One of the workers of the department of finance at Wipro managed to gain access to the company’s bank account’s password and transferred a total of 4 million dollars in small bits over a certain period of time to his personal accounts and the accounts of his relatives (Guha 2010). It was not detected until after three years, when the bank sent an overdraft note to the company and it became unclear why there was money according to the books of account, but no money in reality. The company went seeking services of external audit firms to help in identifying the loopholes and a lot of details were discovered about the fraudulent activities of the member of company’s staff. As a result, with the help of investigating agencies, the company managed to get the culprit and return half of the money stolen, totaling to 2 million dollars. Unfortunately, that employee committed suicide after being accused of the fraud, which made it difficult for Wipro to get the other 2 million dollars that were never returned (Jones 2011, p. 28). This outrageous case raised questions about the safety of the clients, since the company had been reassuring its stakeholders in the safety measures which were put in place to prevent malpractices (Jones 2011, p. 29). This paper seeks to explore how Wipro lost money and the possible mechanisms of protecting firms from such situations.
Control Measures Not Being Used at Wipro
Wipro and other information technology firms in India depend to a large extent on their internal experts, and often these particular employees feel like they own the business. It is an issue that has been discovered in several firms, where employers are not concerned about the activities taking place in the departments, since there are experts who are responsible of controlling different sectors of the company. However, such approach is often insufficient, and since IT firms are the most equipped with technology, this technology can be used to protect the firm and its clients from any kind of fraud (Williams, Hardy & Holgate 2013, p. 342). For instance, at Wipro, the managers were not informed enough about what was taking place in the finance department for three years, until a bank raised a concern when the account went to overdraft. This particular case shows that the managers and other stakeholders were negligent about the financial progress of the company. This is a case of relenting measures of security and accountability and capitalizing on trust. Three years is a rather long period for a big and reputable technology company to have kept a thief in the financial department without noticing any discrepancies (Guha 2010).
The other primary problem with the technology companies in India is recruiting people without a proper check of their professional history and personal traits (Angur 2009, p. 67).Recruitment in India is usually done by professional agencies, which get the best employees for the firms. However, the companies receiving the members of staff should take precautions and not accept people with different doubtful motives. An element that is fundamental for IT firms is a thorough selection of their technology service providers (Williams, Hardy & Holgate 2013, p. 342). If a firm has been offering a service which is technology-based, it does not mean that it should be blindly trusted.
Furthermore, had Wipro been careful about its service providers, the transactions of transferring money to different accounts could have been detected before a lot of money was siphoned (Shirodkar, Shrotri, Sirsat & Umbare 2014, p. 2) However, the company relied on trust, and the employees used this to apply their IT knowledge and steal constantly, without being detected for three years. In case of Wipro, the culprit gained access to the banking password and managed to be stealing money without the holder of the pass key detecting that somebody else was using it (Shirodkar et al. 2014, p. 4). Lastly, Wipro and other IT companies in India are known to be relying on central control systems, which means that one individual can transact on behalf of the company simply because they are the holders of security keys. This is risky because if somebody else gets access to those security keys, they will have the ability to cause harm to the company within a short time.
Strategies To Eradicate Potential Fraud
In a bid to bring the company back to a stable and safe status regarding the anti-fraud precautions, as the CEO of Wipro, I would ensure that the following measures are put in place, and every stakeholder adheres to them without exceptions:
Executive Management Involvement
In most cases, the members of executive teams do not get directly involved in the running of affairs in the company; rather, they are only taking part in the matters of expanding the business and getting financing from the outside environment. However, in my case, as the CEO, I would ensure that every member of the team is allocated in a department, which they closely monitor to ensure that things are always in order. Getting the executive team involved in the running of activities would impact the discipline of the members of staff, thus reducing the risk of getting too friendly with the staff to a point that they feel like the owners of the business (Angur 2009, p. 70). For institutions to work well, there is a need for the top members of the ruling team to be directly involved in the activities. However, this should be on oversight roles, so that they can be able to see that the policies they make are being followed on a daily basis, rather than wait for the reports from junior managers when things go wrong.
Employee Code of Ethics
As the CEO of Wipro, I would ensure that every employee signs a code of conduct form, and the activity is done in the presence of the company lawyer, who would formalize the practice and back it with the laws governing companies. The employees’ code of ethics is supposed to be available for the new members of staff when they are signing contracts, and should be signed in duplicate for the company to retain one copy, while the other copy goes to the employee (Crane & Matten 2010, p. 33). The code of ethics is supposed to be the ultimate guide to what the company allows and what it prohibits the members of staff from, at the same time setting up the consequences of going beyond the allowable limits (Crane & Matten 2010 p. 33). The employees are supposed to know the consequences of taking part in the prohibited activities within their working practice as a measure of preventing them from experimenting with the company systems.
Clear Company Fraud Prevention Policies
As the chief member of staff in the company and the custodian of all the activities taking place, I would ensure that there is a clear policy, which prohibits fraud in the firm, with strict measures applied to anybody who attempts to do so. For instance, I would ensure that every employee signs a non-fraudulent practices form, which is legally supported by the company lawyers. In this form, all the possible fraudulent activities would be listed, and their consequences stated clearly. The policies would be strict, and the document would clearly show that anybody who attempts to commit a fraud can end up in prison if they are successfully identified, while anybody else who might have noticed the fraud and refused to report it will be eliminated from the list of employees without compensation or notice. The policy would also include a training on anti-fraud measures and clearance of employees by police against any criminal history.
Feedback Control Measures
The feedback that I would require is the one that gives information on how the members of staff are following the security measures prohibiting fraudulent activities. In every organization, feedback is as important as financial capital, since it is the only way to understand what happens when policies are introduced and production takes place (Jones 2011, p. 77). Thus, I would ensure that all employees have a private key, which they would be using to log into their accounts, and every door would be opened using particular codes, designed individually for every employee. This would make sure that the system records every activity that is carried out by the employees whenever there is nobody else to monitor them. In addition, every department would have a person who is in charge of correcting the information regarding the conduct of employees in terms of their discipline. These are the people who would be reporting to my office on a weekly basis regarding anything suspicious they may have detected in the process of system audit in a bid to tighten the measures and deal with culprits.
I would also ensure that the most sensitive departments, like finance and customer relations, are directly connected to my office through a local network, so that anything taking place is reported to my office directly and in real time. This is the type of feedback that I would ensure the company maintains, so that people do not manipulate issues in their offices and steal from the company or its clients. Whenever new policies are implemented in a company, there is a dire need for a follow-up feedback to the monitors and implementers. This helps in making sure that everybody follows the policies without evading the required procedures, which would be a risk to the whole process.
There would also be evaluations carried out regularly on the employees to see how they have been following the policies, using the available feedback from the systems and the office surveillance cameras. The anti-fraudulent measures are supposed to be followed without excuses, and this can only be ensured through effective feedback (Jones 2011, p. 77). Compliance would be mandatory, and every member of staff would be taking random tests regarding the policies and how the system is supposed to work. Through this test, it would be easy to see those who have been using shortcuts instead of complying with the policies. Compliance would be evaluated through different aspects of the operation, taking into consideration the scope of every member of staff’s allowable limits.
Potential Implications of Poor Control Processes
Poor control processes in a firm pose an economical and security threat for employees, the organization itself, and its clients. Control of activities is as important as the capital invested, since it is control that ensures that whatever is invested is used properly. Once a company has poor control systems, its staff is likely to take matters into their hands and run the business like a personal venture. This is where employees begin to make decisions and strategic choices without consulting the senior managers, thus creating a state of confusion and risk of losing money (Angur 2009, p. 69). In case of Wipro, poor control processes are likely to result in an open situation where employees can access every company’s secret and exploit it for their benefit. For instance, the case of the 4 million dollar fraud makes it evident that the company did not have strong control processes, and this resulted in a scenario where an employee gained access to the most sensitive passwords and used them to steal money.
Clients are never safe in an organization where control processes are poor, neither are the members of its staff. Organizations must have effective control processes, which govern the limits which are set for every employee and every department regarding the scope of operation (Tickner 2012, p. 45). When these measures are absent, members of staff tend to go beyond their scope of operation, risking the business and the safety of other members of staff. In such situations, clients are left at the mercy of the employees and are not assured of their confidentiality and safety at all. As a result, most companies collapse due to weak control measures and stakeholders going overboard with their actions, thus causing a state of confusion and vulnerability in business. Wipro would have noticed that something was not right once the employee gained access to the bank account using the stolen password. However, due to weak control processes, the fraud has been lasting for three years, until the bank had to write a letter notifying the company about the overdraw of the account. In case these 4 million dollars were stolen from the clients of Wipro, that would have meant that the market no longer trusts the company and closure of business would be imminent.
On the other hand, if the company did not have other bank accounts where money was kept, it would have come to a situation where employees do not have their salaries. Control processes are a vital part of organization management. Without investing enough time and resources in the structuring of the same, a business stands a risk of a theft, fraud or negligence that would amount to a reason of the firm’s closure (Singh 2016, p. 33). For instance, Blackberry has been known to be a giant in the smartphone industry, having been among the first companies to invent Internet-loaded mobile handsets. However, a poor controls emanating from the history of nepotism and irregular promotion of members of staff without skills consideration led the company failing to meet its vision, and now it is on the way to losing its market share. Enron is another company which has suffered fraud and corruption from within due to poor control measures just like Wipro (Tickner 2012, p. 50). The company does not have strong control measures since it looks like a family business, where directors and members of staff do as they please, without taking responsibility of any rules broken.
The case of Wipro is not an exclusive incident, since it is something that the international business arena has witnessed from different firms. However, this case attracts more attention than others due to the duration of the fraud its late detection, as well as the way in which it was discovered. Were it not for the bank overdraft notice, the company would have continued to lose money through the theft, and its closure would have been imminent. A total of 4 million dollars had already been withdrawn by the time the notice reached Wipro, but fortunately half of it was recovered when investigations kicked off. However, the culprit committed suicide after being charged in court, thus making it difficult for Wipro to recover the rest of the money. The primary challenge with the case of Wipro was poor management control processes, where employees were not closely monitored, thus opening up doors for fraud and corruption.
Writing a case study may be a daunting challenge for the majority of students.