Share this
Mister Wong
Digg
Del.icio.us
Slashdot
Furl
Yahoo
Technorati
Newsvine
Googlize this
Blinklist
Facebook
Wikio
Hear this text
Print
E-mail
Tags
Survey unearths grim SA-picture
Of South African respondents to a recent global economic crime survey, 60% were victims of one of more frauds in the last 12 months. Cybercrime is on the rise and companies generally reported a significant increase in tax fraud and market fraud and to a lesser extent insider trading, while there are increasing numbers of internal economic crimes carried out by senior management.
This is the disturbing picture coming from a newly released Global Economic Crime Survey by professional services firm PwC.
Louis Strydom, Head of PwC's Forensic Services Practice, says that this increase is also reflected in a shift in the South African perpetrator profile towards senior management. In 2011, 36% of internal economic crimes were carried out by senior management, compared to only 17% in 2009. "These economic crimes require access to sensitive information and more sophisticated know-how which senior management usually possess.
"These crimes have previously not been as prevalent in South Africa and the increase could suggest that organisations need to revisit their fraud risk management frameworks to ensure that they are able to deal with the emerging threats," Strydom says.
The Global Economic Crime Survey, carried out every two years, was conducted among 3 877 senior representatives from more than 70 countries. In South Africa 123 organisations across 19 industries took part in the survey. The study shows that economic crime remains a challenge for business leaders worldwide, particularly in South Africa where 60 % indicated that they had experienced some form of economic crime in the 12 months preceding the survey, compared to the global average of 34%. On the positive side, the survey found that this overall prevalence of economic crime in South Africa has decreased from 83% in 2005.
- 12/12/2011 08:51 - Final word
- 09/12/2011 12:27 - Cycle safety
- 09/12/2011 09:29 - Economy
- 09/12/2011 09:17 - Worth a read
- 05/12/2011 14:28 - Final word
- 22/11/2011 09:03 - Cyber war
- 21/11/2011 15:25 - Piracy
- 21/11/2011 10:06 - Final word
- 15/11/2011 08:46 - Digital media
- 14/11/2011 15:44 - Fighting Piracy
Detection
Strydom says that detection is a key element in managing the risk of economic crime. The survey found that detection methods under management's control were responsible for 69% of detections in South Africa, compared to 72% globally. This is encouraging as it vindicates the investment in anti -fraud controls. However, 14% of detections occurred by accident which means there is room for improvement locally.
The most effective detection methods were formal risk management procedures (including fraud risk assessments), automated suspicious transaction reporting (both contributed 16% of the detections) and internal audit (11%). The various tip-off methods (internal tip-off, external tip-off and formal whistle-blowing mechanisms), together contributed 20% of detections.
Given the effectiveness of formal fraud risk management structures, it is surprising that 28% of organisations had not performed a fraud risk assessment at all and 14% indicated that they were unsure whether any fraud risk assessment had been performed. The most common reason given by companies for not carrying out a fraud risk assessment was uncertainty about what such a risk assessment involves.
The countries that reported high levels of fraud (40% or more) include Kenya, South Africa, Australia and New Zealand, suggesting that fraud is not only endemic in developing countries. Jurisdictions that reported low levels of fraud (25% or less) include Japan, Indonesia, Italy and Greece. However, these results can be affected or distorted by ineffective fraud detection methods or the reluctance of organisations in those countries to report fraud.
For the first time since PwC carried out the survey, economic crime in South Africa is being committed equally by internal and external perpetrators. Globally, the majority of crimes are still being committed by internal parties.
Overall South African organisations resorted to criminal and civil action more often than their global counterparts. However, with regard to the most serious economic crime committed by insiders, South African companies took no action in 6% of cases, opted for employee transfers in 3% or warnings in 14% of cases. Strydom says this is worrying as it suggests that these perpetrators still remain within the organisation and may be able to commit further transgressions. It is important for organisations to demonstrate zero tolerance for economic crime and set the right tone.
Cybercrime
Cybercrime has emerged as a significant contributor to economic crime losses in South Africa and is considered the fourth most common economic crime after the misappropriation of assets, bribery and corruption, and financial statement fraud. South African respondents indicated that reputational damage and direct financial loss were their two main concerns with regard to cybercrime.
Based on the PwC study, 60% of organisations felt that the risk of cybercrime had increased in the past 12 months, compared to only 39% globally. Strydom noted, "46% of South African respondents see the threat of cybercrime as exclusively external. Cybercrime usually requires access to protected information. Employees, agents, contractors, customers and other individuals that have access to an organisation's premises and systems are likely to have access to such information." It is therefore important that organisations recognise cybercrime as an internal threat as well.
Based on the survey's findings, South African companies and their global counterparts still have some way to go in dealing with cybercrime.
For instance, the findings also show that few organisations have all the elements of a holistic cybercrime prevention and response mechanism in place. Strydom says that one would expect the overall responsibility of addressing the risk of cybercrime, to lie with senior management. However, the survey shows that in 10% of South African organisations the respondents were unsure who should be tasked with this responsibility. A further 37% thought the Chief Information Officer should be responsible. This is an interesting observation, as the King 3 Report on Corporate Governance, recommends that the board deal with IT, which includes IT security.
A significant percentage (59%) of organisations stated that they monitored their employees' use of social networking sites. "Online access is not as cheap and readily available as in developed countries and this may lead to a higher percentage of South African employees accessing their employer's internet for personal use than their global counterparts," says Strydom. While social media sites such as Facebook, Twitter or LinkedIn may not be a direct source of cybercrime, social media sites can be used to collect information about a targeted individual, to research certain staff members or to install malware onto the user's computer, making the cybercrime more effective.
Around 47% of South African respondents stated that their losses for the 12 months before the survey amounted to more than US$ 100,000, with 11% reporting that their losses ranged between US$ 5 million and US$ 100 million. "Organisations also noted collateral damage such as impact on reputation/brand, share price, employee morale, business relations, loss of market share, and relations with regulators," Strydom says.
Despite the declining overall prevalence of economic crime in South Africa, the risk remains pervasive and South African organisations will need to remain vigilant, especially in these depressed economic conditions. Advances in technology are fast-paced, as are fraudsters. Those organisations ready to understand and embrace the risks and opportunities of the cyber world, will be the ones to gain competitive advantage in today's technology driven environment. Establishing the right "tone at the top" is key in the fight against economic crime.
