Executive Roadmap to Fraud Prevention and Internal Control: Creating a Culture of Compliance

By Martin T. Biegelman and Joel T. Bartow

Published by John Wiley & Sons, 2006; ISBN: 0471739278
416 pages, $39.95 (Hardcover)

Reviewed by Anthony Tarantino

E-mail Story Print Story

The book is heavy on real-world experience, case studies, and proven methods in preventing fraud and white-collar crimes. It provides realistic steps to create proactive and cost-effective antifraud programs for companies of all sizes, and will serve companies well in helping them to comply with a rising bar of regulatory compliance, satisfy investors, and maintain a competitive advantage.

The work builds on earlier fraud-prevention handbooks to demonstrate the critical need to create a fraud-prevention culture in the Sarbanes-Oxley corporate environment. The authors make an effective argument that it takes years to develop the internal controls, education, training, and executive “tone at the top” to realize a truly effective antifraud program, yet it takes only moments to destroy it.

The scandals of the 1990s and the resulting regulatory reforms have fundamentally changed how white-collar crime is viewed. Prior to Enron, WorldCom, and similar public-relations disasters, it was not unusual to look at white-collar crime as much less threatening to our way of life than violent and blue-collar crime. But when millions of investors saw their retirement accounts destroyed, the climate changed to one demanding greater financial-reporting transparency and vigorous prosecution of corporate wrongdoers.

The authors’ case studies should be seen as eye-openers in preventing an environment ripe for fraud: a too-large percentage of accounting staff from temporary agencies; disparate financial systems; loose audit controls; high personnel turnover; and aggressive financial goals.

Section 404 of the Sarbanes-Oxley Act (SOX) requires robust internal controls to maintain segregation of duties and prevent both fraud and errors. The authors use fascinating fraud stories and case studies to demonstrate that fraud prevention must be closely aligned with internal auditors’ efforts to maintain internal controls. Unfortunately, some internal auditors still take a passive approach to fraud prevention, while others see fraud prevention as just an opportunity to greatly expand the importance of the internal-audit process. Ironically, despite the high cost of implementing SOX section 404, the authors note that less than 20% of fraud is detected from internal-control measures.

The authors demonstrate that greater corporate compliance, accountability, and ethical conduct are not only mandated by SOX. They explain the role of the AICPA , whose Statement on Auditing Standards (SAS) 99 requires more-robust fraud prevention measures. They also explain the importance of the historic “Thompson Memo,” in which former U.S. Deputy Attorney General Larry Thompson laid out tougher corporate-fraud principles to guide Justice Department prosecutors. The authors argue that every CEO and CFO should carefully read the Thompson Memo and be well aware of the consequences of noncompliance.

The authors make a compelling argument for background checks and whistleblower programs. They demonstrate that employees are the primary source for tips; about 60% of all tips are from employees; 20% are from customers; 15% are from suppliers; and 13% are from anonymous sources. They also argue that whistleblower programs are better administered by third-party providers than by internal resources.

Even though a history of credit and drug problems is a major factor in creating a motive for fraud, they note that only about one-third of companies conduct credit checks and less than two-thirds perform drug screening.

With the growth of global trade and outsourcing, fraud risks outside of the United States are growing. Corruption and bribes are common practice in much of the world, where Western notions of financial transparency are neither well understood nor accepted. The Foreign Corruption Practices Act (FCPA) imposes heavy fines and jail sentences for U.S. companies that bribe foreign government officials. Some U.S. companies have circumvented the FCPA by creating joint ventures to oversee their dirty work. These schemes will become more risky with the greater scrutiny that SOX section 404 imposes on internal controls and that section 409 imposes on joint ventures and special-purpose entities in general.

The authors provide a highly readable and realistic primer for any company or government agency seeking to establish a world-class fraud investigation and prevention program in light of the new compliance environment created by the SEC, the U.S. Justice Department, and the New York’s Attorney General’s Office. Their book is also helpful for executives and middle managers in small to mid-sized companies who may not realize the threat from fraud or the relationship between fraud prevention and good corporate compliance. Additionally, the book is useful to those charged with fighting fraud as law-enforcement agents and within companies, nonprofits, and government agencies.