Tag Archives: code of ethics

Beyond the Sniff Test

Many years ago, I worked with a senior auditor colleague (who was also an attorney) who was always talking about applying what he called “the sniff test” to any financial transaction that might represent an ethical challenge.   Philosophical theories provide the bases for useful practical decision approaches and aids like my friend’s sniff test, although we can expect that most of the executives and professional accountants we work with as CFEs are unaware of exactly how and why this is so. Most seasoned directors, executives, and professional accountants, however, have developed tests and commonly used rules of thumb that can be used to assess the ethicality of decisions on a preliminary basis. To their minds, if these preliminary tests give rise to concerns, a more thorough analysis should be performed using any number of defined approaches and techniques.

After having heard him use the term several times, I asked my friend him if he could define it.  He thought about it that morning and later, over lunch, he boiled it down to a series of questions he would ask himself:

–Would I be comfortable as a professional if this action or decision of my client were to appear on the front page of a national newspaper tomorrow morning?
–Will my client be proud of this decision tomorrow?
–Would my client’s mother be proud of this decision?
–Is this action or decision in accord with the client corporation’s mission and code?
–Does this whole thing, in all its apparent aspects and ramifications, feel right to me?

Unfortunately, for their application in actual practice, although sniff tests and commonly used rules are based on ethical principles and are often preliminarily useful, they rarely, by themselves, represent a sufficiently comprehensive examination of the decision in question and so can leave the individuals and client corporations involved vulnerable to making unethical decisions.  For this reason, more comprehensive techniques involving the impact on client stakeholders should be employed whenever a proposed decision is questionable or likely to have significant consequences.

The ACFE tells us that many individual decision makers still don’t recognized the importance of stakeholder’s expectations of rightful conduct. If they did, the decisions made by corporate executives and by accountants and lawyers involved in the Enron, Arthur Andersen, WorldCom, Tyco, Adephia, and a whole host of others right up to the present day, might have avoided the personal and organizational tragedies that occurred. Some executives were motivated by greed rather than by enlightened self-interest focused on the good of all. Others went along with unethical decisions because they did not recognize that they were expected to behave differently and had a duty to do so. Some reasoned that because everyone else was doing something similar, how could it be wrong? The point is that they forgot to consider sufficiently the ethical practice (and duties) they were expected to demonstrate. Where a fiduciary duty was owed to future shareholders and other stakeholders, the public and personal virtues expected (character traits such as integrity, professionalism, courage, and so on), were not sufficiently considered. In retrospect, it would have been wise to include the assessment of ethical expectations as a separate step in any Enterprise Risk Management (ERM) process to strengthen governance and risk management systems and guard against unethical, short-sighted decisions.

It’s also evident that employees who continually make decisions for the wrong reasons, even if the right consequences result, can represent a high governance risk.  Many examples exist where executives motivated solely by greed have slipped into unethical practices, and others have been misled by faulty incentive systems. Sears Auto Center managers were selling repair services that customers did not need to raise their personal commission remuneration, and ultimately caused the company to lose reputation and future revenue.  Many of the classic financial scandals of recent memory were caused by executives who sought to manipulate company profits to support or inflate the company’s share price to boost their own stock option gains. Motivation based too narrowly on self-interest can result in unethical decisions when proper self-guidance and/or external monitoring is lacking. Because external monitoring is unlikely to capture all decisions before implementation, it is important for all employees to clearly understand the broad motivation that will lead to their own and their organization’s best interest from a stakeholder perspective.

Consequently, decision makers should take motivations and behavior expected by stakeholders into account specifically in any comprehensive ERM approach, and organizations should require accountability by employees for those expectations through governance mechanisms. Several aspects of ethical behavior have been identified as being indicative of mens rea (a guilty mind).  If personal or corporate behavior does not meet shareholder ethical expectations, there will probably be a negative impact on reputation and the ability to reach strategic objectives on a sustained basis in the medium and long term.

The stakeholder impact assessment broadens the criteria of the preliminary sniff test by offering an opportunity to assess the motivations that underlie the proposed decision or action. Although it is unlikely that an observer will be able to know with precision the real motivations that go through a decision maker’s mind, it is quite possible to project the perceptions that stakeholders will have of the action. In the minds of stakeholders, perceptions will determine reputational impacts whether those perceptions are correct or not. Moreover, it is possible to infer from remuneration and other motivational systems in place whether the decision maker’s motivation is likely to be ethical or not. To ensure a comprehensive ERM approach, in addition to projecting perceptions and evaluating motivational systems, the decisions or actions should be challenged by asking such questions as:

Does the decision or action involve and exhibit the integrity, fairness, and courage expected? Alternatively, does the decision or action involve and exhibit the motivation, virtues, and character expected?

Beyond the simple sniff test, stakeholder impact analysis offers a formal way of bringing into a decision the needs of an organization and its individual constituents (society). Trade-offs are difficult to make, and can benefit from such advances in technique. It is important not to lose sight of the fact that the concepts of stakeholder impact analysis need to be applied together as a set, not as stand-alone techniques. Only then will a comprehensive analysis be achieved and an ethical decision made.

Depending on the nature of the decision to be faced, and the range of stakeholders to be affected, a proper analysis could be based on any of the historical approaches to ethical decision making as elaborated by ACFE training and discussed so often in this blog.  A professional CFE can use stakeholder analysis in making decisions about financial fraud investigations, fraud related accounting issues, auditing procedures, and general practice matters, and should be ready to prepare or assist in such analyses for employers or clients just as is currently the case in other areas of fraud examination. Although many hard-numbers-oriented executives and accountants will be wary of becoming involved with the “soft” subjective analysis that typifies stakeholder and ethical expectations analysis, they should bear in mind that the world is changing to put a much higher value on non-numerical information. They should be wary of placing too much weight on numerical analysis lest they fall into the trap of the economist, who, as Oscar Wilde put it: “knew the price of everything and the value of nothing.”

Homecoming 2015

FallLeaves2According to the ACFE presenter at one of our recent live events, 6.4 percent of worldwide fraud cases occur in the education sector, which represents the fifth most-targeted industry by fraudsters out of 23 reported by members of the ACFE.  And the three most frequent fraud schemes reported as perpetrated in the education sector are billing schemes, fraudulent expense reimbursements and corruption schemes.  Most of the reporting CFE’s also seem to agree that nonprofit institutions’ greatest fraud related challenge is mitigating reputational risk. Good faculty members and students won’t join fraudulent universities. Governments and donors won’t financially contribute to organizations they don’t trust.

Thus, institutions of higher learning aren’t anymore immune to fraud than any other large organization. However, the probability of occurrence of fraud risks may be somewhat higher in colleges and universities because of their promoted environment of collegiality, which may lead to more decentralization and a consequent lack of basic internal controls.  During recent years, Federal and state governments, as well as donors, have increased the pressure on universities to implement better governance practices and on their boards of governors to exercise their fiduciary responsibilities more efficiently.

Which brought our ACFE  speaker to the issue of regular risk assessments, but tailored specifically to the unique needs of the educational environment.  Colleges and universities around the world should be actively encouraged by their governing boards and counsels to perform regular fraud risk assessments and to vigorously implement and enforce compliance with targeted internal controls, such as proper segregation of duties and surprise audits. Of course, as with all organizations, universities can prevent fraud by segregating a task of requesting a financial transaction from those of approving it, processing the payment, reconciling the transaction to the appropriate accounts and safeguarding the involved asset. Surprise audits should be just that: unannounced supervisory reviews. This creates not just an atmosphere of collegiality and support but one in which the perceived opportunity to commit fraud is lowered.

As I’ve indicated again and again in the pages of this blog, the most powerful fraud prevention measure any organization can take is the education of its staff, top to bottom.  Educating faculty, staff members and students about the university’s ethics (or anti-fraud) policies is important not only to prevent fraud but to preserve the institution’s reputation. It’s also important to develop ethical policies carefully and implement them in accordance with the particular culture and character of the institution.  Culturally, universities, like most nonprofit educational institutions, don’t like heavy-handed policies, or controls, because faculty members perceive them as impediments to their research and teaching activities. After going through an appropriate anti-fraud training program, every employee and faculty member (many higher-education institutions actually view faculty above the instructor level as quasi-independent contractors) should come to understand the nature and role of internal controls as well as the negative consequences associated with fraud. University administrators, faculty and staff members can be motivated to prevent fraud on a basis of self-interest because its occurrence might affect their chances at future promotions and salary increases and tarnish the external reputation of the university, which could then affect its financial situation and, hence,  their individual prospects.

ACFE training tells us that organizational administrators who don’t get honest feedback and don’t hear fraud tips quickly can get in trouble politically, legally and strategically. All universities should implement user-friendly reporting mechanisms that allow anyone to anonymously report fraud and irregular activities plus give healthy feedback on leadership’s own strengths and weaknesses. This will keep direct lines of communication open among all employees and senior university administrators. These tools will not only strengthen the fight against fraud but also advance the university’s strategic mission and refine senior administrators’ leadership styles. You can’t manage something you can’t see.  Such tried and true mechanisms such as independent internal audit departments or audit committees, should oversee reporting mechanisms.

Still, many universities still resist pressure from their external stakeholders to implement hotlines because of concern they might create climates of mistrust among faculty members. Faculty members’ tendency to resist any effort to have their work examined and questioned may explain this resistance.  Necessary cultural changes take some time, but educational institutions can achieve them with anti-fraud training and a substantial dose of ethical leadership and tone at the top.

From a legal perspective, colleges and universities, like any other nonprofit organization, must proactively demonstrate due diligence by adopting measures to prevent fraud and damage to their individual reputations. They’re also financially and ethically indebted to governments and donors to educate tomorrow’s leaders by being able to demonstrate that their internal policies and practices are sound.

Senior university administrators must be able to show that they investigate all credible allegations of fraud. Independent, professional and confidential investigations conducted by you, the CFE, allow a victim university and its senior administrators to:

— determine the exact sources of losses and hopefully identify the perpetrator(s);
— potentially recover some or all of financial damages;
— collect evidence for potential criminal or civil lawsuits;
— avoid possible discrimination charges from terminated employees;
— identify internal control weaknesses and address them;
— reduce future losses and meet budget targets;
— comply with legal requirements such as senior administrators’ fiduciary duties of loyalty and reasonable care;
— reduce imputed university liability which may result from employee misconduct.

As CFE’s we should encourage client universities to adequately train and sensitize administrators, faculty and staff members about their ethics policies, codes of conduct,  and the general problem of occupational fraud in general. Administrators should also consider implementation of anonymous reporting programs and feedback processes among all stakeholders and among the senior administration.  They should consider performing regular fraud risk assessments and implement targeted internal controls, such as proper segregation of duties and conflict-of-interest disclosures. Senior administrators should lead by example and adopt irreproachable behaviors at all times (tone at the top). Finally, faculty members’ job incentives should be aligned with the university’s mission and goals to avoid dysfunctional and illegal practices. All easier said than done, but, as CFE’s,  let’s encourage them to do it when we have the chance!