Download (direct link):
When we reach the level of research, our opportunities to exert influence on occupational fraud rates becomes immeasurably broader. The world is a big place, and there are hundreds of thousands of gifted and dedicated professionals working in all of the fields we have discussed and many that we have not. We simply do not know where an exciting discovery or revelation may come from, especially if we are not inclined individually or as a profession to speculate and investigate. One can rest assured that as the 19 70s began, and law enforcement initiated its process of exploration and discovery, there were few people in the United States who drew any linkage between architecture and policing. Yet, today the use of Crime Prevention through Environmental Design concepts is not only accepted as being effective, but it is also commonplace. Our problem is not that there is not very likely much profitable information that we can glean from the work and research of others; our issue is that this undertaking is so vast that we must begin to think about how best to organize it.
Finally, Controls Programs have moved from the base of our pyramid to its apex. This is in no way meant to denigrate their role or necessity; they have been with us for hundreds of years and will stay with us for the next couple of hundred. It is meant to suggest that there are probably natural limits, given their inherent characteristics, of how much they can be improved. Certainly, they can be refined and developed, and we can learn much from their successes and failures, but we must look carefully at them as we continue to allocate time, energy, and resources
in search of more effective solutions to our occupational fraud issues. We must be mindful that their utility appears to lie much more in prevention than detection.
In thinking about controls and our two pyramids, the observation of sports commentator Mike Francesa of radio station WFAN in New York City comes to mind. Once, several years back, he was commenting during one of his shows on the rationale of baseball and some of its immutable laws. He noted that in a given season the worst team in baseball will win about one-third of its games. In the same year, the best team in baseball will lose about one-third of its games. It is how teams deal with the middle third that will determine success or failure over the course of a season.
It may be useful to think of controls in the same fashion. Even an organization with poor controls will prevent some degree of occupational fraud, and even the organization with excellent controls will experience some degree of occupational fraud. It is the middle that may offer us the ability to more effectively and significantly affect the rates of occupational fraud.
Controls may, finally, offer one additional benefit: they are neutral. We shall examine the issue of profiling and its potential utility in deterring occupational fraud in Chapter 11. Profiling is a concept that has strong proponents and some statistical support to attest to its efficacy. At the same time, it is a concept that must be applied carefully, as it has been at the heart of some highly contentious social disputes in the past.
Controls, on the other hand, are directed toward things—numbers, systems, procedures—and not people. Writing of techniques used in the war on terrorism, Ashton B. Carter, Professor of Science and International Affairs at Harvard University’s John F. Kennedy School of Government, notes: “Surveillance of the means that terrorists employ is potentially more important than surveillance of persons, and raises far fewer civil liberties issues.”31
Controls certainly fill this requirement. For the person intent on committing occupational fraud, the will to commit the act is only a piece of the equation. In some fashion they must also overcome the internal controls in place to consummate their deed, and organizations have all the leeway in the world to craft and monitor these controls in any way they see fit.
Compliance programs have been with us throughout most of recorded history, if we accept the position that religious teachings and dogma are forms of compliance instruction and monitoring. On a secular organizational level in the United States they also have a fairly lengthy history as codes of conduct or ethical codes of various groups and vocations. The first adoption of a code of ethics by public school teachers took place in Georgia in 1896.1 A survey conducted in 1924 found 133 different codes of business ethics in existence, in industries ranging from accounting to the manufacture of ice. By 1933-1934, more than 500 businesses had adopted codes of ethics in keeping with the aims of the National Recovery Act.2
One of the finer distinctions in thinking about compliance programs is how they are similar to or differ from controls programs. Karen J. Stensgaard, of PricewaterhouseCoopers, has defined them as follows in an article in Internal Auditor magazine: