Mazars Ireland Survey Shows Irish Businesses Suffering from Occupational Fraud and Abuse and Compliance Program Shortcomings

On May 21, Irish Tech News reported that the Irish professional services firm Mazars Ireland published the results of a survey to examine occupational fraud and abuse in Ireland.  The survey, conducted in February 2019, obtained information from nearly 100 senior figures in the Irish private, nonprofit, and public sectors for insight into the level of actual occupational fraud and abuse.

Key findings from the Mazars survey included the following:

• Approximately 50 percent of respondents had suffered a loss due to occupational fraud and abuse in the past two years. The average financial loss was between €10,000 and €20,000.
• Twelve percent of respondents suffered losses greater than €500,000 in the past two years.
• The principal causes of such losses related to the theft of cash (32 percent) and of goods (19 percent), but businesses also experienced losses due to expense fraud (16 percent) as well as payroll, invoice fraud, and conflict of interest issues.
• Thirty-three percent of the frauds reportedly was detected by internal audits, and 25 percent by whistleblowing or “speak up” channels.
• Nearly two-thirds (65 percent) “had not undertaken a formal fraud risk assessment or implemented proactive data monitoring across their business operations.”
• Approximately 34 percent of respondents “did not have formal investigation procedures or anti-fraud policies in place.”
• Forty percent placed a high degree of reliance on the head of internal audit to perform Investigations.
• Eighty percent “provided a strong indication that they have whistleblowing or speak up arrangements in place.”
• Forty percent indicated that, in addition to their own organizations’ staff, customers and suppliers could also use the organizations’ whistleblowing arrangements.

The report also “pointed to a worryingly low level of awareness of anti-bribery and corruption legislation amongst Irish businesses.”  Fifty percent of respondents reportedly were unaware of the recent Criminal Justice (Corruption Offences) Act 2018, “which introduced the new corporate liability offence and allowed for a corporate body to be held liable for the corrupt actions committed for its benefit by any director, manager, secretary, employee, agent or subsidiary.”

Note: The Mazars survey provides strong indications that Irish small, medium, and large private- and public-sector concerns need to review the state of their fraud risk management programs, and be prepared to remedy any significant shortfalls in risk and compliance program implementation.  Certainly not all businesses and agencies can completely prevent fraud directed at their operations, but when nearly two-third of respondent companies have not even conducted formal risk assessments or put proactive data monitoring in place, they run the risk of substantial losses and – depending on the industry, nonprofit, or government function they perform – further adverse consequences from regulatory enforcement actions.

The survey’s finding that half of respondents are unaware of the new Irish corruption-offenses legislation, which has been in force since July 2018, also indicates that public- and private-sector entities need to undertake a new round of publicity and training about the Act’s key provisions.  In addition to the corporate-liability offense and “failure to prevent”-style liability mentioned above, businesspeople and government employees need to recognize that the Act contains a number of other new offenses that expands criminal liability to other aspects of corruption.  These include active and passive trading in influence; an Irish official doing a corrupt act in relation to his or her office;  giving a gift, consideration, or advantage, knowing that it will be used to commit a corruption offence; creating or using false documents; and intimidation where a threat of harm, rather than a bribe, is used.

Irish  companies and agencies, regardless of their size, need to incorporate that information into their internal trainings and briefings, and to expand their compliance programs appropriately, including internal controls, if they are to be able to demonstrate the effectiveness of those programs.