Fraud Symptom 5- Insufficient focus on organization culture and processes

Organization culture is defined as the sum total of the psychology and attitudes which are communicated by the leadership team to the employees and the ethics, values and beliefs which are incorporated for execution of work and obtaining business objectives. However, organization culture is an often-ignored risk for assessing propensity towards corporate fraud.

As I had mentioned previously the impact of organization culture on internal controls is significant.  In a healthy organization culture there is open and honest communication between all parties without any fear of retribution or retaliation. In organizations with constructive cultures, the senior management is transparent in its dealings and there is serious focus on business ethics with senior management walking the walk. Intel is one organization, which has a strong focus on building a corporate culture. In any Intel office, one will find the same psychology and attitudes reflected. One of its core values is constructive confrontation and the CEO’s office conducts a global survey to determine adherence to the value.

In Intel, the focus on business ethics is excellent. Besides the regular signing of code of conduct, there is extensive ethics training regularly. To illustrate how serious they are in implementing ethics, in Intel India 250 staff was fired a few years back for submitting fraudulent bills for salary claims like conveyance, drivers salary , leave travel allowance (LTA) etc. This included some very senior level staff too. In India, it is a common practice for staff to submit fake bills to claim reimbursements and some organizations do nothing about it. Intel has a business practices excellence (BPX) program that ensures adherence to that the code of conduct covering diversity, harassment, gifts, bribes, corruption, suppliers etc..

However, in a deviant organization culture the leadership communicates to the employees that participating in criminal and unethical practices is normal. The management and employees rationalize that participating in white-collar crime and illegal behavior to achieve goals and targets is perfectly justified. Organizations having aggressive/ deviant work cultures, which are number driven and lack humanity, impact the control environment negatively. In such cases, for the sake of efficiency, legal requirements are compromised and the environment may become unsafe to work. The control environment is such cases maybe seriously impacted, as there may be strong alignment towards unhealthy and corrupt business practices. In such cases, the risk management teams are superficial and have little say. As mentioned in the book Greed and Corporate Failure -The Lessons from Recent Disasters authored by Stewart Hamilton and Alicia Micklethwait –

“Enron’s risk managers were supposed to challenge and validate the assumptions upon which the calculations were based to ensure that they were reasonable, but often failed to do so. As one recounted, ‘at times we were so overwhelmed with work that we could do little more than check the arithmetic, and in any event, it was difficult to turn down deals that would directly affect a colleague’s remuneration’. On at least one occasion, a business unit bypassed internal risk management and cleared a major deal directly with Andersen.”

As seen from the Enron case, a dominant minority controls the majority. Most of the staff is “going along for getting along.” Fear of job loss and retaliation keeps the staff quiet. A recent survey conducted by CEB indicated that employees are unwilling to share honest negative feedback if they think it impacts their careers. Results from the survey show:

Fifty-nine percent estimated that more than $1 million worth of harm to the company would have to be at stake for employees to share honest (negative) feedback.

• Twenty-nine percent estimated that more than $10 million would have to be at stake

In India, there is not much focus on building a uniform organization culture within the organization. In most cases, mission, vision and values are mentioned in the induction training and later the employee forgets the same. A new employee signs a code of conduct with the appointment letter, however in most cases there is no specific training given on adherence to the same. In quite a few cases, the detailed policies and framework for monitoring the adherence of business ethics will not be available. Without implementing policies in form of processes and control mechanisms, the code of conduct is just on paper.

Some of the India specific problems especially for multinationals are that business operations are established without improving risk management capabilities. For example, in back office operations established in India processes are migrated without understanding the history of frauds in the original country. With no data available on fraud risks, the back office has limited prevention and detection measures implemented. These may be insufficient for actually dealing with the fraud risks.

The second problem that is significant in India is the corruption and bribery cases. The bribe and corruption problem is in on supply and demand side. As the previous media reports regarding real estate, telecom frauds etc. has shown, government officials are accepting bribes for approving investments and expenditures. On the other hand, vendors and suppliers give 2-5% commission on the value of company contracts assigned to them.

In view of the above, if the organization is not adopting a clean culture, senior management may be hired without appropriate due diligence or for their unethical behavior. It is not unheard in India to hire a senior manager in facilities or finance section who is experienced in liaisoning with various officials. The term liaison is generally used for paying bribes in India.

The last but not the least, in most organizations the whistleblower programs is on paper only. Either the investigations are not done on the allegations or the employee is said to be a “problem employee”. In addition, the employees do not have any legal ways to fight an organization. Hence, they do not have much options except quit or follow orders.

In nutshell, an ethical organization culture is required to minimize corporate fraud and white-collar crime. Destructive management practices should be curtailed at the earliest by terminating the managers showing deviant behavior.


1.    Building a strong constructive organization culture is necessary to curtail corporate fraud and white color crime.

2.    Implement the organization code of conduct properly. Establish a sound framework of training, implementing processes and monitoring procedures.

3.    Deviations from code of ethics should be dealt with on a uniform basis, which is transparent to all employees.


  1. Intel (India) fires 250 employees (
  2. Organizational Culture: An Overlooked Internal Risk by By Michael Griffin and Tracy Davis Bradley ( )
  3. Greed and Corporate Failure -The Lessons from Recent Disasters authored by Stewart Hamilton and Alicia Micklethwait
  4. Mitigating Corporate Fraud in Asia (

To read the  Fraud Symptoms list, click here.

12 comments on “Fraud Symptom 5- Insufficient focus on organization culture and processes

  1. Hi Sonia

    Once again I applaud the integrity of your thoughts but fear that a recommendation (which is actually a statement) like “Building a strong constructive organization culture is necessary to curtail corporate fraud and white color crime” is taking you into some very deep waters.

    MIT’s Ed Schein was someone who learnt just how deep when he worked for the America Military debriefing Korean prisoners of war. As a result he was loath to write about the subject and it was only after Peters and Waterman came out with their execrable book on Organizational Culture in 1982 that Schein felt that someone who knew a bit more about their subject than management consultants should weigh in. After all, the bad guys know this stuff already.

    Schein’s key point in his eventual “Organizational Culture and Leadership” is that Culture and Leadership are other sides of the same coin. Organizations can no more change their culture than individuals can change their personalities. So if you’re recommending to a company that they should change their culture you are basically saying “replace all the top, senior and middle management, change all your unspoken assumptions about things like time, work and the nature of human nature, and re-engineer all the socialization processes that determine who gets ahead and who doesn’t”. And, after you’ve done all that, in the case of Enron you’d probably still not have done enough because you’d have to change the culture of the Wall Street banksters, loan sharks, and audit firms that aided and abetted Enron’s fraud, and all the business schools who pump out the unthinking human canon fodder that these institutions depend on.

    A key ingredient is the socialization processes that brain wash or process people to act in ways that they never dream are criminal. The takeaway here is “capture the group norm or, less politely, when you’ve got them by the balls their minds and hearts will follow”. John van Maanen is a good source, and you might enjoy his essay “Assholes” (see



    • Geoffrey,

      Sometimes I can’t understand -are you making a statement that I am BSing or are you questioning ?

      Let us say, corruption is key to the orgnaization culture. As you have said -“capture the group norm or, less politely, when you’ve got them by the balls their minds and hearts will follow”, are you trying to say that one can make an orgnaization 100% corrupt. If I may say so, UK and US have FCPA acts. Do you think it is convienent to fluant them as part of organization culture with a might is right attitude? Or is it ignorance is bliss, as you haven’t heard of FCPA.

      Wonder what you think, can’t get you?

      Kind regards,


  2. Pingback: The Negative Impact of CEO Pay & Power on Corporate Culture and Governance « Sonia Jaspal's RiskBoard

  3. Pingback: Strong Risk Culture Benefits Strategic Risk Management « Sonia Jaspal's RiskBoard

  4. Pingback: 10 Best Practices for Governance, Risk Management & Compliance « Sonia Jaspal's RiskBoard

  5. Pingback: Fraud Symptom 8- Breaches of Internal Controls « Sonia Jaspal's RiskBoard

  6. Pingback: rédacteur web

  7. Pingback: 1 Jan 2012 – A New Begining « Sonia Jaspal's RiskBoard

  8. Pingback: Comments on COSO revised framework Internal Control – Integrated Framework « Sonia Jaspal's RiskBoard

  9. Pingback: Strategy to Execution – A Risky Path « Sonia Jaspal's RiskBoard

  10. Pingback: LIBOR Scandal – What Went Wrong? « Sonia Jaspal's RiskBoard

Comments are closed.