Over on TheCorporateCounsel.net today, my colleague John Jenkins wrote about a new study on the use of technology in fraud detection/prevention recently published by the Association of Certified Fraud Examiners (ACFE). I looked at the report through an ESG lens. True, ESG matters were not specifically addressed, meaning either the survey was designed for a purpose that did not include ESG, or fraud in ESG has not yet caught the attention of ACFE/fraud prevention practitioners. To me – and others with an interest in fraud topics – it really doesn’t matter because the principles are broadly applicable.
What Kind of ESG Information Could be Subject to Fraud
Any reported or tracked ESG information poses the potential for fraud depending on specific situations. For example:
- Hiding bribes or other business practices that are illegal, unethical or inconsistent with codes of conduct.
- Altering or hiding country of origin of products/materials in order to avoid taxes, duties, sanctions/importation prohibitions or even reputational damage.
- Forging signatures on documents, or using fake documents entirely.
- Coercion of employees to answer auditor questions in a specific manner.
- Preventing auditor access to employees.
- Altering data or intentionally recording/logging inaccurate data.
- Modifying or interfering with sampling/monitoring equipment.
- “Pencil whipping” inspection and training logs/documents.
- Misrepresenting waste disposal volumes and locations, air emissions information, water use volume, wastewater management or employee health and safety incidents/statistics.
- Misrepresenting worker ages, immigration status, recruitment practices, wages paid or treatment in the workplace.
- Misrepresenting product information such as chemical content, recycled content or other sustainability attributes.
Where Does Technology Fit?
Similar to John, I noted a few of the overall findings of the ACFE report reflecting input from 800+ respondents:
– The variety of approaches for implementing anti-fraud analytics continues to grow; however, the study indicates that the most commonly used analytics are the tried-and-true techniques that organizations have found success with for decades. As John pointed out, this could be interpreted to mean that current fraud detection practices are outdated.
– Only one-third currently use internal data from unstructured sources. Unstructured data is data found outside structured databases and spreadsheets. Examples of unstructured data include text documents, email and instant messages and image files. Given that much of the ESG context relates to external stakeholders, external unstructured data could present a huge opportunity in ESG fraud detection.
– Only one-third use data from law enforcement or government watch lists. The study didn’t specifically explore whether this includes data from agencies like EPA and OSHA in the US for regulatory reported data.
– More than 50% use exception reporting and anomaly detection, as well as automated monitoring of red flags and business analysis as part of their anti-fraud programs.
– 60% anticipate increasing their spend for anti-fraud technology in the next two years.
Among the types of technology being used are:
- Emotional tone/sentiment analysis. This technology may help identify inconsistencies between how employees respond to interviews and their experiences/views expressed in social media or other venues for freely voicing opinions on working conditions.
- Geographic data mapping. This could be used to verify reported supplier, country of origin and waste disposal information.
- Text mining. Applicable to a wide range of text in internal documents and external information sources.
- Link analysis/social network analysis. Can help identify inappropriate or questionable links in supply chain business relationships or between employees/management and external parties such as regulators.
- Automatic red flags/business rules. Notifies management of attempts to bypass internal business rules, procedures and controls or other irregularities.
What This Means
The importance of ESG data and reporting to ratings agencies, investors, stakeholders and – increasingly – regulators has grown dramatically in the past few years. With that importance comes motivation to portray the company is the most positive light possible, even sometimes if that means committing fraud. Combined with a pervasive lack of meaningful internal controls around internal ESG information generation and validation, the three elements of the Fraud Triangle (motivation, rationalization and opportunity) can develop unfettered in organizations.
Companies must maintain vigilance for potential ESG fraud that could result in erroneous information disclosed to – and relied on by – third parties. I have long advocated using Internal Audit teams augmented with qualified technical ESG professionals as part of data and procedure verification processes. I’ve also written previously about PCAOB’s recent staff guidance for auditors to use in evaluating the relevance and reliability of evidence from external sources in financial audits – and why it applies to ESG too. New fraud detection technology has a role to play, but it may need to be adapted (or updating as John says) to fit ESG-specific applications.