Who are the Whistle Blowers
(also thanks to Strategy + Business magazine for alerting us to this research)
Who finds the fraud in businesses today? The SEC? Not if you read the research by Alexander Dyck, Luigi Zingales and Adair Morse. They looked at 230 cases of corporate fraud involving more that $750 million in assets. Their report is a great read and it covers a number of issues, findings and recommendations in its very accessible report body (approx. 44 pages). I highly recommend this as a must read.
Here’s a great quote from this report:
“We find that no specific actor dominates the revelation of fraud. Even using the
most comprehensive and generous interpretation, shortsellers and equity holders revealed the fraud in only 9 percent of the cases. Financial analysts and auditors do a little better (each accounting for 14 percent of the cases), but they hardly dominate the scene. The Securities and Exchange Commission (SEC) accounts for only 6 percent of detected frauds by external actors. More surprising is the key role played by actors who lack a direct role in investment markets, such as the the (sic) media (14 percent), non-financial market regulators (16 percent), and employees (19 percent).
As interesting as who detects corporate fraud are who did not. Stock exchange
regulators, commercial banks, and underwriters are notable for their complete absence. Also, private security litigation plays a minimal role (less than 2 percent) in the detection of fraud. This does not mean that it is useless to prevent fraud, since it could be the mechanism through which people committing fraud are forced to pay for their mistakes. But it does suggest that this mechanism cannot work alone. It needs another (vast) set of institutions to help bring fraud to light.”
Also interesting was the time required for different groups to detect the fraud. Plaintiff lawyers took 31.4 months while the SEC took 21.2 months, employees took 20.9 months and financial analysts/short sellers only 9.1 months.
Information like this point out that the current wave of GRC (governance, regulation and compliance) technology and legislation is either unnecessary or may not produce the desired effect governments are hoping for. Certainly, governments may claim that SarbOx and its relatives are needed to give the SEC a better success rate but the fact that so many other constituencies are identifying fraud (and faster, too) than the SEC may suggest that better answers lie elsewhere.
I’d like to see more automation re: auditing and how major auditing firms re-invent their businesses. We should expect auditors to have real-time access into client information systems and using tools that automatically highlight questionable transactions for immediate review. The idea of an annual audit seems so out of place in this modern age. An annual review of the books may have made sense in Luca Pacioli’s time (i.e., 1493 AD) but not now with the technology, analytics and other capabilities available to auditors.