Poor Culture and Fraud Risk Mismanagement – Survey Hints That the Connection Isn’t Widely Understood

Scott Moritz, Managing Director Protiviti Forensic

Protiviti and Utica College’s latest White-Collar Crime and Fraud Risk Survey report revealed that organizations continue to lag in employing sound fraud risk management practices – a finding that, to me, signals a lack of understanding of the interrelationship between fraud risk and ethical culture.

Culture, fraud and misconduct are inextricably linked. When organizational leadership and managers do not understand the fraud risks that are nuanced to their organization, fail to perform regular fraud risk assessments or deprioritize fraud risk management, the inaction can have unintended consequences and cause the organizational equivalent of “broken windows.”

The premise of the “broken windows” theory in criminology is that when a neighborhood has broken windows, garbage piling up on the street, graffiti and other visible signs of inattention or abandonment, this indicates to the residents of that community that no one is paying attention and that government resources, such as police, are deployed elsewhere. This apparent decay breeds criminality by emboldening those who are inclined to commit crimes, leading them to conclude that this neighborhood is not a priority for the police or local government. Similarly, inattention to fraud risk and failure to take proactive steps to identify and mitigate it indicate to the employees of an organization that fraud risk management is not a priority, and it alerts employees with bad intentions that committing fraud carries little risk of detection.

Whether they are actual broken windows in an urban neighborhood or the metaphorical broken windows stemming from inattention to fraud risk, both suggest poor ethical culture. The vast majority of people want to take pride in their communities and employers. When their leaders fail to address the broken windows, the culture of those communities and organizations deteriorates, and the entity suffers the consequences.

The obvious consequence of immediate concern is quite simple: Organizations that do not expend the time and effort to fully understand fraud risk are far more susceptible to fraud and risk, facing larger fraud losses due to fraud schemes that carry on longer than in organizations with a more proactive stance. Worse still, inaction with regard to fraud risk can also be a danger sign about ethical culture. When a scandal breaks and witnesses are interviewed in the subsequent internal investigation, they frequently reveal that they knew or strongly suspected that the problems at the center of the investigation had been going on for years.   What does that say about the company’s leadership or speak-up culture? Is it that they did not care, or is it that they simply enabled a culture in which the ends justified the means?

Following an explosion of recent, front-page scandals, the national dialogue has been focused on culture and efforts to measure it. Indeed, measuring culture is one way to expose the type of open secrets that can predict future scandals. But until the interrelationship between ethical culture and fraud risk becomes part of the conversation – leading to the prioritization of fraud risk assessments, fraud controls and robust fraud risk management, and to boards of directors and senior management exercising appropriate fraud risk governance – lack of attention will continue to undermine culture, leading to more fraud in a vicious cycle of organizational decay.

1 comment

  • Really good article. Too often I see conduct type frameworks not incorporating Fraud and AML components under that umbrella, and instead managing as bespoke components. Opaque models and lack of consolidated oversight of misconduct leads to diffusion of responsibility/accountability and the broken windows analogy you describe. Thanks for your efforts in covering this important issue.