To Build Fraud Resistance, Companies Need ‘Manageable Dissent,’ Right Tone at Middle

Bloomberg BNA’s Corporate Law & Accountability Report is available on the Corporate Law Resource Center. This news service keeps corporate practitioners informed of legal developments of...

By Yin Wilczek

Jan. 8 — In building a fraud-resistant organization, companies must encourage “manageable dissent,” where employees feel they can voice views that diverge from “group think,” a panelist said Jan. 8.

Ken Daly, president and chief executive officer of the National Association of Corporate Directors, also said that although setting the tone at the top is easy, “setting the tone at the middle” is just as important. He observed that a lot of financial reporting fraud starts somewhere at the middle of the organization.

“What my experience indicates is that evangelizing” the tone at the middle “can be extremely difficult, and we need to look at different ways to get that accomplished,” he said.

Daly spoke at a webcast sponsored by the Anti-Fraud Collaboration to discuss a recent report, “The Fraud-Resistant Organization: Tools, Traits, and Techniques to Deter and Detect Financial Reporting Fraud.”

Ethical Culture

The Anti-Fraud Collaboration is a joint effort by the Center for Audit Quality, Financial Executives International, the Institute of Internal Auditors and the NACD that seeks to mitigate the risks of financial reporting fraud. Issued by the group in November, the report found that the risks for such fraud increases when individuals in a corporation's financial reporting supply chain—including its board, audit committee or auditors—don't fully understand their responsibilities or fail to execute them properly.

The report also found that three factors foster an environment in which financial reporting fraud is likely to occur:

• lack of an ethical culture and tone at the top;

• insufficient skepticism by players within the financial reporting supply chain; and

• insufficient communication between chain members.

During the webcast, Tracy McBride, FEI vice president of research and accounting policy, stressed that management should focus on setting the tone at the top by establishing appropriate expectations and through “positive daily behavior.” Senior managers must “not only talk the talk but also walk the walk,” she said.

A recent report by the Ethics Resource Center found that the most important factor in setting the right ethical tone is workers' perception of their leaders' characters.

Karl Erhardt, senior vice president and general auditor for MetLife, urged management to make the ethical message a “constant drumbeat,” even when things are going right. There are “tangible techniques” that provide “positive reinforcement” throughout the corporation, such as a system in which employees can give awards to each other, he said.

Rick Ueltschy, managing partner, U.S. Audit Services, at Crowe Horwath LLP, also suggested that to elevate the importance of the corporation's code of conduct and ethical framework, there should be more frequent and explicit discussions of the framework in day-to-day decisionmaking.

Risk Oversight

As to improving boards' risk oversight, Daly suggested that directors should fully educate themselves on:

• their companies' strategies;

• the incentives—not only compensation—that drive management and employees;

• how management deals with the pressures of achieving corporate goals; and

• emerging issues.

The education process will provide a great opportunity for the board to interact with the staff and management, Daly said.

In terms of whistle-blower hotlines—a key measure to uncovering corporate fraud—Erhardt urged companies to put themselves in the position of the complaining employee. That individual probably has not slept for days, and made the complaint because he or she thought it was the right thing to do, he said. By responding consistently, promptly and thoughtfully to the whistle-blower and adequately investigating his or her complaint, the company can foster a positive environment around its hotline, he said.

Ueltschy also said the hotlines may provide a “barometer” for the tone in the company. If a company is not receiving comments, that may not be a sign that everything is fine, he said. “When we're getting those calls, it's because people are comfortable making them,” he said. If the calls are not coming, “we need to ask what is in the culture that is stopping people from” stepping forward.

As to strengthening communications between the board and other supply chain participants, Daly suggested that “a lot of it is going to be tough love.” The first thing the board must do is build trust and support with the other chain members, he said.

Second, the board must set the expectation of what constitutes “good communication,” Daly said. Third, the board and management must learn to “speak in a common language.”

Auditor, Board Skepticism

In discussing board skepticism, Ueltschy urged auditors to understand their own psychology and biases. For one, they seldom find negative evidence pointing to corporate wrongdoing, and often that negative evidence results from management's misunderstanding of what is required rather than actual misconduct, he noted. This can lead to auditors being complacent when they do find negative evidence. “So one thing we try to ingrain” is that once auditors find negative evidence, they should search even harder for more negative evidence, he said.

In addition, auditors should put themselves in the place of the people who prepared the financial statements, Ueltschy said. For example, in the case of accounting estimates, auditors should consider whether such individuals may have been unduly influenced by management goals.

As to the board's skepticism, Daly warned that “asymmetric information”—the gap of information between the board and senior managers—is inherent. What the board must do is determine—through observation and inquiry—whether the risk of that asymmetric information has become too high, he said.

“Recognize that that risk is out there, and have some form of tripwire” for when the risk becomes too great, Daly suggested. Factors that may raise flags include corporate profits that differ from those of other industry players, he said.

Daly said that moreover, boards should:

• Set the stage for the even flow of information. For example, the board should call for executive sessions even when there is nothing that needs to be discussed, he said.

• Be careful how they frame their questions to ensure the questions are not driven by their own agendas.

• Educate themselves on the issues before a meeting so that the meeting can focus on actionable items, and everyone present has a common understanding of the issues.

• Foster an environment that allows C-level executives to say, “I don't know.” The culture has to be where people feel comfortable saying, “I don't know, I'll get back to you,” Daly said. 

Key Messages

The panelists offered some other key takeaways. Companies should elevate the prominence of fraud risk and antifraud efforts by ensuring they allocate enough “agenda time” for such matters when boards meet with the other supply chain constituents, Ueltschy said.

Daly said that board and management reports should be “more actionable,” perhaps by focusing on anomalies that raise “yellow flags.”

Erhardt called for more transparency and communication within an organization, but warned that to be effective, the communication must be “concise.”

McBride urged management to take the lead in detecting and deterring fraud. In doing so, they should seek support from supply chain partners and keep up to date on issues that could impact financial reporting, she said. “Don't rest on your laurels—if you see something, say something.”

To contact the reporter on this story: Yin Wilczek in Washington at

To contact the editor responsible for this story: Ryan Tuck at

The report is available at