Corporate Fraud, Types Of Fraud, Reasons for Fraud, Fraud Triangle, Measures to prevent Fraud, Future Fraudster, Cyber crime, Future of fraud, Fraud risk management 2.0, Using Bots for due diligence, Building the anti-fraud sentiment in entrepreneurship, Perception and Emerging Issues Survey
2. 2
MIT College of Management, Pune
Certificate
This is to certify that Ms. Krishna Arvind Patel has submitted a dissertation
project on “Corporate Fraud in India - Perception and Emerging Issues” to
MIT-ADT University, Pune for the partial fulfillment of Master in Business
Administration (M.B.A.).
We further certify that to the best of our knowledge and belief, the matter
presented in this project has not been submitted to any other Degree or Diploma
course.
Prof. Dr. Dipak Vakrani Prof. Mrs. Sunita Karad
Internal Guide Director, MITCOM
External Examiner
3. 3
Declaration
I undersigned hereby declares that, the project titled “Corporate Fraud in India - Perception and Emerging
Issues” is executed as per the course requirement of two year full time MBA program of MIT-ADT
University, Pune. This report has not submitted by me or any other person to any other University or
Institution for a degree or diploma course. This is my own and original work.
Place: Pune Sd.
Date: 14/04/2020 Krishna Arvind Patel
PRN No. MITU18MBAG0043
MBA-2019-20
4. 4
Acknowledgement
It is my pleasure to be indebted to various people, who directly or indirectly contributed in the development
of this work and who influenced my thinking, behaviour, and acts during the course of study.
I would like to express my gratitude towards MIT College of Management, for giving me the opportunity to
carry out this study.
I am especially thankful to my mentor Prof. Dr. Dipak Vakrani, for his constant support, cooperation,
presence and motivation provided to me during the study and in fact without his navigational assistance life
would have been very difficult as far as structuring the projects is concerned.
Lastly, I would like to thank the almighty and my parents for their moral support and my friends with whom
I shared my day-to-day experience and received lots of suggestions that improved my quality of work.
I would always be grateful to them for their help and support.
Krishna Arvind Patel
PRN No. MITU18MBAG0043
MBA-2019-20
5. 5
Index
CHAPTER
NO.
CHAPTER NAME PAGE NO.
1 Introduction 06
2 Objectives and Scope of the Study 08
3 Review of Literature And Theoretical Background 11
4 Methodology 24
(i) Review of Data Collection Methods 25
(A) Primary Data 25
(B) Secondary Data 26
(ii) Criteria for Sample Selection 27
(iii) Methods of Analysis 27
(iv) Limitations of the study 27
5 Data Analysis and Interpretation 28
6 Major Findings and Conclusions 43
7 Recommendations or Suggestions 47
8 References 50
9 Appendices 52
7. 7
CHAPTER 1: INTRODUCTION
“Fraud is inevitable in business”
- Krishna Patel
The number of frauds and financial scams have been increasing all over the world. Fraud exist in every
economy and human activity. If we have a look on the headlines of newspapers then we can find out that
fraud has led to huge financial scams and scandals in companies even at global level.
1.1 Background of the Study
Close to a decade after the largest financial collapse in Indian corporate history, organizations continue to be
exposed to corporate fraud, misconduct, and noncompliance. In this decade, organizations have experienced
financial misstatement, bribery and corruption, large-scale supply chain leakages and grey marketing of
products, data theft due to large scale hacking, ransomware attacks, and regulatory noncompliance.
The quantum of frauds discovered over the years in India and the associated modus operandi continue to
pose challenges towards developing effective anti-fraud strategies. While technology has enabled business
processes, has it perhaps complicated fraud risk management efforts? Is today’s fraudster more emboldened
than before? Can new legislation effectively curb fraudulent practices?
Organizations appear confident of tackling fraud and are making the necessary investments to deploy
effective fraud risk mitigation strategies. Organizations are increasingly recognizing that fraud is not only a
result of macroeconomic trends such as diminishing ethical values in society, but also of an internal
systemic/ cultural loophole that can be plugged by stronger controls with limited overrides. Resultantly, the
impact of investments made towards building a better anti-fraud ecosystem appears to be bearing fruit, with
organizations being able to estimate fraud losses more accurately.
The title of my dissertation is “ Corporate Fraud in India - Perception and Emerging Issues”. The report
is all about perception of individuals and employees towards fraud, anti-fraud policies, steps taken by
companies to prevent fraud, reasons for occurrence of fraud, which category of employees are involved in
fraud, etc.
9. 9
CHAPTER 2: OBJECTIVES AND SCOPE OF THE STUDY
Studies are conducted with a purpose and objectives. The purpose of a study is generally regarded as the aim
while objectives are what the researcher intend to do in order to achieve the aim of the study. The aim of the
study is to understand the concept of fraud, types of frauds, perceptions of individuals towards fraud,
perceptions of corporate employees towards frauds, etc.
2.1 Objectives of the study
In order to achieve the aim of the study, the following objectives are guiding the study
1. To know the state of Corporate fraud
Key findings: On fraud sentiment, top frauds experienced, reasons for fraud, average fraud loss, profile
of a fraudster, and commitment to tackling fraud.
2. To know the approach to fraud prevention, detection and response
Key findings: On fraud prevention efforts undertaken by respondents, views on fostering an ethical
mindset, use of technology in fraud prevention and detection, and response to fraud.
3. To know the impact of anti-fraud regulation on corporate fraud
Key findings: Perceptions on the effectiveness of recent and upcoming anti-fraud regulation, and
challenges to compliance.
2.2 Scope of the study
A change in mindset is needed to view fraud risk management as a proactive ongoing effort that will, over
the long term, create robust internal controls and other mechanisms to mitigate the risks of fraud.
Organizations will need to make investments to put in place systems and processes aimed at curbing fraud
and meeting compliance requirements.
The report is all about perception of individuals and employees about fraud, anti-fraud policies, steps taken
by companies to prevent fraud, etc. For the purpose of the research, I have covered individuals and
employees of different companies. Also, I have referred to the reports on India Corporate Fraud Perception
published in the year 2019.
2.3 Purpose and Relevance of the study
The last decade has seen significant coverage of corporate fraud in the Indian media. While the Indian
government has passed several laws aimed at curbing fraud, poor enforcement has diluted the intended
10. 10
impact. With the rise of new business models backed by technology, fraud has spawned new variants and
seems to be on the rise. Around 58 percent of the survey respondents believe that fraud will continue to
increase in the coming years.
Despite the extensive adoption of technology by organizations to build global business models, corporate
India continues to face challenges in mitigating traditional fraud schemes.
2.4 Limitations of the study
The limitations of a study are its flaws or shortcomings which could be the result of unavailability of
resources, small sample size, flawed methodology, etc. No study is completely flawless or inclusive of all
possible aspects.
Limitations of the study is that due to Corona Virus outbreak, I couldn’t visit the companies, which has
affected my research to a large extent as I had to rely mostly on the secondary information. Though I have
collected the information from the individuals and employees of a company where I had done my internship.
12. 12
CHAPTER 3: REVIEW OF LITERATURE & THEORETICAL
BACKGROUND
Definition of Fraud:
Indian Contract Act (Section 17)
Fraud implies and involves any of the following acts committed by a contracting party or his connivance or
his agent with the intention of deceiving or inciting another party or his agent to enter into the agreement:
The suggestion, as a fact, of that which is not true by one who does not believe it to be true.
The active concealment of a fact by one having knowledge or belief of the fact.
A promise made without any intention of performing it.
Any other act fitted to deceive.
Any such act or omission as the law specially declares to be fraudulent.
Definition of Corporate Fraud:
Corporate fraud is the intentional misrepresentation of company financial information or activities designed
to mislead the public and increase the profits of the company. Corporate fraud consists of activities
undertaken by an individual or company that are done in a dishonest or illegal manner, and are designed to
give an advantage to the perpetrating individual or company.
Regulatory Legislation:
1. Indian Contract Act, 1872.
2. Indian Penal Code, 1860.
3. Prevention of Corruption Act, 2018.
4. Prevention of Money laundering Act, 2012.
5. The Companies Act, 2013.
6. Information Technology Act, 2008.
7. Prohibition of Insider Trading.
8. Clause 49 of Listing Agreement
Types of Corporate fraud:
13. 13
1. Vendor Fraud
Vendor fraud is a method of asset misappropriation that utilizes an organization's cash disbursement
activities to funnel funds into an employee's pocket. Example of Vendor fraud:
Billing schemes - In a billing scheme, an employee generates false payments to himself/herself using
the company’s vendor payment system either by creating a fictitious vendor (shell company) or by
manipulating the account of an existing vendor.
Bribery and kickbacks - An employee participates in a bribery scheme when he or she accepts (or asks
for) payments from a vendor in exchange for an advantage.
Over billing - A vendor pads invoices to charge the company for more goods than it ships or to charge a
higher price than agreed. This can be done in collusion with an employee, who receives a kickback or by
the vendor alone to defraud the company.
2. Inventory pilferage
Pilferage is a theft of small quantities of goods or of low-value goods. Pilferage often connotes small theft
performed repeatedly over a long period of time, such as an employee stealing small amounts of office
supplies from their workplace every few days.
3. Supply chain fraud
Supply chain fraud affects organizations of all sizes in all industries. Fraud can also occur at any step in
a supply chain, ranging from bribes offered during supplier selection to forged cheque during financing
to fraudulent payments or payment guarantees.
4. Data theft/ breach
A data breach is an intentional act which exposes confidential or protected information. A data breach might
involve the loss or theft of your bank account or credit card numbers, personal health information, passwords
or email.
A cyber criminal may hack the database of a company where you’ve shared your personal information. Or
an employee at that company may intentionally expose your information on the Internet. Either way,
criminals may access your key personal details and profit from them at your expense.
5. Bribery and corruption
Bribery means giving or receiving an unearned reward to influence someone's behaviour. One common form
of bribery is a "kickback" - an unearned reward following favourable treatment. Both are corrupt.
14. 14
Corruption is any unlawful or improper behaviour that seeks to gain an advantage through illegitimate means.
Bribery, abuse of power, extortion, fraud, deception, collusion, cartels, embezzlement and money laundering
are all forms of corruption.
6. Fraud due to use of bots, artificial intelligence
and related technologies
Developments in Artificial Intelligence are helping
revolutionize many fields. But the same technology can
serve as a tool to invade privacy and commit acts of
fraud. Some of the ways fraudsters may put AI to ill use
in the future- handwriting forgery, fake conversations,
voice forgery, etc.
7. Intellectual property fraud
Intellectual property fraud is a type of fraud that
involves property that is protected under copyright, trademark, patent, or trade secret laws. There is a wide
range of activities that can constitute intellectual property fraud. In some cases, the fraud may have to do
with one party illegally obtaining access to protected material. This is basically a theft of the intellectual
property, which is usually achieved through misrepresentation or deceit.
8. Financial misreporting
Financial misreporting is also known as fraudulent financial reporting fraud. In this context, management
intentionally manipulates accounting policies or accounting estimates to improve financial statements.
Public and private corporations commit fraudulent financial reporting to secure investor interest or obtain
bank approvals for financing, as justifications for bonuses or increased salaries or to meet expectations of
shareholders.
9. E-commerce fraud
E commerce fraud is constantly increasing, and alternative payment methods are attracting criminals.
According to the study, the most common types of e-commerce fraud causing concern among merchants are
identity theft (71%), phishing (66%) and account theft (63%). Here, credit cards are the most popular target.
10. Internet and/or Cyber fraud
Internet crime is crime committed on the Internet, using the Internet and by means of the Internet.
The different types of Internet crime vary in their design and how easily they are able to be committed.
There are crimes that are only committed while being on the Internet and are created exclusively because of
the World Wide Web. The typical crimes in criminal history are now being brought to a whole different
15. 15
level of innovation and ingenuity. Such new crimes devoted to the Internet are email “phishing”, hijacking
domain names, virus attacks, and cyber vandalism.
Types of Corporate Fraud
11. Regulatory noncompliance
16. 16
With the overwhelming number of regulations and standards in India, it’s challenging for organizations to
have confidence in their spend data for ensuring compliance. It’s now more critical than ever to put the right
technology in place to detect and prevent risks around fraud and compliance.
Noncompliance with government rules and regulations is not an option for any organization. Furthermore,
not playing by the rules can lead to crippling fines, property seizure, incarceration, and more.
12. Leakage of sensitive information, including corporate espionage
Corporate espionage is espionage conducted for
commercial or financial purposes. Economic and
industrial espionage has two forms:
A) Acquisition of intellectual property, such as
manufacturing processes or techniques, locations of
production, proprietary or operational information
like customer data, pricing, sales, research and
development, policies, prospective bids, planning or
marketing strategies.
B) Theft of trade secrets, bribery, blackmail or
technological surveillance with different types of
malware.
13. Counterfeiting
To counterfeit means to imitate something authentic, with the intent to steal, destroy, or replace the original,
for use in illegal transactions, or otherwise to deceive individuals into believing that the fake is of equal or
greater value than the real thing.
Counterfeit products are fakes or unauthorized replicas of the real product. Counterfeit products are often
produced with the intent to take advantage of the superior value of the imitated product.
14. Diversion/ theft of funds
Another theft crime is known as embezzlement / diversion of funds, which involves taking property that you
already possess, but do not own. With embezzlement, a person who is entrusted to manage or control
someone else's property uses that property inappropriately, and to the person's own benefit. An employee
who uses company property for his personal projects commits embezzlement. Embezzlement can encompass
both money and other forms of property.
Reasons for Fraud
1. Lack of an efficient internal control/ compliance system
17. 17
2. Diminishing ethical values
3. Senior management override of controls
4. Inadequate due diligence on employees/third party associates
5. Unrealistic targets/ goals linked to monetary compensations
6. Technological advancements and shift of business to a virtual environment resulting in limited
preventive controls
7. Poorly enforced code of conduct within the company
Measures Companies take to prevent fraud
1. Institute periodic Internal Audit
2. Take serious action in case of incidents of fraud and use such instances to set an example within the
organization to prevent future frauds
3. Independent auditors who conduct periodic audits
4. Effective tone at the top, followed by implementing policies for fraud and consequence management,
code of conduct, etc
5. Periodic declarations from employees/management on compliance with laws and regulations
6. Conduct general fraud awareness training/workshops for all employees
7. Periodic communication to employees on fraud and its repercussions
8. Conducting an ongoing due diligence check (Third party/Senior Management/Business associate, etc.)
9. Fraud risk assessment/monitoring of fraud control frameworks— either manually or using technology
such as fraud analytic and fraud management systems
10. Dedicated training programs for select teams/individuals to address frauds to which organizations are
generally most susceptible, such as bribery and corruption, conflict of interest, procurement fraud, etc
11. Engage third party forensic experts to assess our fraud risk management frameworks at least once a year
12. Dedicated fraud prevention unit that researches new frauds and communicates them to the fraud risk
management teams
The Fraud Triangle
The three factors that make up the fraud triangle are:
1. Pressure: Most individuals require some form of pressure to commit a criminal act. This pressure does
not need to necessarily make sense to outside observers, but it does need to be present. Pressures can include
18. 18
money problems, gambling debts, alcohol or drug addiction, overwhelming medical bills. Greed can also
become a pressure, but it usually needs to be associated with injustice. “The company has not been paying
me what I am really worth,” for instance.
2. Opportunity: An opportunity to commit the act must be present. In the case of fraud, usually a
temporary situation arises where there is a chance to commit the act without a high chance of being caught.
Companies that are not actively working to prevent fraud can present repeated opportunities to individuals
who meet all three criteria of the fraud triangle.
3. Rationalization: The mindset of a person about to commit an unethical act is one of rationalization. The
individual manages to justify what he or she is about to do. Some may think they are just going to borrow
the stolen goods, or that they need the money more than the “big” company they are stealing from.
Who will the future fraudster be?
Fraudsters are increasingly becoming more collaborative, more brazen, and extremely creative in terms of
their intrusion techniques. We have seen fraudsters circumventing normal means of communication (such as
instant messaging platforms and email) and moving towards less known media (such as in-app chats which
are chat features within apps, games,
19. 19
e commerce and social networking sites). We have also seen fraudsters walking through the ‘front door’ of
organizations unlike their traditional modus operandi of looking for backdoor access in hacking cases.
Below is a list of indicators of what a future
fraudster could be:
Typically an employee or a connection of an
employee of the organization where the fraud
is unearthed.
• Between the ages of 35-45 for frauds such as
vendor collusion, procurement fraud,
falsification of reimbursement claims etc., that
is typically orchestrated from within an
organization; typically these employees are
educated to at least a graduate level, know the
system working inside out and tend not to be
involved in business decisions.
• Between the ages of 21-35 for frauds such a phishing, vishing, man-in-the middle email spoofing etc., that
is typically orchestrated from outside an organization and these fraudsters are technologically savvy but may
not have formal education, only a knack for network manipulation.
• Junior and middle management employees in employment with the organization for a period of 2-7 years.
In cases where employees with larger employment durations are involved (say beyond 7 years), the quantum
of fraud loss can increase exponentially.
• Women are beginning to be identified as fraudsters, although it is a negligible proportion of the total
population. As they remain in the workforce longer, they may not be exempt from the temptation of making
a fast buck through fraud.
The future of fraud – Insights on what to
expect in the fraud landscape (Emerging
Issues)
#1: Cybercrime – What’s new?
The appearance of cybercrime metamorphoses with
each passing technological milestone as criminals
alter their operating strategies, develop new tools and
techniques, and take advantage of changes in
20. 20
consumer and business behaviour. While financial
theft carried out via hacking, email spoofing and
phishing continues to be the most common modus
operandi, mobile devices are now at the top of the list
of devices/medium which enable financial theft due
to their ease of physical access as compared with data
on a cloud or information residing on physical
servers at data centre.
Further, many cybercriminals are turning to social
media to not only carry out phishing attacks but also
scope out potential “marks”. Using social media
allows them to vastly extend their reach to more people and decide who to attack. With more than half the
world’s population using the internet and internet enabled devices, fraud prevention approaches now require
solutions that can extend to mobile and cloud environments, make greater use of behavioural analytics, take
advantage of integrated threat intelligence capabilities, and most importantly, be designed with customer
experience in mind. While it is impossible to stop every fraud attack, it is possible to change how
organizations detect and respond to them in order to minimize the potential loss or damage.
#2: Fraud risk management 2.0 – what does the future look like?
Over the last few years
organizations in India have
adopted technology in most
of their business activities,
including as part of their
anti-fraud efforts. Robotics
process automation (RPA)
today is used to automate
repeatable, mundane,
labour-intensive, and
complex tasks that follows
a defined path such as
sanctions
screening processes, where it is used to reduce efforts in file review processes. Machine learning can help
recognize complex patterns within information (data, image, voice, video etc) to predict, draw insights, and
21. 21
prescribe actions. Many banks currently use such systems for invoice and cheque processing and to identify
anomalies. Blockchain technology is considered extremely capable of solving multiple problems by offering
an ‘un-tamperable’ ledger of entries (transactions) and leading global banks are trying to adopt blockchain
for trade finance transactions. While adoption of these technologies can definitely bring benefits to the
business, their impact also needs to be assessed from a fraud risk management perspective. In recent times, a
lot of new technology adoption has inadvertently facilitated fraud, because the internal fraud controls
framework possibly did not keep up with the change in business process that came as a result of new
technology adoption. Innovative fraudsters have been using techniques to analyse communication patterns to
defraud, impersonate or to conduct spear phishing attacks to facilitate data leak, IP theft and beyond. RPA
processes set out to make certain ledger entries can be misused by fraudsters post an internal review. For
instance, an RPA process incorporated to make adjustments to ledger entries with a view to balance the
books can be misused to include fake entries to take money out from the system.
Drones, voice recorders, video cameras can be used for stealing key business information from critical
events. I believe, future fraud will rely on a combination of devices and methods.
#3: Using Bots for due diligence – Are we there yet?
Bots will revolutionize the way forensic
due diligence has been traditionally
undertaken by taking away mundane
checks from humans, allowing them to use
their expertise for more complicated issues.
The main objective of forensic due
diligence is to uncover inaccurate
information and fraudulent business
practices through misrepresentation of facts.
AI powered bots can automatically review
clusters of large data sets which are often
filled with inaccuracies and information
asymmetry in significantly less time than
humans.
Further, by increasing their efficiency (at a fraction of the cost it takes to add additional human resources for
the same task), bots can extract relevant information faster. If bots can validate first level due diligence (via
single record based checks), the humans on the team can focus on understanding how to address the
anomalies detected. Despite the obvious benefits, the adoption of bots in the due diligence space has not
been widespread. This is because we are still far away from a world where bots can provide a 360 degree
22. 22
end to end solution without human intervention for contextualizing information and correcting false
positives. Further, in case of disparate data sets, the efficiency of bots can slow down significantly and in
India where digitization of records is far from adequate, this can pose a challenge in bot adoption for due
diligence work.
Most organizations in India are working with first generation bots that have limited capability to learn on
their own and are relatively easy to program. This presents an opportunity for understanding the potential
risks of deploying bots in due diligence work over time. Should the bots get smarter going forth, they would
become potential targets for fraudsters given the wealth of information they would have access to.
#4 : Building the anti-fraud
sentiment in entrepreneurship
24 Indian start-ups are a part of ‘unicorn club’
(companies with a valuation of USD 1 Billion
or more), as on 1st
January 2020. This puts
India behind only the US and China in the
number of unicorn start-ups that exist in the
world. While this growth is a demonstration
of sound business practices and a clear vision
for marketplace development, it is also a
critical moment for founders and business
executives to take stock of the culture and
practices within the organization.
When companies enter the growth phase, aspects
such as fraud risk management, regulatory (and
other) compliance, and ethical conduct tend to take
a backseat to the growth ambitions laid down by
entrepreneurs. This often means that such
organizations can be ill prepared to face incidents of
fraud, misconduct and noncompliance that can
severely dent their reputation and jeopardize
operations. There
23. 23
are many examples of such cases in India in the last decade, some of which are in the public domain. I
believe entrepreneurs need to look at founding ethical enterprises of the future and need to seed a culture
of zero tolerance to fraud in the organization’s evolution. To do so, they need to understand that fraud,
misconduct and noncompliance can impact any business irrespective of size, industry or nature of operations.
Therefore, unless the business is rooted in ethical practices, its survival may eventually come into question.
At the same time, given the constraints entrepreneurs face, it may be challenging to have formal programs
that specifically monitor ethical behaviour or transactions for fraud.
25. 25
CHAPTER 4: METHODOLOGY
1) Review of Data Collection Methods
Methodology is the process used to collect
information and data for the purpose of study.
The methodology may include publication
research, interviews, surveys and other research
techniques, and could include both present and
historical information. In this research, I used
primary data and secondary data (both) source to
collect data.
A) Primary source of data:
It is customized according to the needs of the researcher and focuses exclusively on the current problem. It
requires a great deal of resources and skill sets in collection of primary data. In this particular research
problem, it was a paramount importance to garner secondary data as there was very little available by way of
previous of primary data. I collected data from individuals regarding fraud, through a questionnaire. The
response of which is given below:
Name Gender
Age
(in years)
Is Fraud
inevitable
?
Will Fraud case
increase in 2
years?
Primary Motive
for Fraud
Will technology lead
to increase in fraud?
Yash Male 20 to 40 Yes Yes
Improve Financial
Position Yes
Uma Female 20 to 40 Yes Yes
Improve Financial
Position Yes
Veda Male 20 to 40 Yes Yes
Improve Financial
Position Yes
Omika Female 20 to 40 Yes Yes
Improve Financial
Position Yes
Payal Female 40 to 60 Yes Yes
Improve Financial
Position Yes
Dheeraj Male 20 to 40 Yes Yes
Improve Financial
Position Yes
26. 26
Shrishti Female 20 to 40 Yes Yes
Improve Financial
Position Maybe
Harsh Male 20 to 40 Yes Yes
Improve Financial
Position Yes
Dilip Male 40 to 60 Yes Yes
Improve Financial
Position Yes
Vrunda Female 20 to 40 Yes Yes
Improve Financial
Position Yes
Malay Male 20 to 40 Maybe Yes
Improve Financial
Position Yes
Janak Male 20 to 40 Yes Yes
Improve Financial
Position Yes
Urva Male 20 to 40 Yes Yes
Improve Financial
Position Yes
Shreya Female 20 to 40 Yes Yes
Improve Financial
Position Yes
Arihant Male 20 to 40 Maybe Yes
Improve Financial
Position Yes
Jinal Female 20 to 40 Yes Yes
Improve Financial
Position Yes
Dhaval Male 20 to 40 Yes Yes
Improve Financial
Position Yes
Rajesh Male 40 to 60 Yes Yes
Improve Financial
Position Maybe
B) Secondary source of data:
Secondary data refers to data that was collected by someone other than the user. Common sources of
secondary data for social science include censuses, information collected by government departments,
organizational records and data that was originally collected for other research purposes.
I have collected the data from various reports like - India Corporate Fraud Perception Survey 2019 which
was conducted by Deloitte, various such other reports on corporate fraud.
27. 27
3) Criteria for Sample Selection
Sampling is the process of selecting units (e.g., people, organizations) from a population of interest so that
by studying the sample we may fairly generalize our results back to the population from which they were
chosen. For making the above table, I used stratified sampling, and selected people only from age group 20
to 40 years and 40 to 60 years.
4) Methods of Analysis
For this report, I have used MS Excel for making graphs and diagrams.Also, I have used
https://app.diagrams.net/ for making diagrams. I used Google form to collect information regarding
fraud perceptions from individuals in the age group 20 - 40 years and 40 - 60 years.
5) Limitations of the Study
The limitations of a study are its flaws or shortcomings which could be the result of unavailability of
resources, small sample size, flawed methodology, etc. No study is completely flawless or inclusive of all
possible aspects.
Limitations of the study is that due to Corona Virus outbreak, I couldn’t visit the companies, which has
affected my research to a large extent as I had to rely mostly on the secondary information. Though I have
collected the information from the individuals and the employees of the company where I had done my
internship.
29. 29
CHAPTER 5: DATA ANALYSIS AND INTERPRETATION
Question 1: Do you believe that incidents of
fraud will increase in the next two
years?
The 58% of the corporate houses believes that the incidents
of fraud will increase in the next two years. The remaining
42% believes that the incidents of fraud will not increase in
the next two years. (Figure 1)
Figure 1
Question 2: What do you think is the reason for fraud in your company?
a) Lack of an efficient internal control/ compliance system,
b) Diminishing ethical values,
c) Senior management override of controls,
d) Inadequate due diligence on employees/third party associates,
e) Unrealistic targets/ goals linked to monetary compensations,
f) Technological advancements and shift of business to a virtual environment resulting in limited
preventive controls,
g) Poorly enforced code of conduct within the company.
The top three reasons for fraud include (in that order): Lack of an efficient internal control/compliance
system, diminishing ethical values, and senior management override of controls. (Figure 2)
30. 30
Figure 2
Question 3: Which of the following types of fraud/misconduct/malpractice has your
organization experienced in the last two years?
Figure 3
31. 31
A majority of survey respondents indicated that their organizations had not experienced any fraud. Among
those that did experience fraud, misconduct, and noncompliance, the top three schemes were:
Vendor/customer/business partner favoritism, inventory pilferage, and diversion/theft of funds. (Figure 3)
Question 4: Which process do you believe is the most vulnerable to fraud risks? (Figure
4)
Figure 4
Question 5: Over the last two years, what do you feel has been the extent of fraud loss
suffered by your organization?
About 42% of respondents indicated losing more than INR 10 Lakhs (INR 1 Million) in fraud losses in the
recent past. A little more than a quarter of respondents indicated that they were unable to quantify their fraud
loss. (Figure 5)
32. 32
Figure 5
Question 6: Who do you feel is most likely to commit a fraud?
Junior and middle management employees were
identified as being most likely to commit fraud.
(Figure 6)
Figure 6
33. 33
Question 7: In your opinion, what is the primary motivation for a fraudster to commit
fraud?
The primary motivation to commit fraud was identified as the ability of the fraudster to improve his/her
financial position (57%), and the confidence of not being caught in the act (23%). (Figure 7)
Hearteningly, the majority of respondents (64%) believe that suspicious behavior in employees can be
identified early on and dealt with appropriately to prevent fraud.
Figure 7
Question 8: In your opinion, do you think there is enough commitment from the
business community at large to address fraud? Do you believe your organization has
allocated adequate budget and resources to deal with fraud-related risks? (Figure 8)
34. 34
Figure 8
Although the majority of respondents (50%) believed that their organizations had allocated adequate budget
to deal with fraud-related risks, they felt there wasn’t enough commitment from the business community at
large to address fraud.Some questions allowed for respondents to provide multiple choices. For those
questions, the total percentage will exceed 100%. (Figure 8)
Question 9: Who is accountable for Fraud Prevention, Detection and Investigation?
Accountability for fraud: The majority of respondents said that the Board and CEO/ Managing Director
had a responsibility to prevent fraud, whereas fraud detection was the responsibility of internal and external
auditors. Fraud investigation was identified as the responsibility of the audit committee and the board.
(Figure 9)
35. 35
Figure 9
Question 10: What measures does your organization adopt to prevent incidents of
fraud?
The top three measures taken to prevent fraud include: instituting periodic internal audit, taking serious
action and using that to set an example within the organization, and asking independent auditors to conduct
audit regularly. (Figure 10)
36. 36
Figure 10
Question 11: How often do you review your fraud risk management measures?
Fraud risk management measures were reviewed differently by different organizations, with 22% of
respondents indicating they did so quarterly and 28% indicating they did so annually. About 23% of
respondents said they didn’t review their fraud risk measures unless they encountered an incident. (Figure
11)
Figure 11
37. 37
Question 12: Do you believe fostering an ethical mindset among employees can prevent
fraud? (Figure 12)
Figure 12
Question 13: To help continuously monitor controls, which of the following
technologies/ applications/ approaches have you considered?
Use of technology to mitigate fraud risks is on the rise with respondents identifying the following most
commonly used techniques/ tools to prevent fraud: reliance on control based reports generated by the ERP
system (54%), risk based approach for analytics (44%), and traditional statistical analysis and data mining
tools (41%). (Figure13)
39. 39
Question 14: How are potential fraud incidents typically detected in your organization?
Particulars Rank
Through anonymous complaints received on whistle
blower channels 1
Via an Internal Audit review 2
By identified customer complaints or escalations 3
By accident 4
Via statutory audit 5
Through the grapevine/rumours 6
Figure 14 (Table)
Fraud is detected primarily through whistleblower hotlines, followed by an internal audit review. (Figure 14)
Question 15: How urgently are any high potential fraud related observations
addressed?
About 59% of respondents indicated that fraud related observations were addressed immediately, by way of
commencing investigations – internally or assisted by third parties. All acts of suspected fraud were treated
with the same sense of urgency, irrespective of the potential financial and reputational implications. (Figure
15)
Figure 15
40. 40
Question 16: In the area of ‘taking action on the fraudster(s) post investigation’, my
organization best responds as follows:
Once the fraud was ascertained, the fraudster was allowed to resign in lieu of filing a legal case in the
majority of cases (49%). However, a third of respondents indicated that they took legal action against the
fraudster. (Figure 16)
Figure 16
Question 17: In the area of ‘addressing controls’, my organization best responds as
follows:
Figure 17
41. 41
Question 18: Do you believe that anti-fraud legislations have been successful in curbing
incidents of fraud, misconduct, and noncompliance.
About 47% of respondents believe that anti-fraud legislations have been successful in curbing incidents of
fraud, misconduct, and noncompliance. (Figure 18)
Figure 18
Question 19: How effective do you feel some of the following legislations (enacted and
proposed) will be in curbing fraud?
In line with that, the majority of respondents feel positively about legislations such as the Insolvency
and Bankruptcy Code (56%), Personal Data Protection Bill, 2018 (58%), Prevention of Corruption
(Amendment) Act, 2018 (58%), and Fugitive Economic Offenders Bill, 2018 (54%). (Figure 19)
44. 44
CHAPTER 6: MAJOR FINDINGS & CONCLUSION
Organizations are also increasingly recognizing that fraud is not only a result of a macroeconomic trend of
diminishing ethical values, but also of internal systemic loopholes that can be plugged by better controls and
limited overrides. As fraud schemes get sophisticated, they are aware that there needs to be greater focus on
preventive controls, necessitating adequate investments in these areas.
There is a rising confidence in organizations’
abilities to manage fraud. This can possibly be
attributed to the changing fraud landscape and
responses to fraud by the regulatory ecosystem.
Respondents also appeared to have significant
knowledge of the behaviour of fraudsters, and
optimism towards identifying suspicious
behaviours in employees with a view to prevent
fraud. All these factors point to a maturity in fraud prevention efforts that may likely be a result of
investments made towards building a better anti-fraud ecosystem.
Technology is helping organizations to proactively manage the risk of fraud. In the last two years, it appears
that organizations have implemented several tools to assist them in monitoring transactions and flagging off
suspicious entries. Undoubtedly technology is helping organizations better manage the risk of fraud.
Bolstered by the outcomes they have seen over the last two years, organizations are now investing in the
next level of anti-fraud technologies that rely on machine learning, artificial intelligence and robotic process
automation platforms (that enable use of software robot devices or ‘bots’). Technology has also perhaps
made it easy to identify and preserve evidence as we see a rising number of organizations seeking legal
recourse to fraud.
In the area of fraud response, there appears to be a change in how the fraudster is dealt with. Bolstered by
regulatory reforms, more organizations appear to be seeking legal recourse to fraud. In such a situation, it is
essential to understand how to preserve evidence in a legally acceptable manner. Most internal fraud
prevention units and internal audit teams prefer to work with third party experts for this activity as well as
for quantification of losses. There is also recognition among corporates of the fact that a change in culture
towards zero tolerance to fraud is essential to prevent future instances of fraud.
There is greater sensitivity to the reputational damage that corporate fraud, misconduct, and noncompliance
can cause, thanks to actions taken by regulatory bodies (in India and overseas) in the recent past – whether
45. 45
by introducing new anti-fraud and related legislations or through stronger enforcement action on existing
provisions. The government too has undertaken several initiatives to improve India’s perception among the
global investor community and one of its focus areas is to reduce opportunities for fraud and corruption.
In recent years, India has passed at least five legislations specifically supporting efforts towards preventing
corporate fraud, malpractice, and misconduct. This is a sign that regulators are aware of the challenges faced
by organizations in curbing fraud and are determined to ensure business is conducted ethically. The
Prevention of Corruption (Amendment) Act, 2018 is now more comprehensive and targets bribe givers too,
with the objective of ensuring that organizations work towards putting in place adequate procedures
designed to prevent bribery. The Fugitive Economic Offenders Bill, 2018 is expected to deter individuals
involved in fraud and other economic offence (valued at Rs 100 Crore and above) from fleeing stressed the
country to escape criminal prosecution. The IBC is improving insolvency resolutions in India by conducting
proceedings in a time bound manner alongside providing economically viable alternatives to resume stressed
business.
Respondents also appeared to demonstrate rising optimism for regulatory measures taken by the government
in preventing fraud. Although, there is skepticism on how strongly some of these legislations may be
enforced in the long run, recent successes such as the recoveries made through the IBC route for banks
battling fraud and mismanagement in their non-performing assets (NPAs), are indicative that the government
and corporates are willing to work together to create an ethical business climate in the country.
Impact of IoT devices on fraud investigations
As the Internet of Things (IoT) evolves and devices become more inter connectable (think of refrigerators or
air conditioners that can be controlled by a mobile application), they can present significant challenges and
opportunities for fraud risk management professionals. These are not limited to personal use devices but also
large industrial grade machinery and systems.
Such devices tend to contain large amounts of data that may have evidentiary value in a forensic
investigation. These include databases, log files, cache and media. The ‘smarter’ a device gets, the more data
one can recover from it, such as:
• Pictures
• Videos
• Personal contacts
• Social media activity
• Locations and destinations (via navigation applications installed on the phone)
46. 46
• Audio recordings
• Interactions from various messaging platforms
• A list of other connected devices (e.g., fitness tracker application connected to a nutrition application)
• Web browsing behaviour and resulting data
• Search history including results, and
• Phone calls
By their very nature such devices can interact with many other devices connected in their periphery. In effect,
any of these devices can be misused to perpetrate or aid an economic or information crime. However, the
traditional scope of investigations can be limited in its coverage of IoT devices, restricting itself to network
devices such as the router or the modem in the office, thereby overlooking the wealth of evidence available
to nab the suspected fraudster. Consider the following fictitious case which demonstrates this assertion.
An employee of an eCommerce company was accused of breaking into the corporate warehouse
after working hours and stealing goods valued at approximately INR 5 lakh in one night. However, the
company did not have a CCTV monitoring facility nor any other records of the suspect entering the
premises. The suspect claimed to be at home, in her bed, when the alleged incident occurred. However,
upon forensically analysing her fitness tracking device, it was revealed that she took approximately
2,000 steps between the time she said she had been in bed up until the next morning when she claimed
she had left her residence for work. Further, the timeline data stored on her smart phone provided
evidence of her location around the warehouse late in the night.
Using this as evidence, the company was able to file a case against the suspect and the goods were recovered
from her accomplices’ residences a few days later.
48. 48
CHAPTER 7: RECOMMENDATIONS OR SUGGESTIONS
Below are a few suggestions that companies/ businesses can consider in their journey to creating an ethical
anti-fraud culture:
01. Identify ethical dilemmas:
How much of the job description would
the candidate actually end up doing in
real life? Have you adequately disclosed
business challenges to your investors?
Entrepreneurs can face several such
questions in their line of work and be
tempted to mis-sell their promise. It is
therefore important to identify several
such areas and decide a course of action
that is acceptable to all stakeholders
without diluting the capabilities the
organization has.
02. Find a way to communicate ethical / anti-fraud practices:
Even in larger organizations, the commitment to ethical practices is determined by how the senior
management “walks the talk”. Entrepreneurs can demonstrate their commitment to ethical practices by
ensuring that they allow for minimal (or no) overrides of key processes, encourage teams to consult with
their peers/ bosses when faced with ethical dilemmas and periodically discuss how ethical behaviours will
safe guard the future of the business. For instance, many founders tend to share emails with their teams
about recent wins and milestones. In the same email a line can be added reinforcing how these wins are a
result of the ethical practices followed by the sales teams.
03. Take a stand against conflicts of interest:
In a small business personal relationships (and self-interest) can dominate judgement on key decisions.
Whether that means handing over select areas of business to friends / relatives to manage or retaining certain
areas with oneself, without objectively assessing if these candidates are indeed the right fit for the job at
hand. Promoters defraud lenders and investors by systematically acting in their self-interest and putting the
future of their companies in jeopardy.
49. 49
04. Seek external help to periodically relook at your business’ ethical quotient:
Most entrepreneurs have coaches and mentors who guide them on making business decisions. They also
provide counsel on aspects such as talent acquisition, funding prospects and identifying customer segments.
These mentors can also provide guidance on ethical behaviours and refer entrepreneurs to experts who can
help with putting together effective anti-fraud policies.
05. Document ethical practices and create a policy:
While start-ups are not mandated by law to have a code of conduct or ethics or anti-fraud policy, it is still
recommended that they formally document best practices in this regard. Such documentation can be helpful
in winning customers, getting funding and eventually prepare the organization for future regulatory
obligations.The entrepreneurship ecosystem remains close knit despite the presence of global private equity
and venture capital funds in India. While there is a market for serial entrepreneurs, there isn’t one for serial
defrauders or those engaging in malpractice. Entrepreneurs who set the ethical and anti-fraud benchmarks in
their organizations are able to build an ethical enterprise with a strong foundation which augurs well for
future growth and expansion.
06. The organization’s extent of technology adoption: Organizations with multiple processes
that have been automated may be likely to have an increased risk of fraud depending on the area and context
of automation undertaken. For example, the RPA process to check for customer emails and respond with an
invoice copy can be misused to facilitate data leakage or IP theft if the fraudster manages to replace an
underlying document that the robot will email to a particular customer ID. In such a case, in place of the
invoice, the customer may receive confidential information. Further, the customer ID itself may be
manipulated and information (on legitimate customers or otherwise) can be leaked to third parties.