When do you draw the line between a person (or persons) being guilty of fraud versus the entire organization? The latter seems pretty sweeping, implying that every employee was guilty of perpetrating fraud; this is not the case, however.
Operational fraud — such as frauds that happen in the internal/external supply chain operations — can be divided into two basic classifications of fraud: organizational versus occupational.
When a person or persons commit occupational fraud, they have used their positions or roles to facilitate the perpetration of the fraud. A cashier who takes money from the till, an accounting person who falsifies deposits and pockets some cash, a buyer who accepts gifts, brides, or kickbacks for steering business to one supplier versus another, etc., are all examples of occupational fraud. Contractors and service providers can be guilty of occupational fraud, such as the attorney or technology consultant who submits bills for hours not worked. There is an implied trusted relationship that the person breaches in their less-than-trustworthy conduct.
When, at the highest levels of an organization, senior management (typically officers, but sometimes members of the board of directors) are guilty of perpetrating fraud via the use of the enterprise itself, in whole or in part, this is organizational fraud. What’s so unfortunate about organizational fraud is that many times honest employees in specific occupations are often left to suffer, such as when the organization folds. (Examples include Arthur Andersen, WorldCom, and Enron.)
Senior management and directors bear the burden of responsibility in their positions to set the right examples for the organization’s code of conduct. This is part of good governance for public companies as outlined in the COSO Sarbanes-Oxley compliance framework, but it is certainly applicable to private companies and government agencies alike.
The Sentencing Reform Act of 1984 provides guidelines for the penalties assigned to both individuals and organizations guilty of crimes. In brief, the penalties are assessed as follows:
(1) The greatest of the following:
(a) A base fine from an offense level table;
(b) The monetary gain to the organization;
(c) The loss suffered due to the intentional, knowingly reckless, behavior by the organization. (2) Application of a fine multiplier based on such factors as cooperation versus obstruction of justice, history of bad behavior, and whether the organization self-reported and accepted blame and responsibility.
In the tainted pet food scandal that hit the United States, melamine was added in China to the base ingredients to boost the tested protein levels and cover-up quality problems. A public official (an inspector) and an employee of the manufacturing company (a buyer, I believe) were both involved in the fraud: they used their occupations to perpetrate the fraud, which involved payoffs.
The pet food was then shipped from China to Canada where it was canned for distribution into the United States under various brand names. If, in the US or Canada, the corporate philosophy was to either not bother with quality assurance testing or not adequately fund quality assurance testingn (thus rendering it ineffective), in order to reduce cost-of-goods-sold and boost profits, this is, in my opinion, organizational fraud as perpetrated by the canning company in Canada and the US distributors.
Another good example is children’s toys in regards to the use of lead paint and design flaws which, even when manufactured to the specifications, represented a hazard.
The lesson here is very simple: You can outsource manufacturing, but you can’t outsource responsibility.