
Notable findings of this global fraud survey include:
- The total loss caused by fraud identified in the study exceeded USD6.3billion with an average loss per case of USD2.7m;
- Asset misappropriation was the most common type of fraud and in over 94% of the cases, the offenders attempted to conceal the fraud via creating and altering documents; and
- The median time a fraud went detected was 18 months and the most common way that fraud was detected was via a tip off in some form – and not via internal or external audits.
Organisations that operate without a full understanding of their risk environment face the risk of having their strategic goals impacted through events they were unable to prevent or reduce the risk of adverse outcomes. It is therefore imperative that they work with their professional advisers – and key internal stakeholders – to develop a control framework that is robust to meet current and future risk needs.
The old adage of “prevention is better than cure” has never been as apt as now for organisations and their directors/owners. Ensuring that key risks are identified and managed is a far better outcome than reading about yourself or your organisation on the internet or in the papers.
Given intense client interest in the issues addressed in this paper, Guy will be holding a series of presentations on the topic of “What does this all mean for you” around Australia in May. Further details of these events to come.