Downturn brings risk to the fore

As companies are under increasing pressure to show shareholders they can still perform well in a depressed economic climate, experts are warning directors to make sure that risks are properly assessed, mitigated and controlled and that corners are not cut simply to reduce costs.

The Companies Act 2006, which came into effect last year, states that the duty of directors is to act in a way which they consider most likely to promote the success of the company for the benefit of its shareholders as a whole and that, in doing so, they will need to have regard “where appropriate” for long-term factors, the interests of other stakeholders and the community, as well as the company’s reputation. As a result, risks need to be identified and managed properly. And in an economic downturn, there are more risks to consider.

According to research by BDO Stoy Hayward, the UK’s largest technology businesses are living dangerously if they focus only on internal risks. And the lessons from the survey are likely to be pertinent to all businesses. Its analysis of the annual reports of the UK’s top 50 technology companies identified that directors were placing a stronger emphasis on developing people and projects, but at the expense of focusing on protecting company data and hacking, for example. (see Data-day risks below).

Ins and outs of risk
In a downturn, the risk of likelihood of fraud usually rises. As a result, Danny Davis, partner in the insolvency practice at law firm Mishcon de Reya, says directors need to ensure that an organisation’s internal controls and anti-fraud measures are working properly.

KPMG Forensic’s most recent Fraud Barometer showed that fraud by individuals within companies was widespread in the first six months of this year. Amid signs that companies may need to do more to shore up their internal fraud controls, lower-level employees accounted for more fraud than managers ­ £94m across 26 cases, compared to £63m across 20 cases by managers.

Managing threats
Generally, says the report, the biggest threat of fraud faced by most organisations comes from managers rather than employees, as they have seniority and trust and are in a position to influence or bypass systems and controls. But the predominance of employee fraud may well indicate that some companies lack suitably designed internal controls to prevent and detect fraud at lower levels within the organisation.

“As a result of the increased risk of employee fraud, directors need to make sure the organisation’s internal control framework is capable of preventing fraud, or at least capable of helping internal audit more easily find instances of it,” Davis says.

He also points out that as the UK is heading for recession, there is going to be increased pressure on companies to push back payment deadlines with suppliers, while trying to get customers to pay more quickly. As a consequence, he says, there are going to be more instances of companies trading while heading for insolvency.

“The credit crunch is going to make some directors take bigger risks with regards to how they try to manage their cashflow,” says Davis. “It is increasingly likely that more companies will be heading for insolvency in the coming months and directors need to make sure their companies do not trade while insolvent ­ or are about to go insolvent ­ in an attempt to keep the business running.”

Davis adds that directors should also not make the mistake of thinking the company’s tax payments are not as important as payments to suppliers.

“Time and again we see court cases where companies are filing for insolvency and they haven’t paid the taxman because they mistakenly thought HM Revenue & Customs was the least important creditor. Companies in difficulty often believe that their tax payment can simply be made at a later date ­ often without telling HMRC why ­ so that funds can be used ‘constructively’ to pay staff, suppliers, stockholders, utilities, leaseholders first. This is nonsense and is not favourably looked upon by the courts.”

DATA-DAY RISKS
BDO Stoy Hayward’s survey found that the UK’s largest technology companies highlighted internal issues such as talent management and innovation and development of new products and services as the most common risks they are trying to tackle. But key external risks, such as preventing hacking and protecting key company data, fell far further down the risk agenda.

“We were very surprised at the limited external focus displayed by the UK’s largest technology companies,” said Julian Frost, head of technology at BDO Stoy Hayward. “We were also very surprised that only 14% of the largest technology companies are highlighting the importance of ensuring the integrity of their data and intellectual property or protecting themselves from hackers. This is a highly important area especially as we see the issue of data integrity appearing on a weekly basis in the media.”

Data attack
Davis agrees that protecting a company’s intellectual property should be on every director’s radar screen, particularly as the theft of confidential information often increases when companies are facing tough trading conditions.

“It is common for employees who leave the firm – either through their own choice or redundancy – to take vital business information with them, such as supplier and customer details, so that they can set up their own businesses and poach clients. This can potentially cost a company millions of pounds in lost revenue.

“Directors need to make sure that such data is protected and that it is restricted to key people who really need to use it. Casual access to such data needs to be stopped immediately. It may also be necessary for some organisations to review how they deal with such data losses,” he says.

Useful links
For KPMG Forensic’s Fraud Barometer, go to www.kpmg.co.uk, then click on “press office” and search for “fraud”
BDO Stoy Hayward – www.bdo.co.uk
Mishcon de Reya – www.mishcon.co.uk