Fraud Symptom 4- Growth strategies based on financial numbers

The core reason for failure of companies is adopting the wrong strategy and the worst thing to do is focus on a growth strategy that is driven by numbers. A strategy based on organic or inorganic growth maybe aimed at delivering the financial numbers in the stock market quarter on quarter. These companies are not developing on core skills, products, customers or long-term strategy. The COSO report Fraudulent Financial Reporting 1998-2007- An Analysis of U.S. Public Companies states the following -

“The SEC’s most commonly cited motivations for fraud included the need to meet internal or external earnings expectations, an attempt to conceal the company’s deteriorating financial condition, the need to increase the stock price, the need to bolster financial performance for pending equity or debt financing, or the desire to increase management compensation based on financial results.”

To illustrate my point I am taking below cases of acquisitions that resulted in corporate disaster and internal focus on numbers that showed mismanagement and fraud.

If you consider the cases of WorldCom and Marconi both invested heavily, in telecom sector not realizing that in 2000, the market was saturated and there were limited growth opportunities.  Some of the acquisitions were done without adequate due diligence and purchased at a high price. That is, the boards ended up purchasing some bad apples at a huge cost. The new acquisitions were a huge financial drain on the existing company. In a couple of years, the companies were cash strapped. The initial high financial figures, which were reported, were fraudulent. The true financial status of the organization could be hidden because of the number of acquisitions, mergers and consolidations in numerous countries provided minimal transparency and one could not assess the real performance of the company.

In India, the Satyam case was again an attempt to show high growth and profit margins while the reality was significantly different. Fraudulent bills were passed at year-end to show higher turnover. The investment of Maytas was engineered to show growth and assets. The deal failure resulted in collapse of Satyam and disclosure of fraud as the reality could not be hidden any longer.  

At a macro level, the mergers and acquisitions scene in India needs to be viewed considering the foreign direct investment inflows and outflows and within country acquisitions. Indian companies in the last five years acquired a few companies outside India. Few group names, which forged ahead for acquisitions are Tata, Wipro, Bharti and Dabur.    Tata Steel’s purchase of Corus and Tata Motors purchase of Jaguar and Land Rover in the United Kingdom has already received some negative publicity. Reason being, that the companies are facing a severe cash crunch from the acquisitions and are surviving on domestic market. This aspect is raising questions whether the investment was required. In the next couple of years, we will know whether the acquisition could be considered a strategy good move.

The next issue is about acquisitions and investments in India. As such, more multinationals are either doing outright purchases to gain access to Indian domestic market or establishing an Indian arm by setting up business operations. Both these aspects are not free from flaws and I am giving below some insight on the issues.

The inward foreign direct investments are generally routed through Mauritius to take advantage of the tax breaks. Hence, the money trail from America or Europe does not flow directly into India. For operations also, the inflow and outflow is sometimes routed through the tax heavens. This creates opaqueness in the consolidated financial statements of the holding company.

The other aspect is Indian business are not transparent and sometimes proper due diligence may not be possible. Here is an example of a bad acquisition of an Indian company by a Japanese organization. Daiichi Sankyo from Japan acquired Ranbaxy Laboratories. Daiichi paid  $4.6 billion  to acquire a controlling interest in Ranbaxy. The price was very lucrative for Singh brothers – the sons of founder of Ranbaxy - as they got a 31% premium. However, this acquisition was bad for Daiichi as the FDA investigation details revealed. The FDA is alleging that Ranbaxy sold adulterated versions of HIV drugs in Africa and there is a patents dispute. The share prices of the company have fallen and the Singh brothers have resigned from the company after making a large profit. They are the only ones who appear to have benefitted from the acquisition. This case is a clear indication of acquiring a company for growth without adequate due diligence.

Now let us come to organic growth scenarios. As India is known as the center of for back office operations of multinationals, I am illustrating the normal operations of an in-house captive business process outsourcing. In my view the whole business process outsourcing industry is geared towards financial numbers. Multinationals invest in India for purpose of cost cutting.  As the focus is on cost reduction, the management layer is thinly spread and internal controls are compromised. To give you an example, in a business process outsourcing unit in India, a vice-president operations with 10 or more years of work experience can be managing between 150 to 800 customer service executives. Here is a table depicting the organization structure of a regular back office operations process in India.

Designation	Years of experience	Direct reports	Number of direct reports
Vice President Operations	10 or more	Assistant Vice Presidents	2-3
Assistant Vice President	8 or more	Managers	2-3
Manager	5 or more	Assistant Managers	2-3
Assistant Manager/ Team Leaders	2 or more	Customer Service Executives	15 to 30

 In reality, the assistant managers are actually managing the process delivery. From a customer service executive they one fine day are promoted and are suddenly required to manage a team of 15-30 staff members. Normally, they have no formal training for management or team management. The reason why these structures are common is that more experienced assistant vice presidents and vice presidents come at a higher cost of USD 75,000 or more. Hence, if more vice presidents and assistant vice presidents are added to the structure, the cost advantage is lost. There is hardly any supervisory or management layer in the structure for implementing proper management controls. The high fraud risk processes operating in captive back office centers are at much higher risk.

Again, the organization culture plays a crucial role in determining how growth is achieved. The recent Rs 300 crore (USD 65 million) Citibank fraud by a rogue employee Mr. Shivraj Puri depicts a scenario where internal controls were compromised to generate numbers. According to media reports, Mr. Shivraj Puri traded Rs 900 crore (USD 195 million) in the stock market and Citibank did not detect the fraud internally.

This fraud has a different interpretation when viewed with the recently released Boston Consulting group survey report on banking industry in India.   It stated that in 2009-2010 Citibank average employee cost of Rs 19 lakh (USD 41,350) was the highest amongst the banks. In comparison, the biggest Indian bank, namely State Bank of India and other reputed Indian private sector banks (HDFC, ICICI) had average salary costs ranging between Rs 5-7 lakhs (USD 10,000 to 15000 approximately) per employee. Reserve Bank India report showed that Citibank’s   average business per employee was Rs 20 crore (USD 4. 35 million) that was the highest. In contrast, State Bank of India’s was Rs 6.4 crore (USD 1.39 million). To me, it appears to be an organization culture driven by numbers. Seeing the numbers and with my experience in Indian banking sector, my personal view would be to take a closer look at Citibank’s processes and strategy. It is possible that costs are being cut on implementing internal controls, risk strategies, fraud detection and prevention to show business profits.

If an organization culture is geared towards financial numbers, chance increases of employees and management window dressing the financial statements and various other reports. Therefore, the next question is how the frauds are reflected in the financial statements.  According to the COSO report – “The majority of frauds (61 percent) involved revenue recognition, while 51 percent involved overstated assets primarily by overvaluing existing assets or capitalizing expenses.”  This in Indian context is primarily done by manipulating service delivery MIS to show better performance, adding fictitious sales contracts and billings, showing non-existent interest earnings and other accrued income etc.

While the COSO report states, the understatement of expenses and liabilities was reflected in only 31% cases, in India the problem is the opposite. Organizations prefer showing high sales and income, and higher expenses to avoid/ reduce taxation on profits. The expenses are increased by adding personal expenses of senior management under heads of gifts and entertainment, travel, membership & subscriptions, conveyance, salaries of personal house staff, personal telephone expenses etc. Hence, the problem is two-pronged in India, as neither the revenue nor the expense side figures are reliable.

Recommendations

This clearly shows that a growth strategy driven by numbers may not be the right solution if not supported by selecting right industry, developing new products, and establishing good management and systems. The number game can soon become pure gambling without proper controls and accurate financial statements. Hence, following should be kept in mind.

1.   Acquisitions should be done after through due diligence of internal organization and external factors. An analysis of industry, market, country risks and various statutory requirements is a must.

2.   Procedures and practices should be implemented to complement the business strategy. The business is likely to fail if adequate management control and supervision is not maintained.

3.   Financial statements should represent a true and fair view. There should be no manipulations and window dressing to reflect a distorted view of the business

4.    An organization culture should be developed on business ethics and not just numbers.

Hence, the final message is that a growth strategy needs to be developed and implemented with care.

References:

1. COSO report Fraudulent Financial Reporting 1998-2007- An Analysis of U.S. Public Companies
2. Boston consulting Indian Banking survey article in Asian Age-  Fraud-hit Citi emerges as best paying bank ( http://www.asianage.com/business/fraud-hit-citi-emerges-best-paying-bank-438 )
3. Corus and Ranbaxy – Acquisitions gone wrong? by Sriram Vadlamani (http://trak.in/tags/business/2009/05/31/corus-and-ranbaxy-acquisitions-gone-wrong/ )
4. India’s Ranbaxy Gives Headache To Japanese Drugmaking Parent (http://www.businessweek.com/globalbiz/blog/eyeonasia/archives/2009/05/indias_ranbaxy.html?chan=top+news_top+news+index+-+temp_global+business)
5. Tata Steel’s Acquisition of Corus (B) (http://www.icmrindia.org/casestudies/catalogue/Business%20strategy/BSTR355. )
6. Satyam Fraud Case- Confession letter of Ramlinga Raju (http://www.hindu.com/nic/satyam-chairman-statement.pdf)
7. ‘Satyam Scam Tip of Corporate Fraud Iceberg’ ( Article in IPS News written by Praful Bidwai)  http://ipsnews.net/news.asp?idnews=45608

To read the full list of Fraud Symptoms, click here.

Martyrs Day – Mahatma Gandhi’s Death Anniversary

Today, it is Mahatma Gandhi’s 63^rd death anniversary. In the present world, that is seeing the tense faceoff between the government and public in Egypt and Tunisia, Gandhiji’s guiding principles need to be remembered. He preached non-violent protests, tolerance and peaceful coexistence of people from divergent religions, races and castes.

I think his presence is sorely missed in the world today. The leaders in government and corporate sector are motivated through greed, unethical practices, tyrannical and autocratic thinking. They obsessively cling to power by whatever means possible. The idea of sacrificial leadership for the benefit of the masses is non-existent. The agenda is to cater to one’s self interest by deluding the masses. Conflict between public is raised by playing on emotions to raise them to fight on behalf of their community, religion, race or country. Leaders do public propaganda to misguide people to self-destruction rather than guide them towards constructive and spiritual behavior.

Here I am dedicating a song to the memory of Gandhiji for having the courage to stand up for the betterment of humanity. We wish there were more leaders like him today.

Colonial Cousins “Krishna nee Begane baaroo ..” Hariharan…Krishna nee Begane Baaroo means “Oh God, please come back”- Its in English, as most of my readers are English speaking,  do listen to it.

 I think somewhere we have forgotten how to say ‘NO” to injustice, corruption, hatred and greed. Here is Mahatma Gandhi’s quote which we can learn a whole lot from:

 ”A ‘No’ uttered from the deepest conviction is better than a ‘Yes’ merely uttered to please, or worse, to avoid trouble.”

Let us pray that God gives us a little bit of courage which Mahatma Gandhi had for fighting for what is right.

Recommended Risk Focus for CEOs

With the last few posts on senior management’s role in fraud symptoms, this week I am covering a few interesting posts on CEOs. The CEO has the most critical role for growth of the organization and its governance. Hence, their knowledge of the organization, understanding of business risks and implementing the right strategies goes a long way in building the organization.

The first post “10 Key Challenges for CEOs in 2011” describes some of the risks facing the CEOs in 2011. These need to understood and addressed for long-term growth.

The second post is from McKinsey Quarterly defining the tasks which outgoing CEO’s should do in their last 100 days at office. The general tendency is to ignore the critical issues and wait for the incoming CEO to address them. This attitude influences the organizations negatively and creates a few challenges for the incoming CEO.

Click on the headings to read the full posts.

1.    10 Key Challenges for CEOs in 2011 (via Prnewswire)

“Leading a company now demands that the chief executive officer take on the mantle of Chief Diplomat, Chief Talent Officer, and Chief Image Manager, in addition to his or her more traditional responsibilities,” says Stephen A. Miles, Vice Chairman of Heidrick & Struggles and head of the firm’s Leadership Advisory Services.

“CEOs will encounter a wealth of new challenges in 2011, further complicating a role that has become more highly scrutinized over the past two years than ever before. The impact of the financial crisis combined with the new requirements for conducting business on a global scale have transformed the office of CEO. Today’s challenges require someone who can demonstrate a much broader and more strategic perspective than in the past.”

10 Key Challenges for 2011

Mr. Miles sees ten major challenges for CEOs in 2011:

1. Moving from “business case” to “social business case”

“As companies weigh decisions such as entering a new market or embarking on a multi-jurisdictional acquisition, the ‘business case’ must now be viewed through a new lens: how will this business decision impact the country/region/state/province they are going into? It is no longer enough for companies to simply make a good business case or meet the ‘legal requirements’; they must make the case to the local stakeholders that this move will benefit the target community, who may have concerns about, for instance, the environmental impact. On the flip side, the transformation of developing local economies due to a major corporate presence can then affect the original business case: new unionization and increasing wealth may impact the decision as to whether to grow operations in the area or call into question whether the original business case was a sound one.”

2. Stepping into the role of “ambassador”

“Related to the development above, we are seeing that the CEO must actively engage with politicians and regulators around the world. The CEO must be conversant on policy – be it financial regulation or healthcare reform – that affects his or her company and industry. Policy makers or regulators do not want to speak with delegates, but to the CEO. Given this, the CEO must act as diplomat and build these relationships him- or herself. Only unusually qualified delegates – such as a former top politician who still carries much influence – can effectively step into this role and supplement the CEO

2.     Making the most of the CEO’s last 100 days (via McKinsey Quarterly)

In most cases, incumbent CEOs know when they are likely to leave, and there is usually some time—three months to a year—between the announcement of their departure and the new CEO’s start date. Many departing CEOs view this as a time to step back and avoid making major decisions or stepping on the toes of their successors. While this instinct is understandable, it reduces the likelihood of leaving the new CEO with several important advantages: a clear strategy, plenty of operating momentum, a strong management team, and a clean slate, including the firm resolution of any major outstanding operational or people challenge.

—–

Would I undertake any strategic or major organizational shifts if I had three more years ahead of me?

An incumbent CEO is likely to be knowledgeable about the strengths and weaknesses of the organization’s current strategy and operations, as well as any changes that are warranted. If the incumbent doesn’t act, a year or more could elapse before the new CEO is ready to do so. And in most industries today, that kind of delay can be costly. For example, a few years ago the CEO of a major high-tech firm retired without establishing clear strategic priorities for the next few years. This casual handoff, combined with the rapid pace of change in the industry and the new CEO’s failure to get up to speed quickly, proved dangerous. Just two years into the new CEO’s tenure, the company was lagging so far behind competitors it had to be restructured.

By contrast, the outgoing CEO of a major food and beverage company continued to push a hostile takeover—the company’s largest acquisition ever—until his last day. His successor was able to complete the deal quickly and gained a strong competitive advantage thanks to the outgoing CEO’s persistence.

Hope you enjoyed the posts. In your view, what risks should the CEOs address? Share your opinion here.

Fraud Symptom 3 – Board’s failure to exercise judgment

The board performance and effectiveness differentiates between success and failure of the organization. Before, I mention the details; I am giving a brief background of the Indian corporate sector and relevant laws. Ministry of Corporate Affairs Annual Report 2009 states that there were 821,212 companies limited by shares registered in India. Of these 83,010 were public limited companies and 738,202 were private limited companies. There were 2903 foreign companies operating in India as of 31 December 2009.

Now the question is how this data is relevant. SEBI’s Listing Agreement Clause 49 defines the corporate governance requirements for publicly listed companies in India. That means it is applicable to less than one-tenth of Indian companies.

The clause mentions requirements for independent directors, formation and working of audit committee, corporate governance norms and disclosures, code of conduct etc. The Indian Company Law’s various sections define the requirement for true and fair financial statements, audit committee and corporate governance requirements. However, most of the sections provisions are applicable to public companies and deemed to be public companies. The SEBI guidelines and Company Law requirements on corporate governance are not applicable to private limited companies. Hence, from a fraud symptom perspective, the issues are different and I am dealing with them below separately.

 The most renowned case of boards’ failure to exercise judgment in India is of Satyam. So let me cover that briefly. Satyam’s board consisted of well-known business personalities, namely Mr. Krishna G. Palepu a professor in Harvard Business School and Mr. Vinod Dham known as Father of Pentium. The Central Bureau of Investigation report stated (as given in Top News) –

 “The members of the Board of Directors had acted as “rubber stamps”, unwilling to oppose the fraud. Not a single vote of dissent has been recorded in the minutes of the Board meetings.”

This clearly raises questions on the effectiveness and role of independent directors. Four independent directors of Satyam resigned within a short span after the fraud disclosure. This issue which was brought into focus was “should independent directors be held responsible for the fraud?” The impact was felt across corporate India. The research paper “Independent Directors and Firm Value: Evidence from an Emerging Market” mentions that in January 2009 at the time of disclosure of Satyam fraud there was a substantial peak in number of resignations of director. 197 directors voluntarily resigned though their term had not ended. The number consisted of 109 independent directors, 40 insider directors and 32 gray directors. There are certain challenges, which independent directors face in India that may not be applicable to developed countries. I will provide details after covering the SKS Microfinance case that also highlights boards’ failure in business ethics though not in fraud.

SKS Microfinance case came into light when the CEO Suresh Gurmani was unceremoniously fired by the board of directors. There were no performance or fraud issues. Eight of the ten directors voted in favor of his termination, the other two were absent. It is being said that this was done because the founder chairperson Vikram Aluka had some disagreement with the CEO.  Two of its reputed directors are Pramod Bhasin, President and CEO of Genpact and Chandra Shekran, Former Executive Director, SIDBI. This event brought focus to the internal operations of SKS Microfinance. The organization was formed as part of social entrepreneurship to give rural poor and farmers small value loans. It is said that the organization was charging an astronomical 28% interest and was coercing village women and farmers for recovery. A number of farmer suicide incidents were reported to police holding SKS responsible. Andra Pradesh government passed a revised law about microfinance lending which in the last three months has severely affected the microfinance industry. The question here is what was the board doing? Did the directors not question the excessive profits of the company whose objective was social entrepreneurship? Did they ask for information regarding operations? Shouldn’t the board of directors question business ethics of the organization?

The main reasons for failure of independent directors in India are that most of the public listed companies’ shareholding is structured differently. The family or founders bring in their relatives and friends as board of directors and control the organization. The independent directors do not receive insider information of the organization, as senior management is loyal to the founder / family. Hence, all effort is made to protect the family/ founders authority and control, rather than interest of the public shareholders. Therefore, though the qualifications of the directors are good and relevant they have little impact. The directors are appointed more to add prestige to the board and company, a men’s club is formed and nobody bothers to ask the right questions. For the directors it is a status symbol to be on the board, along with the director’s fee, free travel and various indirect privileges. In such a scenario, the board’s independence is lost and there is hardly any focus on curtailing fraudulent activities.  

Next issue to discuss is about private companies. As such, since the number of shareholders is less than 50, in most cases of fraud the financial impact is felt by a small group. The problem arises when the private limited company is a subsidiary of a public limited company or a multinational. According to SEBI Listing agreement  a subsidiary company having a turnover or net worth of 20% of the holding company or has a significant transaction which is more than 10% of its turnover, assets or liability with the holding company has to comply with certain requirements of independent director, audit committee and review by holding company board of directors. However, through multi-layered structuring of private companies, these rules can be circumvented.

As most of the multinationals operating in India have a business process outsourcing or information technology outfit, I am taking an ITES company example to explain how multi-layered structure increases management’s propensity for fraudulent activities. Suppose company “A” is a public listed company in US. A separate private limited company “B” is formed in US with a common founders or board members. Now a separate private limited company “C” is formed in India. Now company A enters into an agreement with company B for providing software development and call center services. Company B enters into an agreement with company C in India for providing the same services. Now let us say majority of the back-office operations are performed by company C in India. Some senior managers maybe reporting to company A and B senior managers. However, now because of the autonomy available to company C and then company B senior managers, the full information does not flow to company A’s board of directors. Hence, the board of directors of company A, whose funds have been used to setup company B and C, would have very little visibility of actual operations. With such minimal control and high autonomy, company B and C senior managers separately or in collision can undertake fraudulent activities without detection.      

Considering the above-mentioned factors, one needs to assess the intent of board of directors. If the intent is wrong, there will definitely be laxity and ineffectiveness.

Recommendations

The board’s independence and critical thinking is necessary for effective corporate governance and preventing large-scale fraud within organizations. The following recommendations are useful from Indian perspective:

1)    Ministry of Corporate Affairs should focus on providing a structure for corporate governance. Applying similar provisions as developed countries is useful, however if similar support structure is unavailable, the provisions become ineffective.

2)    SEBI should delve deeper into appointments of independent directors to ensure that public shareholdings interests are protected.

3)    Reputed professionals who are appointed as directors should fulfill their obligations in true spirit and sincerity. Directorships shouldn’t be just treated as status symbols.

4)    Organizations while forming a multi-layered structure of companies should build processes to ensure transparency and accountability. Procedures for corporate governance should be implemented across the group uniformly.

References:

1. Ministry of Corporate Affairs Annual Report (http://www.mca.gov.in/Ministry/annual_report_2009.html)
2. SEBI Listing Agreement (http://www.sebi.gov.in/Index.jsp?contentDisp=Database)
3. Satyam CBI Report (http://www.topnews.com.sg/content/22973-satyam-scam-board-directors-also-party-fraud)
4. Satyam Board of Directors Resignation (http://newkerala.com/topstory-fullnews-66077.html )
5. SKS Microfinance (http://www.sksindia.com/ )
6. Independent Directors and Firm Value: Evidence from an Emerging Market (authored by: Rajesh Chakrabarti, Krishnamurthy Subramanin and Frederic Tung) http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1631710

To read the full list of Fraud Symptoms, click here.

Fraud Symptom 2- A Weak CFO

Continuing with the series, as per COSO report “Fraudulent Financial Reporting 1998-2007- An Analysis of U.S. Public Companies” in 65% of the total 347 alleged cases of fraudulent financial reporting in 1998-2007, the CFO of the organization was involved. When we add CEO and/or CFO involvement, they are responsible for 89% cases of fraudulent financial reporting. Hence, the question comes up why CFOs participate in a fraud when their role is of being gatekeepers and protectors of the organization.

According to research done in the paper “Why Do CFOs Become Involved in Material Accounting Manipulations?” the CFOs participate in fraudulent financial reporting either because they are complying with the instructions of CEO or they are themselves perpetrating the fraud. The CEOs generally take the decisions about CFO employment terms and whether CFO can report to the board. Hence, if the CEO is powerful, the CEO can force the CFO to participate in accounting manipulations. The CEO can build a corporate culture to meet quarterly accounting targets that would put undue pressure on the CFO to meet them or directly threaten CFO with job loss. As in the Satyam case, Ramalinga Raju was in a powerful position and the ex-CFO Vadlamani Srinivas did not refuse to pass fraudulent accounting entries and do illegal fund transfers.

The second situation is when CFO instigates fraudulent activities. In these situations the CFO is lured by the financial benefits and misuses his position for personal gain. This occurs when CFOs are powerful, have minimum oversight control and the organization has weak internal controls. Internal and external auditors might be under the influence of CFO. This case can be exemplified by the recent Citibank fraud. The Hero Honda Assistant Vice President Mr. Sanjay Gupta allegedly took Rs 20 crore (USD 4.46 million) from Mr. Shivraj Puri of Citibank to divert Hero Honda group funds amounting to Rs 200 crore (USD 44.67 million).

The third situation is when the CFO role is given to an unqualified or an inexperienced person. The Enron ex-CFO Mr. Fastow was not a qualified certified public accountant. As mentioned in Greed and Corporate Failure authored by  Stewart Hamilton and Alicia Micklethwait  - “It is doubtful if he had the skill set required of the CFO of a major corporation, let alone one as complex as Enron.” In India, a company’s financial statements are required to be signed by its CFO who must be a certified chartered accountant. However, organizations can hire inexperienced chartered accountants and force them to sign of the financial statements.

The last problem which needs to be addressed in large corporate is the role of Chief Financial Officer and Financial Controllers (FC). If the organization has a number of business units or geographically distributed offices, the financial controllers are responsible for the business unit financial statements. In some situations they report to the business unit operational head and in some they have direct or dotted line reporting to the CFO. In this situation the CFO can be bypassed by the FC. The CEO or business unit head can directly influence the FC to manipulate financial records. This may be done with or without the knowledge of CFO.

India as such faces additional challenges and the pressure to comply is huge. It does not have a whistleblower protection act. In 2010, 11 whistleblowers were shot dead. The dilemma faced by whistleblowers is not just about risking a career; it is also about risking one’s own life and those of family members. To exemplify this, I am narrating the case of Mr. Anjaneya, who turned whistleblower against two powerful ministers in Andra Pradesh Mr. G. Janardhan Reddy and his brother G. Karunakara Reddy. Both the brothers own Obulapuram Mining Company and Mr. Anjaneya was a deputy general manager. The Reddy brothers were using government land and mining illegally. After whistle blowing, Mr. Anjaneya’s is living a life in fear. He alleges that Reddy brothers burnt his office in Bangalore and destroyed the files. He has barricaded his house, hardly goes out and has sought police protection. Considering that it is extremely difficult to fight a legal battle in India, due to high corruption in law enforcement agencies, it is nearly impossible for senior officers to report corporate misdemeanors of powerful people.    

Do not lose hope, the CFOs in India are continuing despite the challenges. On the lighter side, here is an incident. A friend of mine, married with a kid, is a CFO in a multinational organization and reports to a CEO. She was once having a bad day and angrily said to me – “You know what Sonia, my boss is a fraud. But when I see him virtually holding a revolver over my head, I tell him he is more suave than Richard Gere, more intelligent than Einstein, has wisdom of Aristotle! ” Straight-faced I asked knowing her heart and soul are in the right place – “Isn’t that over the top”. She gave me a dirty look and responded – “He believes it.”

Recommendations

The need of the hour is to make a CFO more powerful in the organization to enable him/her to work independently. This would prevent CEO and other CXOs from exerting undue influence on CFO.

1.  The board of directors and/ or audit committee should be responsible for recruiting and terminating a CFO. The CEO shouldn’t be allowed the authority to terminate a CFO at will.

2.    Indian Company Law Board has recently requested Institute of Chartered Accountants of India (ICAI) to initiate disciplinary action at the earliest against chartered accountants who breach the code of ethics. If chartered accountants believe that they will suffer no or minimal consequences for transgressions, they will resort to them actively. Hence, actively initiating disciplinary action is a step in the right direction.

3.   ICAI should also provide a peer support and assistance to chartered accountants who wish to disclose wrongdoings. Though this is stated on paper, it is not being actively practiced. This will reduce pressure on chartered accountants to comply with incorrect instructions of CEOs.

4.   Audit committees should be vigilant about CFOs becoming perpetrators in frauds.

5.   Internal audit heads or other risk heads should not report to CFOs. If internal audit heads and risk heads report to CFOs, they lose their independence and cannot report on fraudulent activities of CFO.

6.   CFO pay should not be linked to quarterly returns or stock market performance.

References:

• Why Do CFOs Become Involved in Material Accounting Manipulations? (Authors Mei Feng & Weili Ge)
• COSO Fraudulent Financial Reporting 1998-2007- An Analysis of U.S. Public Companies (Authored by Mark S. Beasley, Joseph V. Carcello, Dana R. Harmanson & Terry L. Neal)
• Greed and Corporate Failure – The Lessons from Recent Disasters ( Authors Stewart Hamilton and Alicia Micklethwait)
• The Illegal Mining Whistleblower Case

To read the full list of Fraud Symptoms, click here.

Fraud Symptom 1- Insatiable hunger of CEO

The recent report of COSO “Fraudulent Financial Reporting 1998-2007- An Analysis of U.S. Public Companies” states that CEOs are involved in 72% of the 347 alleged cases of fraudulent financial reporting listed with SEC during 1998-2007 period. The report shows that the average period of fraud was 31.4 months. The data clearly indicates that in most major cases of fraudulent financial reporting the CEO’s of the organization are the main instigators and it is a planned initiative.

The research paper titled “Why Do CFOs Become Involved in Material Accounting Manipulations?” shows that 46.15% of CEOs involved in fraudulent activity benefitted financially from accounting manipulations. The COSO report states that motivations of fraud as specified by SEC are to meet the financial expectations, hide worsening business situation, increase executive compensation and/or improve chances of gaining debt and equity funding. Since CEO performance and benefits are measured by financial numbers submitted to the stock market, they rationalize the need to report fraudulent financial numbers to protect their positions.   

However, not all CEO’s feel pressured to resort to fraud to maintain positions. Most CEO’s do not rationalize fraud and do submit accurate financial statements. Hence, the psyche of these CEOs is generally different as they have little regard for ethical standards and legal requirements. For example, Jeff Skilling had a poster boy status prior to the debacle of Enron. He was known as a charismatic leader and was highly influential. Some state that he had a narcissistic personality. However, at that time he was held in high regard as he gave financial profits which no other energy company was showing. As Stewart Hamilton and Alicia Micklethwait authors of the book Greed and Corporate Failure describe -

“Skilling’s desire to accelerate revenue, and thus, earnings, by using mark-to-market accounting, inevitably led to a ‘treadmill’ effect. If you took all the profit from a deal in one quarter, you were going to have to find another and larger deal in the next. This inevitably put pressure on employees to do deals – often with little regard as to how they were to be managed – and to ‘make the quarter’ by whatever means necessary. There was also self-interest in this as an individual’s remuneration was based on deals done and profits recorded in the previous quarter. The focus on earnings rather than cash led to some crazy deals being done”

In India, in Satyam fraud the founder CEO Ramalinga Raju confessed to fraudulent financial reporting to Rs 7000 crore (USD 1542 million). Now investigators are stating the fraudulent activities were commenced in 2002-2003 and the amount is nearly Rs 14000 crore (USD 3085 million) . He stated in this confession letter:

“The gap between in the Balance Sheet has arisen purely on account of inflated profits over last several years (limited to Satyam standalone the book of subsidiaries reflect true performance). What started as a marginal gap between actual operating profit and the one reflected in the books of accounts continued to grow over the years. It has attained unmanageable proportions as the size of company operations grew significantly (annualized revenue run rate of Rs 11,276 crore (USD 2484 million) in the September quarter of 2008 and official reserves of Rs 8,392 crore (USD 1849)). As the promoters held a small percentage of equity, the concern was that poor performance would result in a takeover, thereby exposing the gap. The aborted Maytas acquisition deal was the last attempt to fill the fictitious assets with real ones. It was like riding a tiger, not knowing how to get off without being eaten”.

The capability to deceive can be assessed by the awards Ramalinga Raju received on behalf of Satyam. He was awarded Ernst & Young Entrepreneur of the Year Services Award 1999 & 2007 (which was withdrawn later), Dataquest IT Man of the Year Award 2000, CNBC’s Asian Business Leader – Corporate Citizen of the Year award in 2002 and Golden Peacock Award for Corporate Governance 2008 (withdrawn later).

It is not that people are completely taken in by the charisma. However, the political power of the man was such, that no one raised questions. As reported in the media, the board of directors, SEBI, ICAI and Income Tax department all had information of some irregularities being done by Satyam. A senior officer in Income Tax department was the only person to conduct an investigation about illegal transfers in 2002. Subsequently, the senior officer was transferred and investigation report suppressed. No other regulator initiated any other investigation. The message was clear no one in Hyderabad (corporate office of Satyam is located in Hyderabad) could raise questions on Satyam.

Recommendations

In my view the reason CEO’s are able to continue fraudulent and illegal activities is that there is no one checking and questioning their decisions and behavior. Hence, the recommendations to curtail CEO’s perpetuated frauds are:

• Regulators should maintain independence and initiate investigations on early warning signs.
• Board of directors should question the spirit of the contract, and not just the technical aspects. For example, why was Satyam a software company considering a deal with a construction company Maytas?
• Audit committees should play a stronger role in protecting Chief Audit Executive and Chief Financial Officers. This will enable audit committee members to understand the real situation within the organization.
• CEO pay should not be linked to quarterly results alone. Longer-term performance measures may lower pressure to give quarterly financial numbers.
• Lastly, board members and audit committee members should be vigilant on news about misdemeanors of CEOs and the company. They should conduct specific investigations of the transgressions and start action to reduce risks.

The CEO is the leader of the organization. If he/she chooses an unethical or illegal path, eventually the organization will suffer severe damages. The responsibility rests with the board and regulators to safeguard the organization. Playing a blame game after the damage is done, doesn’t help the economy or the country. Do not let a CEO’s insatiable hunger get out of control.

References:

1.  Why Do CFOs Become Involved in Material Accounting Manipulations? (Authors Mei Feng & Weili Ge)
2. COSO Fraudulent Financial Reporting 1998-2007- An Analysis of U.S. Public Companies (Authored by Mark S. Beasley, Joseph V. Carcello, Dana R. Harmanson & Terry L. Neal)
3. Satyam Fraud Case- Confession letter of Ramalinga Raju
4. Satyam Scam Tip of Corporate Fraud Iceberg ( Article in IPS News written by Praful Bidwai)
5. Greed and Corporate Failure – The Lessons from Recent Disasters ( Authors Stewart Hamilton and Alicia Micklethwait)

To read the complete list of fraud symptoms, click here.

Fraud Symptoms

In 2010, Indian media reported an unprecedented level of scams and frauds. The last but the least was the Citibank fraud where a rogue operator diverted client funds in personal stock trading accounts. Though most frauds are small and only few threaten organization’s existence (Satyam, Madoff, Enron), fraud risks are increasing across the globe.  Kroll Global Fraud Report 2010 states that in India, 88% of the respondents specified that their organization was a victim of fraud. In 48% of the cases, the key perpetrators were employees. Globally, the fraud percentage increased during the year and for every 1 billion US dollars of sales, the fraudsters share was 1.7 million dollars.

The long-term damages of fraud are significant and in some cases organizations face bankruptcy, delisting of stock exchanges and criminal charges.  COSO report “Fraudulent Financial Reporting 1998-2007” analysis the US public companies. During the period 1998-2007, 347 alleged cases of fraudulent financial reporting were identified. In the period, 1987-1997 only 294 public company cases signified fraudulent financial reporting. This shows an increase of 18% over the earlier period.   In the 1998-2007 period, the total misrepresentation of financial statements amounted to nearly US$ 120 billion across 300 odd cases. That is, an average of US$ 400 million per company in 1998-2007 to an average of US $ 25 million in the period 1987-1998.

This highlights the need for organizations to address fraud risk. To do so, we need to understand the symptoms of frauds in an organization. Some aspects highlight the organizations propensity for high fraud risk. The list below gives 15 major symptoms of fraud. The list is not in sequential order of importance. Each point mentioned below contributes to increasing fraud risks.

1. Insatiable hunger of Chief Executive Officer
2. A weak Chief Financial Officer
3. Board’s failure to exercise judgment
4. Growth strategies based on giving financial numbers
5. Insufficient focus on organization culture and processes
6. Unmanageable geographic distribution
7. Ineffective human resources function
8. Breaches on internal controls
9. Ineffective internal audit function
10. Lapses in  information assurance
11. Deviant fraud risk management function
12. Unethical compromises by external auditors
13. Unhealthy partnerships by banks
14.  Stock market manipulation and rigging
15. Corruption and bribery in society

 A single or combinations of these factors contribute towards increasing fraud risks. Understanding these and evaluating the organization against the parameters give early warning signals. These help in implementing fraud prevention measures.

In the coming weeks I will cover each on them individually. I will give examples from known fraud cases- Enron, WorldCom, Barings, Satyam, etc. The information will facilitate a corporate employee to find red herrings and take appropriate action. The risk managers can use the information about symptoms while assessing fraud risks of their organization.

Look forward to getting your ideas and thoughts on the same. If you wish me to cover any additional areas, please do not hesitate to get in touch with me.

References:

1. Kroll Global Fraud Report 2010 (Economic  Intelligence Unit Survey Results)
2. COSO Fraudulent Financial Reporting 1998-2007- An Analysis of U.S. Public Companies (Authored by Mark S. Beasley, Joseph V. Carcello, Dana R. Harmanson & Terry L. Neal)

Political Risk Predictions for 2011

Just being in the second week of the New Year, I am  continuing with the last Sunday’s post on trends. This week I thought it might be a good idea to understand the world and country risks. Do the political pundits see a better world in 2011 or are they expecting something worse?

Below are three posts giving different viewpoints on political and economic risks. The first one is from Foreclosure Blues titled “The Year of Catch 22”. It is long post and gives a rather dismal view of US political and economic situation. The second post “The Global Economy in 2011: A Rocky Ride or Smoother Sailing Ahead?” is from Knowledge Wharton. It is an excellent post covering economic risks of all major countries and regions. I have put the India section in this post.  The third post “The G-20 is 2011′s Biggest Political Risk” authored by Ian Bremmer and David Gordon is from Harvard Business Review. It discusses that though the world is expecting G-20 forum to resolve global situation, not much good will come out of it.

Click on the headings to read the full posts. Though they are rather long, I would recommend a read to understand the world economic and political risks. It is excellent information to assess country risks and their impact on the organization.

1.    2011 – The Year Of Catch 22 (via Foreclosure Blues)

As I began to think about what might happen in 2011, the classic Joseph Heller novel Catch 22 kept entering my mind. Am I sane for thinking such a thing, or am I so insane that asking this question proves that I’m too rational to even think such a thing?  In the novel, the “Catch 22″ is that “anyone who wants to get out of combat duty isn’t really crazy”. Hence, pilots who request a fitness evaluation are sane, and therefore must fly in combat. At the same time, if an evaluation is not requested by the pilot, he will never receive one (i.e. they can never be found “insane”), meaning he must also fly in combat. Therefore, Catch-22 ensures that no pilot can ever be grounded for being insane – even if he were. The absurdity is captured in this passage:

There was only one catch and that was Catch-22, which specified that a concern for one’s own safety in the face of dangers that were real and immediate was the process of a rational mind. Orr was crazy and could be grounded. All he had to do was ask; and as soon as he did, he would no longer be crazy and would have to fly more missions. Orr would be crazy to fly more missions and sane if he didn’t, but if he was sane, he had to fly them. If he flew them, he was crazy and didn’t have to; but if he didn’t want to, he was sane and had to. Yossarian was moved very deeply by the absolute simplicity of this clause of Catch-22 and let out a respectful whistle. “That’s some catch, that Catch-22,” he observed. “It’s the best there is,” Doc Daneeka agreed. – Catch 22 – Joseph Heller

The United States and its leaders are stuck in their own Catch 22. They need the economy to improve in order to generate jobs, but the economy can only improve if people have jobs. They need the economy to recover in order to improve our deficit situation, but if the economy really recovers long term interest rates will increase, further depressing the housing market and increasing the interest expense burden for the US, therefore increasing the deficit. A recovering economy would result in more production and consumption, which would result in more oil consumption driving the price above $100 per barrel, therefore depressing the economy. Americans must save for their retirements as 10,000 Baby Boomers turn 65 every day, but if the savings rate goes back to 10%, the economy will collapse due to lack of consumption. Consumer expenditures account for 71% of GDP and need to revert back to 65% for the US to have a balanced sustainable economy, but a reduction in consumer spending will push the US back into recession, reducing tax revenues and increasing deficits. You can see why Catch 22 is the theme for 2011.

2.     The Global Economy in 2011: A Rocky Ride or Smoother Sailing Ahead? (via Knowledge@Wharton)

India: Muscling Ahead

In India, December 2010 saw corruption charges rise to a crescendo and a whole session of Parliament was lost as opposition parties, demanding deeper investigation into the scams, refused to let it function. None of the political parties wants a fresh election, so this government will continue. But its trajectory has obviously been affected. “The political climate is uppermost in the investor’s mind,” says Vallabh Bhansali, chairman of Enam Securities, a capital market services firm. “If there are policy logjams, they could create confusion.”

But the economy is expected to muscle ahead regardless. Estimates of GDP growth vary from 9.7% (the IMF prediction for 2011) to 7.7% (the Credit Suisse prediction for fiscal 2011-12). Credit Suisse is a rare pessimist; almost everybody else has upped their forecasts. The government projection is 8.75%, with a possible 0.35% addition. “India is on a mission to get its annual GDP growth to 10%,” according to Bundeep Singh Rangar, chairman of IndusView, an advisor to MNCs seeking opportunities in India. “A good monsoon [season] and a strong global recovery could make 2011 the year that India achieves that goal.”

The Bombay Stock Exchange sensitive index (Sensex) should keep pace with GDP. “By the end of 2011, the Sensex is likely to be between 24,000 and 25,000,” says Rajinder Sabherwal, who manages a macro fund called Magister Ludi Global. The New York-based Sabherwal, however, doesn’t think India will be a top performer in the markets. “India is a defensive holding for us. It sells at a premium. To some extent [that is] justified, but [it] is vulnerable to inflation and rising oil prices. In emerging markets, we prefer Turkey, Russia, Thailand, Korea and Poland.” Sunil Bhandare, advisor (economic and government policy) at the Tata Strategic Management Group, sees a 12% to 16% growth in the Sensex over current levels (around 20,000 at the end of December).

One big worry is inflation. Dharmakirti Joshi, chief economist at credit rating agency Crisil, says inflation will be the biggest challenge in 2011. His other concern is the impact of rising capital inflows on the rupee. Naresh Takkar, managing director and CEO of credit rating agency ICRA, also lists inflation as a top concern, especially in commodity prices. He sees improving international economic sentiment as a “double-edged sword” for India. “Sectors that are dependent on international demand will benefit, but commodity prices will see a further upturn,” he says.

If inflation climbs, the Reserve Bank will have to hike interest rates. This could result in “some moderation” in the growth rates of investment and private consumption, according to Joshi. Bhansali also sees “a bit of a cyclical downturn in growth, but it may be only a few quarters or a few months.”

It’s on the reforms front — inextricably linked to politics — where there is the greatest amount of uncertainty. Much could happen. Joshi pins big hopes on the proposed new goods and services tax, which he describes as a “game changer.” A slow approach would be just right for new banking licenses, suggests Rajesh Chakrabarti, finance professor at the Indian School of Business. “The dominant view is that caution and safety are key, and no rush towards greater liberalization is warranted.” He also expects the recent corruption scandals to create a bigger role for the government, “as the false assurance of the cleanliness of the private sector is now gone.”

“There are far too many policy reforms that are pending, but unfortunately, the parliamentary system has been bogged down by controversies, scams and corruption. No substantive reforms could move forward during 2010,” says Bhandare. “Our political parties must realize the adverse consequences of their actions.”

 3.    The G-20 is 2011′s Biggest Political Risk (via Harvard Business Review)

Among the acute political risks facing the world this year, the nuclear threats from Iran and North Korea are serious, no doubt, but the behavior of the 20 major economic powers scare us more: these countries can no longer agree on how the global economy should function.

“Oh, come on,” you might say. “When did the world’s leaders ever agree on anything?”

But, there used to be a pretty good understanding among the dominant economies on matters such as currencies, capital flows, and economic globalization, and the major players were willing to put their heads together to solve crises.

No more. The major economic powers are pushing their own agendas and using the key institutions that should be providing global governance as arenas for confrontation instead of collaboration.

This enormous change ushers in an era of growing political risk. It doesn’t have an official name yet, but we propose calling it the “G-Zero,” as in zero collaboration. It is the first item on the Eurasia Group’s Top Risks for 2011.

Before the global downturn, the G-7, and then the G-8 (including Russia), coordinated governance on key economic issues. The G-8 was superseded by the G-20 during the financial crisis, and at first the members cooperated well to prevent a global economic collapse. But the initial collaboration was misleading — it turned out to be merely a reaction to panic.

The first serious cracks in the group started showing in Copenhagen a year ago, following a climate summit marked by such disunity that the outcome was worse than if no meeting had taken place. Then, last fall, both the International Monetary Fund meeting in Washington and the G-20 meeting in Seoul ended with warnings of looming conflict. “We’re in the midst of an international currency war,” Guido Mantega, Brazil’s Finance Minister, said last September.

Well, this information does not give much comfort. The message is that do not view the world through rose-tinted glasses in 2011. It is a rough ride ahead and we have to be prepared. So let us keep a realistic view and still hope for the best.

Key Performance Indicators for GRC Departments

Courtesy Value Based Management.net

During this time of the year an organization is either evaluating performance against previous year’s Key Performance Indicators (KPI) or developing new KPI for the current year. The key concern is how to measure the performance of Governance, Risk Management and Compliance (GRC) departments. As per the IIA survey, 48% of the organizations globally will be focusing on measuring the effectiveness of internal audit departments in 2011. This indicates how critical it has become for GRC departments to have the right KPI.

The point of debate is what are the right KPI for GRC departments? I was following a discussion on LinkedIn sometime back, and the common viewpoint was completion of the annual audit plan along with the number of audit reports issued. Can we equate issuing timely GRC reports to effectiveness of the department? Risk Managers job is to manage risks; reports are the outcome of risk management initiatives. Reports by themselves are not the measure of effective risk management. So what are the parameters that make GRC departments effective and successful?

To elaborate on this concept, I am taking the Balance Scorecard (BSC) format to give some suggestions on KPI for GRC departments. BSC has four components- customers, financials, business processes, and learning and growth. Let us understand how to develop KPI within this quadrant. The details are applicable for internal GRC departments and to some extent to external GRC consultants

Customers

The first aspect for measurement is customer satisfaction. The question from GRC perspective is who is the customer and is their satisfaction necessary. Reason being that focus of GRC activities is on safeguarding shareholders interest. It needs to ensure that the organization complies with various rules and regulations and effectively manages business risks. However, GRC is hardly ever dealing directly with shareholders. It generally interacts with the appointed audit committee or risk management committee.

Hence, can we say that if GRC satisfies the audit committee, it has done its job? To some extent yes, but then we are ignoring the management and employees. Without influencing them to implement suggestions to mitigate risk, GRC members cannot fulfill their core task of safeguarding shareholder interest. Hence, GRC has customers in the form of shareholders, audit committee, board members, external auditors, senior management and employees. Now we need to define indicators to measure effectiveness for each category of customer.

Audit Committee

Normally, the number of reports issued to and meetings held with the audit committee are considered good KPI. However, these do not measure effectiveness of the audit committee or GRC department. The nature of audit committee discussion regarding the observations mentioned in the reports and actions approved to implement the observations truly reflect effectiveness. Hence, cover all four aspects in the KPI.

Board of Directors

In the recent COSO ERM survey, 44.8% of the respondents said that their management reported top risks to the board. While, 37.3 3% acknowledged that their management reports minimal or nil risks to the board on a scheduled and regular basis. The heads of GRC key complain is lack of representation at board level. The survey results showed that more than half the boards had not assigned a proper risk management committee. With this insight, it is clear why GRC departments fail to support the board by advising them on strategic risks. Considering the background the KPI should cover the nature and timeliness of risks reported to board which benefited board decision-making.

External Auditors

Some internal audit heads consider managing external auditors as a key part of their job. My view is that the success of GRC functions lies in measuring the extent to which external auditors relied on GRC departments work for assessing risks. Mere coordination and supplying information to external auditors cannot be considered as a measure of success.

Management

The GRC departments’ maximum interaction is with the management. The key job is to help the management mitigate business risks. Some view that GRC department is only responsible for identifying risks. However, in my view this is not the right approach. GRC departments should understand the vision, mission, strategic initiatives and organization pain and enablers. This facilitates GRC team to identify business risks and provide preventive solutions to management. Here, the role of GRC departments is of a watchdog, advisor and partner. Value addition provided to management by GRC departments is a true indicator for measuring effectivness.

Financials

 Management treats GRC departments as cost centers. The costs include the normal operating costs of a department including salary, training and administrative overheads. As management considers it as an overhead for cost of doing business, the GRC departments have a difficult time getting budget approvals. In times of recession, the budget constraints are significant. The IIA Audit Executive Center survey indicated that since 2007, 32% of internal audit function globally faced budget cuts.

With globalization, technological advances and complex regulations the audit universe is increasing, however management is pushing down the costs. Hence, the challenge is to give more value at lesser costs. In this scenario, it is worthwhile exploring whether GRC functions can figure cost savings from implementation from their recommendations. Is it possible to develop a model to determine ’Return on Investment’ from GRC activities? Quantifying savings for value of penalties avoided, increase in customer satisfaction by streamlining business process or advising on strategic risks at strategy formation stage can do this.

The other aspect to look into is whether restructuring various GRC functions or building better synergies between them is likely to cut duplication of work and thereby reduce costs. This can save significant time and money.

The one angle that GRC department does not measure to determine costs is the time spent by business process teams for facilitating the audit by providing required information, resolving queries etc. Depending on the number of audits and size of operations, this can be a significant cost. GRC departments should develop models to capture this cost and keep it at a minimum. Hence, to measure financial performance develop a number of KPI covering the above aspects.

Business Processes

GRC departments focus on reviewing business processes of the organization. However, its own internal processes sometimes do not facilitate management review, as the right metrics are not available.  In the COSO ERM survey, only 3.4% of the respondents considered their organization’s ERM process as very mature. However, 14.5% respondents described the process as very immature. This indicates that GRC departments should focus on implementing ERM framework for better risk governance and management.

The second aspect is that most of the planning and work papers documentation is excel based. As the process is manual, it provides limited information about the working of the department. For example, is the process of allocating audit time systematic? What are the ways to measure the number of audits completed within planned time and reasons for variances. Sometimes, management is at a loss to understand the real functioning of the GRC departments. Hence, the measurement criterion becomes the number of audit reports issued, as this is the only tangible product. GRC departments should implement the right GRC management software and project management tools to provide information to management regarding the departments’ performance. The KPI could be of budgeted hours to actual hours spent on audit, issue of reports, number of hours spent on GRC assignment and other activities etc.

The next question is about the advantages of streamlining the business processes. Let us take a simple situation of a fraud investigation. A fraud investigation raises the anxiety level of the staff and rumor mill works overtime. A published standard operating procedure for fraud investigation reduces the anxiety level, as staff is aware of the high-level process and outcome. Therefore, besides providing measurement criteria to management for evaluating the success of fraud investigation, it also reduces staff apprehension. Hence, publish processes for various GRC functions to ensure transparency.  The KPI could be about new manuals or revision in existing manuals.

Learning & Growth

Learning and growth focuses on developing the team, training, building a positive work culture, mentoring etc. The question that comes to mind is whether the risk management department is responsible for learning and growth of its own team or the organization. Does the GRC department has any role to play in building the organization culture? My viewpoint is yes, organization culture has a significant impact on internal controls. Hence, GRC department should work with Human Resources department to build risk awareness. While it can be disputed that employee training should be part of customer quadrant, it is worthwhile to have a complete picture in one section.

Organization Employee

 To build a constructive organization culture focusing on risk awareness GRC departments should give training to management and employees on governance, risk management and compliances issues. The primary responsibility of managing risks is with the business teams. Training enables business teams to take ownership of business risks and proactively mitigate them. Though training itself should not be considered the end all. How the training has been incorporated in business functions is critical to assess effectiveness of training. Here, the KPI can be nature and number of trainings provided with a measure to determine effectiveness of training.

 GRC Team

Last but not the least is development of the GRC team. Trained GRC resources are difficult to find and are costly. The organization knowledge residing with a GRC team member is hard to replace in a newcomer. Hence, retaining and developing GRC team is essential. GRC team requires training on new laws and regulations, tools and methodologies on the technical front. It requires soft skills training on conflict management, constructive confrontation, etc. to maintain independence and manage difficult relationships. Develop a focused training plan based on individual learning requirements. Mentoring and sponsorship should be included in the career planning. Here the KPI covers number of hours spent in training, nature of training, effectiveness by measuring deployment of tools and methodologies, promotion of GRC staff vertically and growth opportunities provided in different departments.

The above gives an overall framework to formulate KPI for GRC departments. It is not an exhaustive list and is not prescriptive in nature. GRC departments need to assess the organization needs, culture and requirements before defining their own KPI for the year. Also, review the KPI on quarterly and half-yearly basis to check whether the departments are on track and whether the KPI is still a useful measure. If KPI is not a useful measure, discard it. For making KPI a successful measurement tool, remember to measure the right things at the right time.

Rs.300 Crore Citibank Fraud

Shivraj Puri

Last week Citibank India filed a police complaint stating that Mr. Shivraj Puri, an employee of Gurgoan branch had siphoned of money from 20 high net-worth investors (HNI) amounting to Rs 300 crore (USD 67 million). Media updates of police investigation show that police are having some success in cracking the case. I thought let me provide the case details and the implications of the case to Citibank and other related parties.

 

Case Facts 

Here is a summary of case published to date. Mr. Shivraj Puri is a Senior Relationship Manager in Citibank Gurgoan branch. He used a forged notification of Securities & Exchange Board of India (SEBI) stating that few select clients would earn higher returns (18% to 20%) if they invested in his suggested schemes.  He invested the money obtained from HNI in the stock market in his personal capacity over a period of few months. Presently, information of the period of fraudulent activity is not available.

Up to now the main client affected by the fraud is Hero Honda group and the amount diverted is to the tune of Rs 200 crore (USD 44.67 million). Mr. Sanjay Gupta, Assistant Vice President in the accounts office of Hero Corporate Services was arrested yesterday. Mr. Sanjay Gupta is purported to have formed two finance companies BG Finance and G2S Consultancy and diverted Hero group promoter funds in these two companies. These funds were then fraudulently invested by Mr. Shivraj Puri of Citibank. Mr. Sanjay Gupta has allegedly taken Rs 20 crore (USD 4.46 million) as commission from Mr. Shivraj Puri for diverting these funds.  It is suspected that Mr. Sanjay Gupta was aware of the forged SEBI letter but recommended the investment to a number of people.

Other details reveal that funds were transferred to Mr. Puri’s wife, other relatives account and some benami (fictitious accounts). Mr. Shivraj Puri used Religare and Bonanza brokerage firms for investing the money in stock market. Religare stated the Mr. Puri has been a client since December 2009.

SEBI investigators have commenced investigating Mr. Puri. RBI has demanded a fraud report and impact from Citi and may take an independent review of Citi operations.

 An Analysis of Issues

Impact on Profits: As per the audited financial statements as on March 2010 the net profit of Citibank India was Rs. 860 crore (USD 192 million). If Citibank has to absorb the loss of the fraud and payback to the clients, its profitability for the year will be impacted negatively. Presently, since the main loss is of Hero Honda group, and its employee is involved in the fraud, the whole burden may not be on Citi. The second aspect being stated is that the shares held in various demat accounts by Mr. Puri will be identified and the accounts frozen (19 accounts have been frozen till date). This will enable partial recovery of the estimated fraud loss.

Segregation of Duty: The Relationship Manager of Citibank as per the details available on Citi website is a “one point contact with the Bank”. The Relationship Manager is “backed by a team of experts in the fields of investments, insurance, treasury and foreign exchange services”. There appears to be lack of controls and supervision on the activities of the Relationship Manager. From the looks of it, the Relationship Manager is selling the investment concept, obtaining funds, investing them and monitoring the accounts. This shows that there is no segregation of duty for the different functions. SEBI and RBI could both question the investment management department functioning.

Know Your Customer (KYC): Both SEBI and RBI have issued guidelines for Know Your Customer. KYC procedures mandate that asset management companies should review cases of clients “where the source of the funds is not clear or not in keeping with clients apparent standing /business activity”. If in this case, funds from Citi customer accounts were being diverted to accounts in Citi (for example, Mr. Puri’s relatives or other fictitious accounts) then there should have been checks in place to question the business validity of the transactions. On the other hand, the brokerage firms, Religare and Bonanza should have questioned the source of funds of Mr. Puri as he is a salaried employee. Although, they are stating that KYC procedures were followed.

Suspicious Transaction Monitoring: According to RBI and SEBI guidelines, a bank is required to have systems in place to monitor suspicious transactions and there is special emphasis on high net-worth investors (HNI). For HNI the nature of activity of the customer should be monitored by the bank and suspicious transactions reported to RBI if money laundering is suspected. In this case, questions can be raised on the nature of systems and procedures in place to monitor suspicious transactions. SEBI and RBI could raise questions on the accuracy and validity of suspicious transactions monitoring reports submitted by the bank.

Functioning of Risk Management Departments:  RBI guidelines specify that banks should have proper fraud monitoring, compliance and risk management functions. The responsibility for establishing and maintaining the fraud risk function rests with the CEO. In this case, the fraud was perpetuated over a few months (specific dates not available) and the fraud department was alerted by the customer complaints. This raises questions on fraud detection and monitoring procedures implemented at the bank. The bank could face some tough questions from RBI regarding the fraud and compliance department functioning.

Citi definitely is in a soup and as the investigation unfolds, we will know the full story. I am expecting a few more skeletons to topple out. Will definitely keep you updated on the happenings. Share your opinion about the case here.