Managing Business Integrity (eBook)

Dr. Stefan Heissner is head of the highly specialized division “Fraud Investigation & Dispute Services” (FIDS) at EY, the global professional services firm, as the Managing Partner responsible for Central Europe and the CIS countries. Before being engaged for the last 15 years in the field of forensic auditing, Dr. Heissner also worked for the police force for 15 years – most recently holding the rank of Detective Superintendent. Heissner is an internationally renowned expert in the fields of criminalistics and compliance, as well as being the author of numerous specialist papers and a popular guest speaker.

Preface 6
Acknowledgments 10
Contents 12
About the Author 16
1: Drivers and Trends 17
1.1 Basic Features of Manager Liability 19
1.1.1 Basic Principles of Compliance Obligations 21
1.1.2 Liability Based on the Regulatory Offenses Act and Stock Corporation Law 24
1.1.3 Criminal Liability 25
1.1.4 Civil Liability 26
1.1.5 Labor Law and ``Political´´ Responsibility 27
1.1.6 Digression: Protection in the Form of DandO and Fidelity Insurance 28
1.2 Relevant Legislation and Its History 30
1.2.1 The Beginnings: Tulip Mania and the South Sea Bubble 30
1.2.2 Foreign Corrupt Practices Act: Starfighter and Bananagate 32
1.2.3 Sarbanes-Oxley Act: Criminal Energy and Creative Accounting 34
1.2.4 Dodd-Frank Act: Shackling the Banks? 39
1.2.5 UK Bribery Act: Well-Oiled Arms Trade 40
1.2.6 Legislation in Germany 42
1.3 Social Conditions and Drivers of White-Collar Crime 44
1.3.1 Deterioration of Social Control 46
1.3.2 Increasing Complexity 47
1.4 Trends in Regulatory and Liability Law 48
1.4.1 Completing the Legislative Framework for Combating Fraud 48
1.4.2 Stricter International Regulations for Combating Corruption 49
1.4.3 Regulating Access to Resources 50
1.4.4 Regulating Social Factors 51
Literature 51
2: Perpetrators and Offenses 53
2.1 White-Collar Crime: A Practical Definition 54
2.1.1 Different Aspects for a Comprehensive Understanding of White-Collar Crime 54
2.1.2 Alternative Term: ``Deviant Behavior´´ 57
2.1.3 Overview of the Relevant Offenses Included Under ``Deviant Behavior´´ 58
2.1.3.1 Elements of the Fraud Tree: Misappropriation of Assets 58
2.1.3.2 Elements of the Fraud Tree: Financial Statement Fraud 59
Specialist Information: Special Elements of Fraud 60
2.1.3.3 Elements of the Fraud Tree: Corruption 60
Specialist Information: Elements of Corruption 61
2.1.3.4 Money Laundering 62
2.1.3.5 Tax and Balance Sheet Fraud 63
Specialist Information: Elements of Balance Sheet and Tax Law (Excerpt) 64
2.1.3.6 Other Relevant Offenses and How They Are Dealt with Under Criminal Law 64
Specialist Information: Elements of Insolvency Offenses (Excerpt) 64
2.2 The Development of White-Collar Crime 66
2.2.1 White-Collar Crime: A Necessary Evil of the Market Economy? 66
2.2.2 Sociological Aspects in the Development of White-Collar Crime 67
2.2.3 The Fraud Triangle: A Standard Instrument for Explaining White-Collar Crime 68
2.2.3.1 Opportunity 69
2.2.3.2 Rationalization 69
2.2.3.3 Motivation 69
2.3 Motives for White-Collar Crime 70
2.3.1 Motive: Pursuit of Social Status 70
2.3.2 Motive: Feeling of Obligation and Emergency Situations 71
2.3.3 Motive: Obedience to Authority 71
2.3.4 Motive: Pragmatism 71
2.3.5 Motive: Ignorance 72
2.3.6 Motive: Career Ambitions 72
2.3.7 Motive: Boredom 72
2.3.8 Motive: Pressure to Perform 73
2.3.9 Motive: Revenge 73
2.3.10 Motive: Social Recognition 73
2.3.11 Motive: Peer Pressure 73
2.4 Perpetrator Typologies in the Area of White-Collar Crime 76
2.4.1 An Overview of the Perpetrator Typologies 77
2.4.1.1 The Crooks: Criminals Through and Through 78
2.4.1.2 The Gamblers: Untouchable 78
2.4.1.3 Free Riders: Particularly Clever 78
2.4.1.4 The Neglected: Being the Hero Just Once 79
2.4.1.5 The Unsuspecting: Good Employees 79
2.4.1.6 The Lost: Feeling Wretched 80
2.5 The Consequences of White-Collar Crime 80
2.5.1 Extent of the Damage Caused by White-Collar Crime 82
2.5.1.1 Damage to Company Assets 82
A Blessing in Disguise: Promptly Identified Damage 83
Every Minute Is Critical: A Creeping Exponential Loss of Value 83
2.5.1.2 Damage Due to Fines and Sanctions 83
2.5.1.3 Damage to Innovation and Competitiveness 84
2.5.1.4 Damage to Public Reputation 85
2.5.1.5 Damage to Employees and the Corporate Culture 85
2.6 Conclusion: Management Bears the Responsibility 87
Literature 87
3: Forensics 89
3.1 Commissioning a Special Investigation 91
3.1.1 The Trend in Public Prosecutor´s Offices: The American Model 93
3.1.2 The Public Prosecutor´s Office and Companies: Divergent Interests in the Investigation of White-Collar Crime 95
3.1.3 The Crime Enforcement Authorities and Companies: An Increasing Level of Cooperation 96
3.2 The Process of a Forensic Investigation 97
3.2.1 Assessing the Current Situation and Tactical Considerations for the Investigation 98
3.2.1.1 Understanding Your Own Mandate 98
3.2.1.2 Evaluating the Investigative Environment 99
3.2.1.3 Determining the Level of Available Information 100
3.2.1.4 Courses of Action 100
3.2.2 Three Basic Rules at the Start of an Investigation 101
3.2.3 Concealment and Cover-Ups: Examples from Purchasing and Sales Departments 103
3.2.3.1 Corruption in Purchasing: Extremely Difficult to Prove Unequivocally 103
3.2.3.2 Fraud and Bribery in Sales: Identifying Critical Areas 105
Following the Money Trail 105
3.3 The Criminalistic Process and the Formulation of Hypotheses 105
3.3.1 Physical Documentation as a Source of Information 107
3.3.1.1 Collecting Documents and Sealing Access to Them 107
3.3.1.2 The Forensic Analysis of Documents Suspected of Being Falsified 109
3.3.1.3 The Reconstruction of Business Processes Based on Company Documentation 109
3.3.2 Electronic Data Analysis as a Source of Information 110
3.3.2.1 Safeguarding Electronic Data and Data Media During a Fraud Investigation 111
3.3.2.2 Making Different Types of Data Useful 111
3.3.2.3 Forensic Data Analyses 113
The Analysis of Structured Data 113
The Analysis of Unstructured Data 113
Assessment: Use in a Criminalistic Context 115
3.3.3 Background Research/Business Intelligence as a Source of Information 115
3.3.3.1 Tracing Money Flows 116
3.3.3.2 Tracing Fraudulent Networks 116
3.3.3.3 Identifying Individual People 117
3.3.3.4 Checking the Facts 117
3.3.3.5 Research on the Internet and in Online Databases 117
3.3.3.6 Research in Registers and Archives 118
3.3.3.7 On-Site Visits 118
3.3.4 Interviews and Audits as a Source of Information 119
3.3.4.1 Deciding the Order in Which Interviews Are Conducted 120
3.3.4.2 Creating a Suitable Atmosphere 120
3.3.4.3 Limit the Topics of Discussion 120
3.3.4.4 Interviewing Skills and Critical Appraisals 120
3.4 Investigations in the Future 122
3.4.1 Offenses and Investigations Are Increasingly Driven by Technology 122
3.4.2 Investigative Work Is Becoming Increasingly More Specialized 123
3.4.3 Investigation and Prevention Are Becoming More Closely Linked 123
Literature 124
4: Systems for Combating Criminality 126
4.1 Critical Preliminary Remark on the Design of Compliance Management Systems 129
4.2 Methodological Principles for Compliance Management 133
4.3 Compliance Culture, Compliance Objectives, and Compliance Communication: Elements of Strategic Corporate Management and th... 136
4.3.1 Examining Employees and the Corporate Culture 137
4.3.2 Harmonizing Compliance Objectives and Compliance Communication 138
4.4 From the Risk Assessment, Through the Compliance Program and Compliance Organization to Constant Improvement: The Control ... 139
4.4.1 Compliance Risk Assessment 139
4.4.1.1 Evaluating Previous Cases of Misconduct 148
4.4.1.2 Analyzing the Organization and Processes 148
4.4.1.3 Scrutinizing the Company Finances and the Accounts Department 148
4.4.1.4 Example Application: Corruption Risks 149
Who Do I Conduct Business With? 149
Where Do I Conduct My Business? 150
What Business Do I Conduct? 150
How Do I Conduct My Business? 151
4.4.1.5 Summary of the Subject of Risk Assessments 151
4.4.2 The Compliance Loop 151
4.4.2.1 Prevention 153
Policies and Procedures: Creating a Core Content 153
Compliance Awareness: Combining Theory and Practice 155
Incentivization: Creating Positive Incentives 156
4.4.2.2 Detection 157
Risk Assessments and the Formulation of Criminalistic Hypotheses as the Foundation for Non-event-Based Controls 158
Basic Instruments of Detection: Data and Contract Analyses 160
Other Examples of Detection Instruments 162
Pre-employment Screenings 162
Business Intelligence and Third-Party Due Diligence 163
Approval Limits and Access Controls 163
Management and Monitoring of Master Data 163
Accompanying Data Analyses 164
Physical Stocktaking 164
Whistleblower Systems as an Instrument of Detection 164
4.4.2.3 Investigation: Integration into the Compliance Loop 169
Case Management: Setting Up a Case Database 171
Direct Follow-Up Measures After an Investigation 171
Authoritative Assessment of the Damages 171
Claims for Damages Against Responsible Managers 171
Disciplinary Measures Against Employees 172
4.4.2.4 Remediation 173
4.4.3 Organizational Principles: Responsibilities, Reporting Channels, and Setting the System Up as a Company Department 175
4.5 Testing and Evaluating Compliance Management Systems 179
4.5.1 IDW PS 980: A Calibration Tool for Fully Functional Preventative Systems? 180
4.5.1.1 IDW PS 980: A Critical Examination Based on Its Practical Application 183
Literature 187
5: A Look Ahead to the Future 189
5.1 Compliance in Germany: An Overview of the Current Situation 189
5.1.1 The Control Paradox of Compliance and Its Negative Effects 190
5.1.2 The Danger of Pro-Forma Solutions 192
5.2 The Next Step: Protecting Corporate Values with Integrity 193
5.2.1 Compliance as a Strategic Management Theme 194
5.3 The Requirement for Compliant Business Practices in Global Competition 195
5.4 The Path to the Future: Good Corporate Governance 196
Literature 198