Culture: your client’s overlooked anti-fraud protection

Wells Fargo’s John Stumpf oversaw a corporate culture that enabled fraud and rule-breaking. (Fortune Global Forum 2015” by Fortune Global Forum, CC BY-NC-ND 2.0)

---

At a glance

• A positive organisational culture reduces rationalisations for fraud.
• Foster open communication, protect whistleblowers, provide training, and align incentives with ethical behaviour.
• Accountants can identify cultural red flags and advise clients on proactive improvements.

---

In 2024, Australia lost $2.08 billion to fraud, according to the National Anti-Scam Centre. That makes it a major hazard for accountants’ clients. And experts like Roger Darvall-Stevens, partner in fraud and forensic services at RSM Australia, warn that new tech and stretched client resources are deepening the problem.

But accountants can also advise clients of another, oft-overlooked way to protect themselves from fraud. And it’s essential, according to a new report from the American Institute of Public Accountants (AICPA).

This anti-fraud measure? A robust organisational culture.

Culture and fraud: What’s the connection?

Organisational culture manifests in two ways, states the AICPA report.

The first is formalities, such as rules, policies, operations, performance management, and training. The second is informalities, such as behaviour, use of language, rituals and routines, and physical spaces. Both reflect the organisation’s belief systems, values, and norms.

Most managers know that culture influences the drawing and keeping of talent. But this is just one piece of the puzzle. Culture also determines how everyone – from employees to external stakeholders to clients – thinks about, and interacts with, the organisation.

And this is where culture directly influences the likelihood of fraud, the report says.

So how can accountants best assess the nature of a client’s organisational culture, and determine whether it raises a fraud risk? If they identify a high level of risk, what can they do about it?

Financial Accountant spoke with Natalie Lewis, senior vice-president, and Pamela Hefner, vice-president, from the economic damages & valuations practice at J.S. Held, one of the organisations involved with the AICPA report’s preparation.

“An organisation’s culture plays a crucial role in its ability to identify and manage its risk of fraud or to enable fraudulent activities,” says Lewis. 

“In strong cultures, management emphasises integrity, fairness, and responsibility [for reducing] any rationalisation for fraud, and employees feel safe raising concerns without fear of retaliation. 

“When an organisation’s culture tolerates or encourages unethical behaviour, the risk of fraud significantly increases by creating opportunities for fraud, encouraging rationalisation, and intimidating whistleblowers.”

Darvall-Stevens agrees. “When an organisation operates without strong ethical norms,” he says, “it creates space for unethical behaviour to thrive.”

Case study: The Wells Fargo scandal

The report gives a powerful example. By the early 2010s, after years of strong growth, US bank Wells Fargo came to be seen as a global business innovation success story. But then a series of articles in the Wall Street Journal and the Los Angeles Times began to detail a Wells Fargo sales culture that pressured employees to produce near-impossible results.

In late 2016, Wells Fargo announced it had settled a lawsuit for $US185 million. The American Bankruptcy Institute Journal reported that Wells Fargo employees had “opened as many as 1.5 million checking and savings accounts, and more than 500,000 credit cards, without customers’ authorization”.

The result was a sudden erosion of Wells Fargo’s ability to attract customers. As more high-level legal action descended, CEO John Stumpf first tried to tough it out, blaming lower-level employees. But eventually, Stumpf resigned, as did other executives. Government customers withdrew business. The scandal even claimed Stumpf’s CEO successor. To date, formal penalties have probably cost the bank more than $US6 billion; the reputational cost may be higher.

A 2017 investigation found that Wells Fargo’s organisational culture was a significant contributor to the affair. The Wells Fargo culture put high levels of pressure on employees to meet sales goals, without protections against unethical behaviour. At the same time it decentralised controls and risk mitigation processes. Further, leadership failed to respond to reports of misconduct.

How a strong culture minimises fraud risk

A strong organisational culture does the opposite of what Wells Fargo did. It decreases the likelihood that employees, external stakeholders, or clients will engage in fraud – be it misappropriating assets, corruption, or creating false financial statements.

“Additionally, leadership [that is] actively involved in day-to-day operations and demonstrates ethical behaviour deters employees from committing fraud because it signals an intolerance for unethical behaviour and a higher [chance] of getting caught.”

At the same time, a strong organisational culture increases the likelihood that, should fraud occur, employees, external stakeholders, or clients will identify it and blow the whistle.

“Employees who feel connected to their peers, have trust in their leadership, and believe in the mission of the organisation are more likely to feel empowered to speak up,” says Hefner.

Four ways to build a fraud-resistant culture

To begin, it’s vital that managers recognise their influence on culture.

“Organisations need to be cognisant of their ‘tone at the top’, as leadership sets the cultural foundation,” says Lewis. “If leaders demonstrate ethical behaviour, transparency, and accountability, then employees will likely follow suit.”

That said, setting the tone is just the first step. “Managers need to lead by example – walk the walk and not just talk the talk,” says RSM’s Darvall-Stevens. “Don’t forget that ‘the behaviour you walk past is the behaviour you endorse’, and ‘silence is agreement’.”

J.S. Held’s Hefner puts it another way: “The visual must match the audio.”

Managers can demonstrate their commitment by following the report’s four recommendations for improving culture:

• Foster open communication, by providing visible, accessible channels through which employees can report unethical behaviour easily. These may include internal hotlines, digital platforms, and avenues for direct reporting. 
• Safeguard against retaliation, by ensuring employees can report without fear. Policies should include protections for whistleblowers, and investigations should be conducted by independent, qualified people. 
• Deliver regular training in ethics and fraud awareness, customised for the organisation and its employees. “Investing in professional development isn’t just good business practice,” says Hefner. “[It] also contributes to employees’ sense of wellbeing, which helps to build a positive culture.”
• Align incentives with ethical behaviour, by rewarding ethical conduct and discouraging unethical behaviour. Strategies may include incorporating ethical conduct into performance reviews, rewarding highly ethical employees through spot awards and points systems, and adding ethics requirements to promotion considerations.

“Organisations that put more weight on hitting financial results than complying with rules … send a message to employees that fraud is allowed.”

Natalie Lewis

Five cultural red flags for accountants

Accountants can play a crucial role by looking out for fraud risk red flags such as:

• Top-down decision-making that excludes employees’ input. This may cause employees to become disengaged, and therefore, more likely to rationalise fraudulent behaviour.
• A lack of diverse thinking. Homogenous teams may be less likely to ask questions, spot issues, or confront suspicious activity.
• A willingness to rationalise unethical behaviour. This may arise in cultures that tolerate seemingly minor instances of unethical behaviour or incentivise outcomes without regard for integrity. “Organisations that put more weight on hitting financial results than complying with rules and regulations send a message to employees that fraud is allowed as long as results are delivered,” says Lewis.
• High employee turnover, which may suggest discontentment among employees, poor leadership, or failures to deal with misconduct.
• Weak, poorly supervised internal controls. Employees may become careless, and fraudsters can exploit gaps easily.

A lack of transparency is also telling, says Lewis. “When an organisation’s culture does not promote transparency and openness, employees do not feel comfortable speaking up when concerns arise. According to the Association of Certified Fraud Examiners, 43% of frauds were detected by tips, with more than half of those tips coming from employees.”

Accountants can’t prevent all fraud. But, in their advisory role, they can help clients to understand the link between culture and fraud risk.

Further, they can reduce this risk by sharing red flags, and supporting clients to take steps to improve their organisations.

“The cost of [failing to protect against fraud] can be significant,” says Darvall-Stevens.

“Direct losses […] can be substantial but there are also indirect costs: productivity loss, staff turnover, reputation damage, legal penalties, and executive distraction.

“When culture fails, attention shifts from strategy and growth to investigation and crisis management. The longer a toxic culture persists, the more expensive and complex it becomes to fix. Taking a proactive approach to identify problems early and guiding management to address them can save money in the long run.” 

---

Explore a mix of expert-led sessions, hands-on workshops and meaningful networking opportunities at IPA’s National Conference 2025 which has been designed to inspire, challenge, and energise you. Register now.