"This city, this province, this country has a reputation of being the best location to carry out white collar crime, corporate fraud, in the industrialized world."
These words were delivered by corporate director Spencer Lanthier as he received something of a lifetime achievement award at the annual Institute of Corporate Directors dinner last year.
Guests at my table were shocked to hear this, as was I. But it's not out of sync with this recent headline: “Toronto lost nearly $1M to fraud in 2011, auditor-general reveals.”
The issue raises many questions, but among them are a couple I'm particularly interested in: do directors on boards play a role in detecting and deterring fraud, and can they be held responsible, or even liable, if they do not fulfill this role properly? Increasingly, the answer to both is yes, especially given new U.K. and U.S. legislation following the financial crisis.
A bank director once told me that the number one role of a director was to watch for fraud. That may be true. So here is a list of 10 red flags and suggestions based on my work with companies accused of fraud or other malfeasance—some were pretty high profile.
1. The audit committee must fully understand how the company’s business model, estimates and judgmental choices by management give rise to potential manipulation of financial reporting by that management. Members should be selected and educated on this basis. Financial literacy is a low bar not set high enough. Educate yourself on how fraud happens if you are a director or audit committee member. If necessary, hire an expert to report to you individually or in closed session with the committee without any member of management present.
2. If your organization does not have an internal audit function, install one appropriate for your organization. The head of internal audit must report directly and confidentially to the audit committee and cannot be overridden by any company officer. If necessary, internal audit should report directly to the board.
3. The audit committee must approve the independence, budget, work plan and succession of the head of internal audit. The board should direct the CEO and CFO to commit resources for further design and test of internal controls whenever necessary.
4. As a director, you are entitled to any piece of information and access to any personnel in fulfilling your duties under any circumstance. If any manager blocks you from doing your job, consider it a red flag. Go on unscripted company tours unaccompanied by management to test for tone and culture whenever you can.
5. Direct management to conduct a survey on company culture, assisted by an independent firm, with results reported directly to the board. Act on the results. You may have a toxic workplace with undue influence, internal control override and bullying and not even know it.
6. The independent whistle-blowing hotline must have a protected mechanism for people to come forward. When fraud happens, fellow employees know and are your best source of defence. If employees do not have confidence that they can come forward and have a proper investigation conducted, they won’t—and fraud will fester. Whistleblowers can go to regulators directly now (in the U.S.) and participate in a monetary reward. If they don’t have confidence in the hotline, they will quit, acquiesce or go directly to the regulator.
7. Direct independent advisors (consultants, and now auditors) to conduct a risk assessment of all management compensation packages to ensure compensation is not driving potential fraud, such as bonuses awarded on profit.
8. If any company officer is not 100% transparent with you, this is a red flag. You should meet in executive sessions without management in the room to discuss your concern, which is likely shared by other directors. If the CEO or CFO lacks integrity, the tone at the top is broken and you have a serious problem. You do not need a reason to fire your CEO.
9. Your responsibility as a director is to direct when necessary. Legislation gives you this power but protocols enable it. If management has undue influence and keeps you at bay, your protocols are likely deficient. Boards, committees, chairs and directors all need terms of reference now. Don’t let management draft these important documents; they have an interest in not giving you the power you are entitled to by law. Draft your own protocols or have someone independent do it.
10. Above all, be vigilant and assertive when necessary. For both past and present directors, no amount of compensation can ever repair the legal and reputational damage inflicted by allegations of fraud or other misfeasance. The number one regret directors have is not speaking or acting when they should have. Don’t let this happen to you.
Richard Leblanc is a lawyer, corporate governance academic, speaker and an independent advisor to leading Canadian and international boards of directors.