These survey findings suggest that executives may not have a proper
appreciation of cybercrime risks. Respondents see hackers as the biggest
concern (48%) and are underestimating the risk from organized crime
syndicates as well as foreign states.
The survey included in-depth interviews with more than 2,700 executives across 59 countries, including chief financial officers, chief compliance officers, general counsel and heads of internal audit. Nearly 40% of all respondents believe that bribery and corruption are widespread in their country. (See Appendix 1 to this release for a list of country results.) With respondents portraying a business environment of pervasive corruption in many countries, it would appear that management and boards are struggling to respond to long-standing threats, let alone addressing emerging risks such as cybercrime.
David Stulb, Global Leader of EY’s Fraud Investigation & Dispute Services (FIDS) practice says, “With high-profile cybercrime incidents making headlines on a regular basis, boards should expect management to have a robust incident response strategy in place. Pressure on companies for timely disclosure of breaches is rising in many jurisdictions as well, so these issues require attention from the legal and compliance functions. The U.S. Securities and Exchange Commission is increasingly focused on cyber risks as they relate to the integrity of financial statements too, so audit committee members have to be alert to today’s cyber threat environment.”
This is alarming given that these executives are apparently exposed to circumstances which threaten their integrity on a regular basis. Twenty-one percent of CEOs said that they had been approached to pay a bribe in the past, compared with 10% of all C-suite interviewees.
Worryingly, given their role in setting an ethical tone from the top, a significant minority (11%) of CEOs considered misstating financial performance to be justifiable in order to help a business survive an economic downturn, compared with 6% of all respondents.
Stulb continues, “Given the risk of management overriding financial controls, the implications for boards from these findings about C-suite integrity are serious. Enhancing board connectivity with business and finance leaders in the company – but below the C-suite – would be useful to confirm that the board is getting the full and accurate picture. With regulators committing additional resources to prosecuting financial statement fraud, and cooperating frequently with prosecutors from other jurisdictions, the stakes have never been higher.”
David Remnitz, EY’s Global FIDS Forensic Technology Leader, adds: “Regulators are investing heavily to bolster their ability to mine big data from corporations for potential irregularities. The latest data visualization tools can help to identify revenue recognition or procurement-related red flags earlier and more efficiently. Boards should be asking how management is leveraging forensic data analytics to get the most from their big data in order to improve compliance and investigative outcomes.”
The survey included in-depth interviews with more than 2,700 executives across 59 countries, including chief financial officers, chief compliance officers, general counsel and heads of internal audit. Nearly 40% of all respondents believe that bribery and corruption are widespread in their country. (See Appendix 1 to this release for a list of country results.) With respondents portraying a business environment of pervasive corruption in many countries, it would appear that management and boards are struggling to respond to long-standing threats, let alone addressing emerging risks such as cybercrime.
David Stulb, Global Leader of EY’s Fraud Investigation & Dispute Services (FIDS) practice says, “With high-profile cybercrime incidents making headlines on a regular basis, boards should expect management to have a robust incident response strategy in place. Pressure on companies for timely disclosure of breaches is rising in many jurisdictions as well, so these issues require attention from the legal and compliance functions. The U.S. Securities and Exchange Commission is increasingly focused on cyber risks as they relate to the integrity of financial statements too, so audit committee members have to be alert to today’s cyber threat environment.”
Is the C-suite making the right risk management choices?
The C-suite’s difficulties can only be heightened by insufficient awareness of the risks they face. Our survey found that they are less likely than their teams to attend anti-bribery/anti-corruption (ABAC) training (38%) or participate in an ABAC risk assessment (30%).This is alarming given that these executives are apparently exposed to circumstances which threaten their integrity on a regular basis. Twenty-one percent of CEOs said that they had been approached to pay a bribe in the past, compared with 10% of all C-suite interviewees.
Worryingly, given their role in setting an ethical tone from the top, a significant minority (11%) of CEOs considered misstating financial performance to be justifiable in order to help a business survive an economic downturn, compared with 6% of all respondents.
Stulb continues, “Given the risk of management overriding financial controls, the implications for boards from these findings about C-suite integrity are serious. Enhancing board connectivity with business and finance leaders in the company – but below the C-suite – would be useful to confirm that the board is getting the full and accurate picture. With regulators committing additional resources to prosecuting financial statement fraud, and cooperating frequently with prosecutors from other jurisdictions, the stakes have never been higher.”
David Remnitz, EY’s Global FIDS Forensic Technology Leader, adds: “Regulators are investing heavily to bolster their ability to mine big data from corporations for potential irregularities. The latest data visualization tools can help to identify revenue recognition or procurement-related red flags earlier and more efficiently. Boards should be asking how management is leveraging forensic data analytics to get the most from their big data in order to improve compliance and investigative outcomes.”
The need to reinvigorate compliance
The survey also found that compliance fatigue within businesses appears to have set in at a time when they can least afford it. In a regulatory environment in which international cooperation is becoming more frequent, our respondents described a largely static internal compliance environment:- One in five businesses still do not have an ABAC policy
- 45% of organizations have not introduced a whistleblowing hotline
- Less than 50% of respondents have attended ABAC training
- Less than a third of businesses are conducting anti-corruption due diligence as part of their mergers and acquisitions process.
