Is the recent re-appearance of a 1980s fictional swindler worthy of CFEs' professional attention? You bet, because it's a more-relevant-than-ever character study of a cunning, driven and egocentric fraudster.
Crooked oil baron J.R. Ewing is the antihero of famed soap opera Dallas, which has just returned to television after a 21-year hiatus. As senior partner and de facto chief executive of the family business, J.R. has always been up to no good. And now, in 10 new episodes, he plans more felonious deceptions.
J.R.'s business associates have every reason to be nervous. His past frauds spanned a broad range of targets and techniques: conspiring to "fix" oil prices, violating a U.S. State Department embargo by clandestinely selling oil to Cuba and setting up an illegitimate shell company to fraudulently hide his business interests from others entitled to full disclosure, including his honest junior partner, younger brother Bobby.
Whether or not J.R.'s crimes pay off, the show focuses mostly on what he plots against others and how they retaliate. But seldom do misfortunes befall J.R. or Ewing Oil because of something he has not done.
Of course, real-life executives cut from the same cloth as J.R. hurt their companies actively, by their deliberate frauds, and passively, by their negligent inattention to detecting and preventing others' illicit schemes.
A case in point: At the 23rd Annual ACFE Fraud Conference & Exhibition in June, convicted felon Mark Whitacre told how he and other dishonest executives claimed $660,000 in phony-expense reimbursement from their employer, agribusiness giant Archer Daniels Midland, to cover personal losses they had suffered as victims of an advance fee scam (see Fraud Examiners Manual, section 1.838). Obsessed with their own enormous price-fixing conspiracy to cheat ADM customers, these J.R. clones were greedily blind to any and all fraud risks threatening them or their company.
In the oil business, as in other industries, that kind of myopia can lead to considerable and sometimes undetected fraud-related losses.
PROACTIVE LOSS PREVENTION
Tim J. Leech, CFE, FCA, CIA, CMA, is managing director of global services at Risk Oversight Inc., a Toronto- and Calgary-based consultancy that advises corporate boards and management on mitigating their organizations' vulnerability to fraud and numerous other perils. Early in his career, Leech worked in the energy sector in Calgary as Gulf Canada Resources' audit manager in charge of loss control.
"To do my job as well as possible, I went down to Houston and learned how to steal oil and gas," he recalled. There, an energy industry trade group schooled Leech in the various techniques thieves use to defraud oil producers.
"In one scam, the trucker who hauls crude from your well adds a secret compartment to the inside of his main tank," he said. "And every time he pulls up at your site, he surreptitiously puts some of your product in that hidden extra tank. Then, after he delivers the oil he legitimately took, he makes a second stop to off-load the oil he stole. You never know the difference, but it all comes off your bottom line. And he keeps on bleeding you until you wise up."
Another fraud was more sophisticated. Wells often discharge a mixture of oil and salt water. Producers separate the two, and truck the water away as waste. But scheming employees sometimes divert oil into the water tankers, which haul it off for surreptitious refinement and theft of oil the producer's management never knows it has lost, Leech said.
Armed with these insights, Leech ultimately helped Gulf Canada launch innovative programs to assess its internal risk identification and control systems. At first, however, some of his colleagues were skeptical.
"Part of the challenge was convincing them that if oil-field crime was happening in the U.S. it was also possible in Canada," Leech said. "They just didn't believe people were stealing oil and gas and vendors were corrupting our field and construction employees."
Yet Leech persisted in his efforts. When he performed ongoing fraud risk assessments and identified previously unaddressed exposures, he set up additional controls and, where appropriate, conducted investigations.
In one case, he invoked a right-to-audit contract clause to check a vendor's records and found that the vendor had fraudulently overbilled Gulf Canada for vendor staff social insurance payments as part of a cost-plus contract. In another, when Leech analyzed a pipeline company's financial records, he discovered that its management had systematically tampered with the pipeline's volume meters and had cheated producers for years. Through further research, Leech learned that many pipeline companies were committing this fraud, which had become an accepted industry practice.
"In oil measurement, discrepancies are routine," Leech said. "But they should be randomly distributed around the mean. When a pipeline company always delivers more oil than it credits the producer for, there is a problem."
Leech's findings put an end to that scam, and he tightened controls to ensure it didn't resume. Through his success with such cases Leech won management's support for control systems that identify and prevent fraud and other losses before they occur. And, as Leech's career progressed, this approach enabled him to help the leadership of other entities do the same.
ALLIES AGAINST FRAUD
Doubtless, a company like Ewing Oil would benefit from a proactive anti-abuse program of the kind Leech and other astute fraud fighters recommend. Unscrupulous real-life J.R.-style CEOs don't spend much time worrying about how thieves and other criminals might harm their company. And, like Bobby Ewing, some actual business owners are naïve or passive about the fraud risks their entities face.
If tone at the top doesn't demonstrate commitment and awareness, with whom can a CFE forge an anti-fraud alliance? CFOs, chief compliance officers and heads of internal audit and legal departments come to mind.
But the following findings from Ernst & Young's 2012 Global Fraud Survey of more than 1,700 such executives in 43 countries (100 of them were from the U.S. and Canada) make it clear that some people in those positions might not be as fraud-averse as a CFE would hope:
- Respondents were increasingly willing to make cash payments to win or retain business, and a greater proportion — including CFOs — expressed an increased willingness to misstate financial performance. Globally, 15 percent of respondents are prepared to make cash payments, versus 9 percent in E&Y's 2011 survey. Five percent of respondents might misstate financial performance, versus 3 percent in the prior survey.
- Despite the risks, companies are failing to take sufficient preventative measures. Management is giving mixed messages — with the tone at the top diluted by the failure to penalize misconduct.
Further, E&Y's survey report stated, "CFOs need to redouble their own efforts to set the tone: they need to be trained, to increase their awareness and to clearly demonstrate support for initiatives to manage fraud, bribery and corruption risks. This is particularly relevant since, according to those interviewed, the CFO is most likely to have responsibility for ABAC [anti-bribery and anti-corruption] compliance. For their part, boards and audit committees need to remain appropriately skeptical. Developing channels of communication with contacts across the finance function and other executives within the business will help boards ensure that they have a full and an accurate picture."
In Leech's view, this unsatisfactory situation is proof that what he calls the "traditional approach" no longer works.
"In a lot of organizations, it's not culturally acceptable to consider scenarios in which senior executives are involved in fraud or lax about detecting and preventing it," he said. "And boards of directors have not demanded proof that management has effective anti-fraud programs in place. Yet even after the global financial crisis in 2008, there has been no adequate legal or regulatory response to ensure it won't happen again," Leech said. "For example, when [derivatives broker] MF Global went bankrupt in 2011, it reported that more than $1.6 billion was missing. Just a year earlier, however, the company's external auditor determined that MF Global's internal controls over financial reporting were effective and had no material weaknesses when evaluated according to the latest (i.e., 1992) internal control integrated framework issued by the Committee on Sponsoring Organizations of the Treadway Commission (COSO)."
A NEW ERA
Leech said the status quo is changing. "Major commissions convened in the wake of the 2008 global financial crisis concluded that deficient board oversight of risk was one of the root causes [of the meltdown]. Boards are under growing pressure to demonstrate to regulators, investors and credit rating agencies that they are meeting their board risk oversight responsibilities. This has resulted in the National Association of Directors (NACD) in the U.S. and the Canadian Securities Association (CSA) and Canadian Institute of Chartered Accountants (CICA) developing guidance and proposing what boards should be doing in the area of risk oversight.
"But the best and most authoritative source of practical antifraud recommendations still is Managing the Business Risk of Fraud: A Practical Guide, which the ACFE, the American Institute of CPAs and the Institute of Internal Auditors jointly issued in 2008," Leech said.
According to the Guide,
- "The foundations of an effective fraud risk management program are rooted in a risk assessment, overseen by the board, which identifies where fraud may occur within the organization.
- "A fraud risk assessment should
- be performed on a systematic and recurring basis,
- involve appropriate personnel,
- consider relevant fraud schemes and scenarios, and
- map those fraud schemes and scenarios to mitigating controls.
- "The existence of a fraud risk assessment and the fact that management is articulating its existence may even deter would-be fraud perpetrators."
In addition, Leech said, "The presence of an appropriately trained and experienced CFE on the fraud assessment team helps ensure the identification of all significant fraud risks and the entire team's consideration of the best available information on the likelihood and potential consequences of those risks."
The CFE's role therefore continues to be a central one: ensuring intercommunication and sharing of information among senior management, the board of directors and all others (e.g., CFOs and compliance and internal audit chiefs) responsible for the effectiveness of fraud detection and prevention programs.
Implementing such proactive anti-fraud measures should help reduce the number of real-life J.R.-style CEOs — or at least get them to change their ways.
Robert Tie, CFE, CFP, is contributing editor of Fraud Magazine and a New York business writer.
Read more insight and discuss this article in the ACFE's LinkedIn group.
The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or www.ACFE.com. ACFE follows a policy of exclusive publication. Permission of the publisher is required before an article can be copied or reproduced. Requests for reprinting an article in any form must be emailed to FraudMagazine@ACFE.com.