Security fraud risk is highest in the financial sector followed by the information, communication and entertainment sector, a survey by KPMG Forensic Survey 2006 has revealed.
While 23 per cent respondents believed that banking / insurance / mutual funds / AMCs sector was the highest risk sector, 17 per cent said NBFCs / investment banks, 10 per cent venture capitalist / private equity, 10 per cent telecom and 9 per cent said media / software as the highest risk sector.
However, it was also observed that to a large extent the potential threat was also dependent on the sector in which the organisation operated. For example, the maximum threat faced by the media was from employees as well as suppliers.
Responding to the reasons why an organisation is threatened by frauds, 24 per cent respondents blamed it on the poor internal controls while lack of ethical values among employees was considered the main reason by 20 per cent respondents. Almost equal (19 per cent) number of respondents thought it was the collusion between vendors and some employees.
Only 35 per cent of the respondents agreed that they had received some training on how to implement anti-fraud procedures and controls, and out of these people, 63 per cent indicated that these programmes were conducted once a year.
According to the survey, 59 per cent of the respondents rated their control for protection of IP as average, while 18 per cent said they needed improvement. Only 23 per cent said it was excellent.
The results of this survey indicate that a majority of the organisations (77 per cent) realise the importance of conducting background checks for employees who have access to sensitive information or restricted areas.
Almost 39 per cent of the respondents indicated that their organisation had been affected by fraud in the last one year while the majority (49 per cent) replied in the negative.
The survey showed that the majority of the frauds reported by respondents were identified either through the organisation’s own internal audit department or were notified by a third party (both were at 27 per cent). This suggests that an organisation’s fraud control programme should allow external parties to report allegations or suspicions of fraud.
The survey respondents were asked about proactive measures being employed in their organisation to mitigate fraud risk. 36 per cent of the respondents said that they had a code of conduct while 16 per cent had an ethics policy in place. 43 per cent of the respondents replied that they had both of these in place in their organisations.
It was observed through the responses that a significant portion (37 per cent) of the respondents agreed that either they did not have any system in place for reporting of suspicions of fraud, corruption or misconduct or they were not sure of the same, while 63 per cent said that they did have such a system in place.
In January 2006, KPMG’s forensic practice conducted the survey by sending questionnaires to over 1,000 organisations across India, which included some of the largest private sector companies, public sector companies and other organisations.