As companies are under increasing pressure to show shareholders they can
still perform well in a depressed economic climate, experts are warning
directors to make sure that risks are properly assessed, mitigated and
controlled and that corners are not cut simply to reduce costs.
The Companies Act 2006, which came into effect last year, states that the
duty of directors is to act in a way which they consider most likely to promote
the success of the company for the benefit of its shareholders as a whole and
that, in doing so, they will need to have regard “where appropriate” for
long-term factors, the interests of other stakeholders and the community, as
well as the company’s reputation. As a result, risks need to be identified and
managed properly. And in an economic downturn, there are more risks to consider.
According to research by BDO Stoy Hayward, the UK’s largest technology
businesses are living dangerously if they focus only on internal risks. And the
lessons from the survey are likely to be pertinent to all businesses. Its
analysis of the annual reports of the UK’s top 50 technology companies
identified that directors were placing a stronger emphasis on developing people
and projects, but at the expense of focusing on protecting company data and
hacking, for example. (see Data-day risks below).
Ins and outs of risk
In a downturn, the risk of likelihood of fraud usually rises. As a result, Danny
Davis, partner in the insolvency practice at law firm Mishcon de Reya, says
directors need to ensure that an organisation’s internal controls and anti-fraud
measures are working properly.
KPMG Forensic’s most recent Fraud Barometer showed that fraud by individuals
within companies was widespread in the first six months of this year. Amid signs
that companies may need to do more to shore up their internal fraud controls,
lower-level employees accounted for more fraud than managers £94m across 26
cases, compared to £63m across 20 cases by managers.
Generally, says the report, the biggest threat of fraud faced by most
organisations comes from managers rather than employees, as they have seniority
and trust and are in a position to influence or bypass systems and controls. But
the predominance of employee fraud may well indicate that some companies lack
suitably designed internal controls to prevent and detect fraud at lower levels
within the organisation.
“As a result of the increased risk of employee fraud, directors need to make
sure the organisation’s internal control framework is capable of preventing
fraud, or at least capable of helping internal audit more easily find instances
of it,” Davis says.
He also points out that as the UK is heading for recession, there is going to
be increased pressure on companies to push back payment deadlines with
suppliers, while trying to get customers to pay more quickly. As a consequence,
he says, there are going to be more instances of companies trading while heading
“The credit crunch is going to make some directors take bigger risks with
regards to how they try to manage their cashflow,” says Davis. “It is
increasingly likely that more companies will be heading for insolvency in the
coming months and directors need to make sure their companies do not trade while
insolvent or are about to go insolvent in an attempt to keep the business
Davis adds that directors should also not make the mistake of thinking the
company’s tax payments are not as important as payments to suppliers.
“Time and again we see court cases where companies are filing for insolvency
and they haven’t paid the taxman because they mistakenly thought HM Revenue
& Customs was the least important creditor. Companies in difficulty often
believe that their tax payment can simply be made at a later date often
without telling HMRC why so that funds can be used ‘constructively’ to pay
staff, suppliers, stockholders, utilities, leaseholders first. This is nonsense
and is not favourably looked upon by the courts.”
Download our Whitepapers
BDO Stoy Hayward’s survey found that the UK’s largest technology companies
highlighted internal issues such as talent management and innovation and
development of new products and services as the most common risks they are
trying to tackle. But key external risks, such as preventing hacking and
protecting key company data, fell far further down the risk agenda.
“We were very surprised at the limited external focus displayed by the UK’s
largest technology companies,” said Julian Frost, head of technology at BDO Stoy
Hayward. “We were also very surprised that only 14% of the largest technology
companies are highlighting the importance of ensuring the integrity of their
data and intellectual property or protecting themselves from hackers. This is a
highly important area especially as we see the issue of data integrity appearing
on a weekly basis in the media.”
Davis agrees that protecting a company’s intellectual property should be on
every director’s radar screen, particularly as the theft of confidential
information often increases when companies are facing tough trading conditions.
“It is common for employees who leave the firm – either through their own
choice or redundancy – to take vital business information with them, such as
supplier and customer details, so that they can set up their own businesses and
poach clients. This can potentially cost a company millions of pounds in lost
“Directors need to make sure that such data is protected and that it is
restricted to key people who really need to use it. Casual access to such data
needs to be stopped immediately. It may also be necessary for some organisations
to review how they deal with such data losses,” he says.
Mishcon de Reya –