Closing the ‘Fraud Prevention Canyon’ with Counteractive Control Development

In Brief

Fraud continues to be a pervasive problem for businesses across the world. Nevertheless, most business ethics programs are compliance driven and thus fail to address an important component of fraud—the risk of latent rationalization at the individual level. The authors recommend adopting counteractive control development programs that can significantly improve the effectiveness of an organization’s ethics program by reducing this risk in its workforce. Their proposal is a step-by-step, adaptable plan for the implementation of a counteractive control development program that can be used by organizations of all sizes, types, and industries.

***

Over the past three decades, corporate scandals such as Enron, WorldCom, Wells Fargo, and Valeant Pharmaceuticals have stirred a heightened focus on the causes of fraudulent behavior and ethical lapses in the context of large businesses. These scandals have also triggered a movement by public companies to develop ethics programs and by the accounting profession to compel accountants to be ethical leaders. Despite these efforts, fraud remains a massive problem. The most recent Report to the Nations: 2018 Global Study on Occupational Fraud and Abuse, a biennial report published by the Association of Certified Fraud Examiners (ACFE), identified 2,690 cases of occupational fraud from 125 industries, with total losses exceeding $7 billion. Moreover, small businesses, defined as those having fewer than 100 employees, incurred not only the highest percentage of fraud-related cases (28%), but also the highest median loss per occurrence ($200,000). Medium-size businesses, defined as those having between 100 and 10,000 employees, represented 48% of cases, with a median loss of $100,000. All told, businesses lose an estimated 5% of total annual revenues to fraudulent behavior.

The continued pervasiveness of business fraud in the global economy creates serious doubts as to the sufficiency of current ethics programs in preventing fraud. Key statistics found in the ACFE report provide some important insights on how companies can reinforce their ethics programs and their ability to prevent fraudulent behavior within their organizations. Surprisingly, 94% of the perpetrators of fraud had no prior criminal record, and 85% had never been punished or terminated for previous occupational fraud. Ostensibly, ethical practices designed to screen out potentially unethical employees (e.g., pre-employment background checks) are not in themselves a guarantee of an ethical workforce. Thus, all businesses, no matter their size or type, must recognize the risk that they have some employees (i.e., decision makers) with marginal or underdeveloped ethical attitudes despite their efforts to screen such employees out during the hiring process. These decision makers represent a latent ethical risk to businesses, as they are the ones most likely to succumb to organizational or financial pressure and rationalize fraud; however, these decision makers are also perhaps the most likely to benefit from targeted programs designed to strengthen their individual ethical resolve (i.e., their integrity).

Most business ethics programs fail to specifically address the risk of latent rationalization at the level of the individual decision maker within the workforce, even though it is individuals who make ethical (or unethical) decisions. Consequently, these ethics programs miss an important ethical component in combating fraud. The discussion below first addresses the ethical orientations in business ethics programs, showing that most ethical orientations and ethical practices are based on federal compliance guidelines, which at best only target the latent risk of rationalization. Then it covers counteractive control development and the related techniques and practices that can potentially reduce latent rationalization risk at the level of the individual decision maker. The authors recommend adopting counteractive control development programs that can significantly improve the effectiveness of an organization’s ethics program by reducing the level of latent rationalization risk in the workforce. This article proposes an effective, step-by-step, adaptable plan for the implementation of a counteractive control development program that can be used by organizations of all sizes, types, and industries.

Ethical Orientations and Latent Rationalization

An entity’s motives for developing a business ethics program vary; most companies, however, report that implementation is driven by compliance issues, cultural values, or a combination of both. The primary objective of a compliance-based implementation is ensuring that the company’s ethics program includes the specific components suggested or required by legal standards. The Federal Sentencing Guidelines for Organizations provide the minimum requirements for an effective business ethics program. Meeting these requirements can mitigate the federal penalties assessed upon a company’s conviction under the Sentencing Reform Act of 1991. These requirements include—

• established standards and procedures,
• effective management oversight,
• pre-employment background checks,
• training programs,
• monitoring,
• consistent promotion of the ethics program throughout the organization,
• appropriate response procedures for criminal acts, and
• periodic reassessment and reevaluation to mitigate risk.

The ethics practices recommended as minimally consistent with the federal sentencing guidelines are—

• a formal code of ethics,
• a dedicated ethics or compliance officer,
• a formal ethics training program,
• an ethics (whistleblower) hotline,
• policies on managerial and employee accountability,
• policies for response and corrective action in the event of an ethical lapse,
• policies to reward and incentivize ethical conduct,
• assessment and monitoring procedures, and
• pre-employment screenings.

These practices often serve as the structure for a compliance-based implementation, especially for large companies.

A values-based or integrity-based implementation usually meets the compliance-based requirements, but also goes beyond mere compliance. A values-based implementation internally communicates and propagates the organization’s core ethical values to all managers, supervisors, and employees in order to promote ethical behavior and discourage ethical lapses. A high-quality, values-based implementation can perpetuate a high standard of integrity that becomes part of the fiber of the organization. Although a values-based implementation usually incorporates many of the compliance-based components (e.g., code of ethics, compliance officer, whistleblower hotline), the values proposition is the driving force.

The continued pervasiveness of business fraud suggests that ethics programs across the compliance-values continuum are not sufficiently effective. As discussed above, business ethics programs based on the Federal Sentencing Guidelines are directed primarily toward fraud prevention and detection―the “opportunity” leg of the fraud triangle. The other two legs, the forces of financial pressure and rationalization, relate more to an organization’s ethical culture than to its internal controls. It is imperative that organizations adapt their ethics programs to address the risk of latent rationalization. As demonstrated by the overwhelming existence of fraud in our economy, this risk has created a “fraud prevention canyon,” not just a mere gap.

A well-devised counteractive control development program can significantly reduce the risk of latent rationalization by focusing ethical employee decision-making on the employee’s long-term interests instead of short-term interests. Such a program provides experiential learning opportunities that empower individual decision makers with the ability to anticipate situations that may present temptations to rationalize potentially fraudulent behavior. The program enables decision makers not only to recognize and avoid these temptations, but also to safeguard their value systems and the achievement of their long-term career goals. Ultimately, organizations experience stronger cultures and higher performance.

Counteractive Control and the Impact on Rationalization

Counteractive control refers to the ability to resist short-term pressures in order to maximize the ability to make choices consistent with the individual’s long-term interests. Counteractive control is enhanced when a person is warned in advance of an upcoming temptation. The following analogy may prove helpful: If a piece of furniture is expected to be heavy, a person applies more force when attempting to move the furniture. Similarly, a person who has a goal not to cheat and who is told in advance that the temptation or pressure to cheat in a certain situation is strong reacts to such a temptation or pressure by exerting more effort to maintain the long-term goal of being an ethical person.

When short-term benefits conflict with long-term benefits, a self-control conflict arises. Decision makers who become aware that the short-term benefits threaten and are contrary to achieving their desired long-term outcomes have an increased willingness to resist the short-term benefits. This willingness to resist also increases in proportion to the value placed on attaining the long-term goal.

Decision makers may engage in different precommitment strategies to defer benefits to the long-term. These strategies include self-imposed penalties for failure to achieve long-term outcomes, or rewards for their achievement. Increasing a decision maker’s ability to tie the achievement of a long-term outcome to a core internal ethical value enhances counteractive control. Advanced preparation for stress allows the decision maker to navigate the stressful situation successfully to more effectively obtain a long-term benefit.

Counteractive control theory has been applied in a variety of contexts, including diet and exercise, study habits, and medical procedures. In these applications, identification of a motivational goal, combined with a resolution to accomplish it, results in an increased likelihood of success. In terms of the fraud triangle, foreknowledge and awareness (i.e., identification) of a pressure situation, combined with the resolution to resist it, enhance a decision maker’s ability to exercise counteractive control and reduce the tendency to rationalize engaging in fraudulent behavior. Ultimately, unethical behavior is avoided because the decision maker has been warned in advance. The decision maker, by addressing the possible pressure point or stress point and deciding how to handle it in advance of actually experiencing the pressure situation (or a similar one), is equipped to make the right ethical choice instead of rationalize the wrong one.

The approach of focusing on counteractive control development of individuals differs from those approaches normally suggested to minimize financial pressure and rationalization. Traditionally, the ethical implications of financial pressure are addressed at the organizational level. For example, the Financial Executives Institute recommends that management set a positive tone at the top, lead by example, clearly communicate the organization’s ethical goals, and reward ethical behavior. In a similar vein, rationalization can be mitigated with a strong corporate culture that stresses honesty, integrity, and ethical conduct. These recommendations are usually implemented via developing a code of ethics, creating an ethics office, engaging in dialogue, and conducting surveys.

Although useful in lessening some of the effects of pressure and rationalization, ethics programs based solely on these practices are incomplete because they lack experiential development of decision-makers within the organization. Counteractive control development of individuals entails experiential learning and broadens the scope of an organization’s business ethics program. Furthermore, it explicitly recognizes that ethical decision making is ultimately an individual responsibility and action.

Implementing Counteractive Control Development in Practice

Counteractive control development workshops should be an integral part of a company’s employee orientation program. These workshops provide organizations with the opportunity to assess each employee’s ethical perspective and foundation. The workshops require multiple sessions over the course of one day or more. The length of the sessions will vary depending on the nature and size of the company’s business, the breadth of activities within it, and the industry in which it operates. A detailed approach for each session follows.

Contemplation techniques should be the starting point for strengthening employees’ counteractive self-control. Contemplation is effective in enhancing decision makers’ ethical choices because it provides a “cooling-off period” in which they can reevaluate their initial decisions. The initial session of a counteractive control development program will provide employees with opportunities to reflect on their ethical perspectives and foundations through the discussion and application of ethical principles and theories. Employees then will apply those principles and theories to situations involving ethical dilemmas or potential opportunities to commit fraud. This session will activate the moral perceptions and imaginations of employees, alerting them to the temptations and pressures proffered in the situations presented. During the session, observations can be made of responses to general situations that provide opportunities to potentially engage in unethical behavior. For example, an employee may be presented a scenario in which there is an opportunity to steal cash from the company under the belief that the theft will not be detected.

The second session of the counteractive control development program should enable each employee to distinguish between nonshareable pressure and organizational pressure. The fraud triangle defines pressure as a nonshareable financial need that typically arises from outside the organization and is personal in nature (e.g., lifestyle demands, addictive behavior, personal indebtedness). This definition is more consistent with employee fraud, such as theft and embezzlement; however, some of the largest corporate scandals (e.g., Enron, WorldCom, HealthSouth) involved managerial or financial statement fraud and resulted from organizational pressures to meet earnings targets and satisfy analysts’ expectations. Organizational pressures may be enhanced by personal pressures related to personal advancement or personal enrichment. Although development of counteractive control is helpful in resisting both types of pressure, the approach will necessarily differ depending on the type of pressure being discussed.

In the third session, employees will participate in exercises designed to reinforce their internal resolutions to act in the long-term best interests of both themselves and the organization. Participants should be allowed to freely identify and openly discuss pressure situations they may face, or currently face, in the work-place. Employees should be able to participate in these discussions without any fear of retaliation. It should be emphasized that these workshops will not be effective unless the environment for discussion is truly open and supportive. Ostensibly, the same emphasis applies to the effectiveness of corporate culture at fraud prevention and the promotion of ethical behavior within the company.

The final, or “impact” session, of a counteractive control development program encompasses experiential learning opportunities. Realistic simulation exercises tailored to the organizational roles of each participant are conducted. These exercises cover participants’ current responsibilities as well as anticipated responsibilities in the event of promotion, cross training, or continuity planning. During these simulations, emphasis is placed on those business activities in which fraudulent behavior can potentially occur. Examples of these activities may include, among others, the handling of current assets and liabilities, supply chain management and vendor relations, initiation of customer accounts, transfer pricing, incentive programs, and strategic tax initiatives.

The simulation exercises, combined with the prior sessions, aim to achieve two important goals: experiential development at the individual decision-maker level and reinforcement of an employee’s internal resolution to act in the long-run best interests of both the employee and the organization. The key to success in achieving the goals of each session, especially the impact session, is to create and sustain an open and supportive environment.

All employees should be required to participate in counteractive control development on an annual basis. It is not enough to offer this program only once at orientation. Over the course of a year, changes will undoubtedly occur in the organizational roles and responsibilities of some or all employees. Moreover, employees often experience changes in their life circumstances during any given year. These changes can affect employees’ ability to identify and avoid temptations, potentially causing them to engage in inappropriate rationalizations and make poor decisions in the workplace.

Providing counteractive control development on an annual basis will allow employees to revisit their ethical perspectives and foundations, remind them of the need for self-awareness in the work-place, and reinforce the importance of a strong ethical workplace culture. Annual counteractive control development programs should be designed to—

• address promotions and increased responsibilities;
• reset the ethical mindset of each employee;
• reinforce each employee’s commitment to the mission, culture, and ethics program of the organization; and
• allow employees to freely discuss pressure situations they face in their roles within the organization and in their personal lives.

The annual program can be conducted at various levels: departmental, divisional, regional, and organizational. Simulated and tailored exercises should continue to be used in an open and supportive environment.

Counteractive control development workshops, conducted either at orientation or on an annual basis, should be tied to and followed up by workshops related to the company’s mission, culture, and ethics program. These higher-level workshops should reaffirm the contributions of counteractive control development to the company’s mission, culture, and ethics program, as well as encourage employees to stand firmly on their ethical foundations and to maintain a healthy awareness of potential opportunities for fraud and other unethical behavior in the workplace. Again, employees should be assured that the company culture and structure allow for openness and the ability to report any such opportunities or ethical violations by others. This would lead to enhancements in the internal control system and increased effectiveness at fraud prevention. Ultimately, counteractive control development will reduce audit risk and enhance the reliability of financial statements. As a result, investors and the public should have increased confidence in financial reporting and the accounting profession.

Further Benefits

Enhancing an organization’s ethical culture by allocating resources to development of counteractive control will also have secondary benefits. First, the perceived morality of an organization’s ethical culture can enhance its attractiveness to new hires and increase the satisfaction and commitment of the existing workforce; by helping to strengthen ethical culture, counteractive control training can thus indirectly improve the organization’s ethical demographic. Second, because individuals’ moral codes are influenced by their constituent groups, counteractive control development will propagate its effects throughout the organization’s ethical culture.

Consider some of the well-known recent ethical lapses in the business community. With an ongoing focus on instilling counteractive control, how many of these costly ethical lapses might have been avoided? Would Wells Fargo have engaged in its unethical sales methods had employees been instilled with counteractive control through a regular ongoing program? Would various accounting and finance employees at Enron have made the right initial decisions when confronted with seemingly minor choices that ultimately led to their becoming complicit in massive financial statement fraud? Would an employee at a client’s small business have chosen to report a questionable action or a violation of a control that allowed a theft or embezzlement to go undetected?

Companies already widely recognize and respect CPAs’ role in evaluating and establishing effective internal controls, fraud prevention, and fraud detection. Recommending the implementation of counteractive control development in a business can add value and potentially spare the company both monetary losses and loss of valuable employees. Developing and delivering effective counteractive control development programs could even become a service area for CPA firms. Most importantly, development of strong counteractive controls will contribute significantly to the prevention of business fraud.