Wipro CFO is wrong

Raju, a small boy from Satyam never paid attention to the blogs to which he was subscribed to. I know he had read a few stories of ethics in the recent past. Not sure what made him open up for his misdeeds early this year. But, I am sure it's not my case studies that made his conscience take this call. I know many big leaders who are subscribed to my case studies never read it or if they read, they never give it a thought and if they do so, it's too late.

Raju is now arrested by Andhra Pradesh police on charges of criminal breach of trust, criminal conspiracy, cheating, falsification of records and forgery and faces a long imprisonment if convicted of misleading investors.

Dr. Byrraju Ramalinga Raju, the founder and Chairman of Satyam Computers, did his B.Com from Andhra Loyola College at Vijayawada prior to receiving an MBA degree from Ohio University. He has attended the Owner/President course at Harvard. For his achievements and contribution to society, he has been awarded Doctorate by Anna University Chennai on 14 Dec 2007 a year back. He had been awarded with Ernst & Young Entrepreneur of the Year Services Award 1999 and E&Y Entrepreneur of the Year 2007. He has also been held Dataquest IT Man of the Year Award 2000 and Asia Business Leader Award 2002 says wikipedia. (When & where Raju went wrong?)

This icon of leadership for India has now indicated that Satyam's accounts had been falsified over a number of years. He admitted to an accounting fraud to the tune of some 7000 crores rupees. He successfully covered-up this one for long. And surely, he deserves his award for the creative accounting and window dressing.

I was reading to transcript of a speech by Mr. Suresh Senapathi from Wipro on Corporate Governance and I want to quote him for his idea about corporate governance with entrepreneurial vision. He says that we have to create a framework and fabric of strong corporate governance for company's longevity. He emphasized on a strong entrepreneurial spirit known to churn out best professional managers marked to global benchmark of excellence for continued and sustained excellent results. Agree.

Now think about brands which gives you mark of the excellence for e.g. E&Y Entrepreneur of the Year Award. Mr. Senapati says Satyam is one of case. I really don't agree with him here. We all need to take responsibility for the Raju's failure. It's also not enough if we call it a third party system failure. It's like Pakistan claiming that it's not our mistake and its India's own weak security and its own internal political issues which remains the root cause of attacks on Taj & Trident.

PWC was auditor so they are under scanner. Other big fours see a business opportunity with this latest happening. Some are coming out with new solutions in areas of fraud and forensic investigation and others are coming out with new corporate governance regime and some are coming out with a new survey. Just to remind you, please fill the survey by KPMG, if you have received it. God Knows but that might help us find out the root cause of such problems which remain hidden for long enough and then to find out a solution which can create revenue generating opportunities for the big accounting firms and that might also bring back the lost confidence of inventors as a byproduct.

It can't be one of case for sure. There are many that remain to be unearthed and that's why the opportunity is. Current change in economic as well as political scenario will bring out some more misdeeds. Capital market and money market failures too will bring out many more. It's the time when conscience of many more will wake up. So wait and watch.

And the reality is, the corporate world has really failed to find the root cause for such sudden shocks. Satyam is no exception. Wipro CFO is wrong.

See this small video and draw correct analogies.



Forward or comment upon this article using below links.

Open The Fraud Triangle

Fraud surveys suggest roughly 80 percent of all frauds during last 80 years were discovered by accident. In early days the primary objective of Internal Audit was to discover fraud but the objective changed gradually while above sort of misinterpreted statistics made way for a widespread complacency in this regard.

Fraud universe is all frauds that exist during a given point in time. This fraud universe is basically composed of three categories of fraud. Category 1 includes fraud which has been or is being prosecuted and its details are available in public domain. Category 2 includes all fraud which has been discovered but not prosecuted. And Category 3 includes fraud which has not been discovered. Now, the question is what proportion of fraud is in each category?

The fraud trend researchers, who examined the fraud universe and came up with the 80 /20 statistics, had not categorized the frauds as above. But obviously, if there are three categories to fraud, and no one can argue with that, then we have a situation similar to dead fish in a lake. The dead fish float to the top while live healthy fish continue swimming deep down inside the water surface.

Let's talk about fraud discovered but not prosecuted. The question here is why does anyone ever discover fraud but not prosecute? One reason mentioned quite often is to avoid the embarrassment, the trouble and the legal costs, etc. But it is something much more meaningful which deters prosecution. In many instances victims find themselves in situations where they are certain that fraud has occurred, but the evidence is not sufficient to assure conviction in a court of law. The clever fraud perpetrators leave little evidence of their crimes.

Fraud detection usually begins with the discovery of innocuous bits of evidence which only gives hints or red flag to suggest fraud has occurred. It is the reactive auditor's job to search for the necessary additional evidence which will enable prosecution. Contrary to general impressions fraud is rarely found substantially documented and evidenced by the auditors.

Fraud only becomes fraud when a court of law determines that a defendant is guilty of fraud. Up until then he or she is presumed innocent. Accordingly, all cases in this category are to be kept confidential. Thus, the fraud trend researchers, who have determined the 80/20 percentages, might not have an opportunity to examine the frauds in Category 2.

Category 3 is obvious. Anyone perpetrating a fraud is not likely to tell you about it. Researchers cannot examine those cases to categorize them in any way. And they could never be included in the 80/20 percentages. One of the secrets to getting fraud from Category 3 to Category 2, and from Category 2 to Category 1, are trained people who know how to find and accumulate evidence. Most auditors don't know how to accumulate evidence. But key to increase the trend towards the upper categories is training in fraud detection and discovery and in accumulating the evidence one needs to convince a judge or jury.

What percentage of fraud do you think is in Category 2? Is it 10 percent, 20 percent, 50 percent or 75 percent? How much percentage for the fraud in Category 1? 50 percent of the universe? Now, many would agree to believe that it is around 10-20 %. In other words, around 80-90 percent of the perpetrators are smart enough not to leave evidence around. They plan their crime, they don't leave evidence around, and they don't get foolishly detected.

How does Internal Audit detect fraud then? Internal Auditors need proactive fraud auditing. Detecting fraud is much like fishing. When fishing, a fisherman must first decide what type of fish he or she wishes to catch. Each different type of fish requires different search methods, bait or recognition criteria. What works for one type of fish, or fraud, is not likely to work for another type. What works for saltwater fish will not work for freshwater fish. What works to catch trout will not work when fishing for bass.

Just as in fishing, there are different types of fraud, each of which requires a different detection method. Just to mention a few, there is duplicate payment fraud, multiple payment fraud, defective delivery fraud, defective pricing fraud, contract rigging fraud, shell fraud, defective shipment fraud and unbalanced bidding fraud.

Suspicious Minds & Frauds

Risk of fraud is lurking on every business. A recent survey suggested that fraud is increasing at the rate of 15 percent per year. Turn on the television or read the newspapers, it is common to find a story relating to fraud or financial manipulation. Frauds stories involving insurance, medical, securities, government, payroll, banking, telecommunication or credit card are just to name a few. These frauds involve but are not limited to inflated sales or profits, over stating expenses, employee or management misappropriations, related party transactions and security manipulations. Our story is no different.

It was late in night when Prabhakar called Deven. He wanted to know if Deven had any serious suspicion during the last audit at Axel, an advertising firm and a crucial client of Prabhakar & Co. Deven wondered why Prabhakar would have called up so late enquiring about an audit which had closed six months back. Prabhakar wanted to know if there were any suspicious circumstances like long outstanding in debtors' ageing statement or alteration of invoices etc. Deven soon sensed a seriousness and urgency in his voice. ''Is everything alright?'' asked Deven, an Audit Manager with Prabhakar & Co.

Prabhakar had a meeting with Mr. Raj Tilak, Chairman of the Audit Committee at Axel that evening for discussing a recently discovered fraud at Axel wherein the COO of the company was found to be involved. Prabhakar revealed to Deven that the audit committee chairman has held him negligent in failing to detect and report the suspicious circumstances.

Deven asked curiously why Prabhakar was asking about the debtors' ageing statement and alteration of invoices. Prabhakar told Deven that many invoices sent to a client company were understated compared to the copy of those invoices which were used to account for the revenue in the books of Axel. Prabhakar disclosed to Deven that there was a conspiracy between the COO and one of the Account Payable Staff of the client company. This staff of the client company had provided the COO with a fudged balance confirming statement to cover up the mischief. The COO wanted to meet his annual sales target and was to reverse the scheme in the subsequent periods.

Deven immediately understood which client Prabhakar was talking about. He recalled asking the COO about the unrealized amount in the ageing statement. He also remembered the COO assuring him of recovery of the said amount as he himself was after the client company for its recovery. The COO had also showed him a letter from the company confirming the balance. Also, when he had located two invoices with the same number but having different amount, the COO had provided a vague explanation and suggested it to be a one of error.

Deven remembered how the Chief Internal Auditor of Axel had insisted him to remove the audit observation on long outstanding debtors from the report before the closing meeting. Deven had suspected the authenticity of the statement confirming the balance from the client company but the Chief Internal Auditor had told him that the third party evidence is always one of the most reliable evidences. He had told him that in his career of 25 years as an Internal Auditor he have never doubted the third party evidence and Deven still needs to learn how to use his skepticism appropriately.

Prabhakar told Deven that we have definitely missed on our duties. Deven just kept mum during the entire communication.

Internal Auditor should be reluctant to accuse anyone when a fraud is suspected and give the person the benefit of doubt until the facts and circumstances warrant otherwise. The auditor has a duty to review all situations that seem unusual. Be a skeptic even though you are criticized for being so. Only thing to keep in mind as an Internal Auditor is to focus on the audit strategy rather than abusing somebody when encountered with suspicious circumstances. Also, reporting suspicious circumstances is not enough as you have a duty to dispel your doubts by employing more procedures and documentation.

Do you think you have ever been in a position similar to that of Prabhakar or Deven or the Chief Internal Auditor of Axel?

If your answer is No, enjoy the video herein below.

Cheeni Kum : A Fraud by Chef

Mr. Rao, the Chief Internal Auditor of a five star hotel chain was stunned to hear Anil, a young audit executive, who wanted to expose various incorrect practices that were being carried out by the chef-in-charge of one of the hotel properties of the chain. The Chief Internal Auditor and General Manager of the property told him to shun the findings as the chef had been selected as best chef of the year for achieving record favorable food cost percentage. The chef-in-charge's performance was evaluated based on food cost percentage, a relative measure of Food & Beverage (F&B) cost and F&B revenue

Disappointed Anil from the co-sourcing IA firm finally decided to make a note of these findings in the permanent audit file for future reference when he found out that there was no way he could blow a whistle.

The inventory system of the chain provided for outlet-wise ordering and food costing. The chef-in-charge ordered for the high food cost items in name of the outlet, where sales margins were higher. In such cases no accounting had been done for inter outlet transfers and thus benefit of incorrect indenting were transferred to inefficient outlet so as to meet the targeted outlet-wise food cost percentage.

Many times chef-in-charge had been issued with high value raw materials on basis of post dated requisition by the storekeeper to be charged in subsequent periods to avoid reporting of adverse food cost percentage during current appraisal period.

Calculation of food cost was being done after adjusting cost of hospitality checks i.e. check raised for free food served. Thus, food cost percentage was calculated incorrectly, measuring efficiency of the operations of the outlet. Evidences were found of incorrect adjustment of wastage, spoilage and leakage in food cost through hospitality checks. This was done to keep these costs out of the books to achieve a better food cost percentage.

Thus, a non deserving chef had been selected for the award based on the KPI which was manipulated and miscalculated.

Many hospitality players nowadays are implementing latest POS and material management system but they lack proper management accounting practices. With increased empowerment they have achieved innovation but gaps exist in understanding of evolution of control system. It is not enough that the management just sees, touches, smells, tastes and hears the relationship between input and output or oversees the behavior of various personnel. A structured monitoring, end-to-end analysis of completeness, activity based management is a must to add value.

Ethical Shoplifting - Retail Story

If you think risk of shrinkage in a retail outlet can be reduced completely with latest technological controls like bar codes, smart tags, RFID, Scanners, and CCTV together with tight physical security then you may probably need to rethink.

Ethical shoplifting is a fraud story of a food retail chain in Mumbai. The story has dramatic scenes of shop lifting and shop un-lifting and inventory leakage without physical goods moving out of the store. If you wonder how it is possible to have inventory leakage without physical goods moving out unethically and voids. Read more.

A year back, I was on an assignment for a retail giant at their Lower Parel Office in Mumbai; one gentleman approached me and asked me if I am again on a hunt? I was surprised to hear the words and I felt that I have seen him earlier before.

I had managed to break traps of this Mr. Fraud when he was working with a renowned retail chain in Mumbai as a supervisor. Although he had changed his job since then to work with this biggest retail giant in Mumbai; he remembered me distinctly and how I had caught him and his tricks in the past. He was looking humble but cunning still.

This smart man has seen various store situations, peak time footfalls, power failures in stores, consumer disputes, and night times of cash counting etc. He had discovered around 10-12 tricks to earn Rs. 4000-5000 every day i.e. around 1% of the revenue of the store.

I am sharing one of his tricks here which is about ethical shoplifting/ un-lifting.

People leave articles at the cash counters before they settle their bills. They dont want to purchase may be. Even some times people return articles immediately after the same gets billed. People have disputed because they have been told to pay first and then return it at the sales return counter to get the money back. Many people paid less and left the articles at the counter. This is all about billing errors and mood changes of the customers. You cannot think what all happens at peak hour at a food retail hypermarket in crowded urban city like Mumbai and when customer service is your motto.

Duplicate bills. If you are a Retailer, I am 150% sure that use of duplicate invoices are not getting tracked properly in your store. I bet, just check back.

Mr. Fraud with his one favorite cashier had done the trick. They were managed to print duplicate bills on basis of which they picked up articles from the racks inside the store to send to the sales return counter as if articles were left behind by the customers after they have been billed but for which no collection could have been made.

The sales return counter had seen such situations and disputes with customers earlier. So, he could easily believe the circumstances. He could not perceive a risk because it never involved GIVING as no cash refund involved at the outset. Moreover he received the article which needed to go back on the racks after the due procedures. Mr Fraud, who was a supervisor un-lifted the lifted material at the sale return counter with the duplicate bill which had the sale of the article.

The cashier removed that much cash from the sales. At time of final cash reconciliation short cash got adjusted for the sales return. No one ever questioned the inter-counter cash adjustments between cash counter and sales return counter as there was a physical material present in view which got un-lifted at the counter some hours back in the good spirits. At night every body wants to go home. In morning, all controls are paper works and you will never know what had happened last day.

If you doubt that with strong physical control no cashiers can take cash out of the store, then mind your thought as it is the easiest of all. You can have hundreds of secret pockets and baskets in which cash can go out. NO POCKET policy is a flop. I could catch this trick of his and his other 12 tricks because I had an idea of some thing called THREADS. THREADS are always there.

My next study is on Just in Time (JIT) Inventory Method Blunder. This is not a fraud story but incorrect application of JIT.

After this, I want to write on ENRON & BOW-FORCE. I know you will like to know in brief how SOX had taken birth to take away millions of dollars from the corporate world and it is unfortunate that the situation is still the same and chances of corporate frauds have never reduced at all.

Nowadays many want to look SOX as a process improvement tool rather than Fraud Prevention Assurance Tool. I bet; all big minds have again missed it completely and ethically justifying higher controlling costs.

Bye for now.

Duplication in Processes

I was given an assignment a few years back to find leakage of revenue in a disco outlet of a five star hotel in Mumbai. I was quite excited about the place. Mind you!! It is still one of the most happening places in Mumbai.

I remember I had met the outlet manager and discussed about the processes. He said there are good controls like continuous vigilance by CCTV, proper segregation of duties, strict control over cash handling, accurate and well documented revenue reconciliations, coupon stationery controls and so on.

Those days while searching on Google, I came across an interesting web page saying 101 ways to cheat in a Restaurant and Bar. I was amazed to see such a material on the net. I am not sure if controllers in hospitality industry know this. These were tricks of the trade. I thought, like an ethical hacker, some day I will be working as an ethical control breaker to see if controls can be broken or overridden. I had started to do abstract thinking and visualizing immediately.

To enter that disco outlet, you had to pass through bumpers, the men who see if you are an eligible character to enter the disco. Then you have to purchase coupons either by credit card or cash from the cash counter to be able to enter the disco. Sales of coupons were recorded in the POS system immediately.

The bar tender were required to take correct amount of coupons for drinks served. These coupons were minced or shredded before putting in a locked box; the keys of which were with the food & beverage controllers.

Room guests of the hotel were also required to purchase coupons to enter the disco. They could settle coupons purchased directly in their room folio from the POS.

Room guest were also given a facility inside the disc to run a tab, a facility by which one can have drinks without paying every time. Idea was to settle all the drinks at the end on the basis of tab recorded by the bar tender. These tab consumptions too were charged to folio of room guests by the cashier in presence of the bar tender.

Once amount was settled no one could change anything in the system and there were proper revenue reconciliations happening.

Although controllers and outlet manager told me that the controls are effective and current monitoring system is able to mitigate the possibility of any substantial mischief, I had approached with a mind-set to challenge the existing processes like an ethical hacker.

Clear evidence of duplication of the process was revealed to me. Dues of room guests could be settled directly to room folio when running a tab and for the purchase of coupons.

I could see if I were a cashier, I would have beaten the system to earn some extra money every night. The job remained was to see if cashiers were thinking like me or not and to gather the evidence of such a possibility.

It was then simple. To do a mischief it was required to show some drinks sold against running tab as sale of coupons to room guests and then to remove that much coupons for a personal gain without getting accounted for those.

On close scrutiny it was revealed that for some of the room guests there were two checks prepared for every tab in addition to a check prepared for purchase of coupons at the time of entry into the disco.

Out of those two checks, one was charged directly to the room folio for a part of the tab consumption and remaining was charged to room as sale of coupons. Although the correct amount was charged to the room folio, the cashiers could embezzle the coupons without getting noticed in the reconciliation process.

All evidences were present of effectiveness of controls. However, there was a trick. Although it looked so simple, no body thought of it initially. It was both a control effectiveness and efficiency issue. Once problem identified solution was simple.

The case study presented here is for intentional mischief where duplication of process was involved. However, duplications can also lead to unintentional leakages. Also, this is just one of the aspects to be kept in mind while testing effectiveness and efficiency of controls.

Duplication can cause problems in higher level processes too. I am aware of a case wherein a Business Head of an Advertising Agency was involved in manipulating his Sales KPI (Key Performance Indicator).

My next case study is devoted to Ethical Shoplifting at a Food Retail Chain. This is again an interesting mischief happened in one of the Retail Chain in Mumbai despite of having all of so called good controls. This will be followed by one case study on Risk of incorrect benchmarking and incorrect process improvement initiative and failure of Just in Time Inventory Method.

Till then, I want you to live with following thoughts.

One needs to challenge the existing in an ethical way. Some of the ethical hackers who hack into technological systems with due permission of the corporate were just below 15 years of age. It does not require experience but the power of abstract and radical thinking and knowledge of the tricks.

Dont you think you need some one who can beat your systems, of course ethically? Its about efficiency of controls. One of our services is to increase efficiency of your controls.

Note: I thought a story like case study will be more appropriate than a structured one. However, I will look forward to your comments.