I'm sure you just read that Puma made an ad hoc announcement regarding issues in their Greece partnership subsidiary. A spokesperson said that they have been victim of systematic evasion and misappropriation. Puma is investigating legal action against the management and partners in Greece. They lost 115 million Euro in write-offs.
Interesting is the announcement that now a "special internal control system" for Greece will be implemented. Well, they most probably could have saved a lot of money by having a working one upfront. A stable, software supported ICS would have significantly reduced the possibility that such a misconduct could have taken place over years with nobody noticing. Workload for internal audit resources would have been reduced on standard items freeing them to investigate in special topics more often.
Sneering from the outside is not appropriate - for sure fraud by top management is always difficult to detect. However, a good mixture of internal control testing, self assessments and on-site auditing is the key to avoid such losses, best combined with flexible, analytical monitoring of business events in your operating systems.
The question is: all of that is available - why is it not used more often?
The answer: Because I know it won't happen to me!
