J.S. Held

[authors: Amy Yurish, CPA/CFF/CFE, Carey Miller, CPA, CFF, and Nicole McTernan]

| This article was originally published in the AICPA FLS Fraud Task Force/AICPA Forensic and Valuations Eye on Fraud Quarterly Report on Fraud Trends and Topics, Spring 2025, Issue 2

Introduction

Broadly defined, culture refers to the invisible belief systems, values, and norms that guide individuals’ behavior.1 An organization’s culture, therefore, encompasses the shared values, beliefs, and behaviors that shape the organization, guide its operations, and influence how employees interact with one another and with external stakeholders. Organizational theorist Edgar Schein defined organizational culture as a series of assumptions individuals make about the groups to which they belong — made visible through artifacts, stated goals and aspirations, and fundamental underlying beliefs.2

Although organizational culture is often viewed as a tool to attract and retain talent, its influence extends much further. Culture shapes how employees, stakeholders, and customers perceive and engage with an organization. A strong, ethically grounded culture can inspire employees to act with integrity. In contrast, a weak or misaligned culture may foster rationalizations for unethical behavior, including serious offenses such as fraud.

Fraud is commonly defined as an intentional act or omission designed to deceive, resulting in a loss to a victim and/or a gain to a perpetrator.3 The risk of fraud is typically managed as part of an organization’s enterprise risk management strategy. Fraud risk refers specifically to the potential exposure to deceptive actions that result in financial loss, reputational harm, or legal consequences.4

Common fraud schemes involving executives, owners, managers, and employees include the following:

Asset misappropriation, such as payroll and expense reimbursement fraud, billing schemes, and skimming

Corruption, including bribery and sales-related schemes

Financial statement fraud5

As part of an organization’s overall enterprise risk management strategy, the organization considers the potential for fraud when assessing risks to the achievement of its objectives.6 Senior leadership, the audit committee, ethics and compliance personnel, internal audit, external auditors, and various other process owners, subject matter experts, and staff members are involved in assessing fraud risks across the organization and are responsible for developing the organization’s fraud risk management program. It is critical to include employees who are directly involved in day-to-day processes, as they possess in-depth operational knowledge and may identify fraud risks and control gaps that are not readily apparent to senior leaders.

This assessment includes the following points of focus:

  • Considering various types of fraud
  • Assessing incentives and pressures
  • Assessing opportunities
  • Assessing attitudes and rationalizations7

Fraud risk management includes identifying inherent fraud risks through consideration of common fraud schemes and scenarios, assessing the likelihood and potential impact of identified risks, and responding to reasonably likely and potentially significant risks through implementing controls or fraud detection procedures.8

Culture can be a critical factor in either mitigating or exacerbating fraud risks. A key consequence of a weak or unethical culture is that employees may feel emboldened and even encouraged to act unethically, or they may fail to report unethical activities due to perceived acceptance or indifference regarding such conduct. Conversely, a strong organizational culture can help mitigate fraud risks.9

Culture in an Organization

Organizational culture manifests in formal ways, such as rules and policies, performance management, and training. Culture also manifests informally through norms of daily behavior, physical settings, specialized languages, and rituals.10

Organizational culture affects all aspects of the business. It affects how management sets organizational goals and priorities, it affects how employees perform their jobs and interact with other employees, and it affects how an organization interfaces with its customers and suppliers.

Because organizational culture is not “one size fits all,” it can be difficult to distinguish the aspects of a “good” culture from a “bad” culture. However, the following attributes illustrate positive versus negative cultural characteristics.

Positive Attributes of Organizational Culture

Committed to ethics and integrity

Consistent culture throughout the organization

Transparent and clear communication

Collaborative

Macro-management

Fosters honesty and trust

Employees show respect and understanding

Negative Attributes of Organizational Culture

Toxic and unethical

Inconsistent culture throughout the organization

Lack of transparency and unclear messaging

Isolated and/or disjointed

Micromanagement

Fosters secrecy and mistrust

Employees show disrespect and bias

Gallup identified five drivers of a high-performance culture:11

  1. Leadership and communication: Effective communication from leaders about the organization’s purpose and brand strengthens employees’ understanding and fosters resilience.
  2. Values and rituals: Clear and actionable values help employees navigate crises and align their decision-making with the organization’s mission.
  3. Work teams and structures: Investing in employee development and well-being enhances performance and drives a high-performance culture.
  4. Human capital: A supportive and engaging work environment boosts employee satisfaction and productivity.
  5. Performance: Regular feedback and recognition are crucial for maintaining high performance and motivating employees.

What is clear from these drivers is that culture affects how employees perceive the organization and their roles in it, which influences their behavior and drives the performance of the organization as a whole.

Employees become integrated into an organization’s culture through socialization, learning expected behaviors and norms either formally or informally from peers and supervisors. This process can lead employees to act in ways that align with culture – regardless of their personal beliefs – in order to gain approval and belong. Over time, they may internalize these cultural expectations, making them part of their own values and behaviors. This internalization influences ethical or unethical behavior, depending on the prevailing culture within the organization.12

Culture is not merely what an organization displays on its website or the values it communicates to employees; it is embedded at all levels of the organization. Ethical leadership and messaging from an organization’s leaders are important, but culture extends beyond that. An ethical culture also involves consistent messaging throughout the organization, training and education programs, policies and procedures, systems to monitor compliance and enforce ethical standards, and mechanisms to recognize and reward ethical behavior.

Culture and Its Correlation to Fraud Risk

Given that culture is inherent to an organization, it follows that a positive, ethical culture correlates directly with decreased fraud risk and increased employee engagement. Although it is impossible to eliminate fraud risk entirely, organizational culture plays a significant role in influencing it. Several key areas contribute to shaping an organization’s culture.

Tone at the top: This term refers to the ethical culture established by an organization’s leadership. Setting the tone at the top is critical to laying a foundation for mitigating fraud risks. When leaders prioritize ethical behavior and transparency, they set a positive example for the entire organization. Conversely, if leaders exhibit unethical behavior or ignore unethical practices, it can foster a negative culture that potentially encourages misconduct among employees.

Effective governance must extend through all levels of the organization. The ethical example set by leadership, or lack thereof, influences employees throughout the organization. The tone set by middle management is as crucial to organizational culture as that set by executive management and the C-suite. Because middle managers interact daily with employees, they shape expectations about what constitutes ethical or acceptable behavior for lower-level and entry-level staff.

Setting an organization's tone requires collaborative effort across all levels. How management and employees respond when faced with an ethical dilemma—and whether they ignore unethical practices—has repercussions throughout the organization regarding what behaviors are tolerated. By fostering a culture of integrity and accountability, organizations can better manage fraud risks and promote ethical behavior.

An organization’s values begin at the top, with the behaviors and actions of the founder or CEO. Leaders who demonstrate strong ethical character have a far greater impact on employee behavior than deliberate, visible efforts to promote ethics.13 Employees typically assess a leader’s character based on three factors:

  • Their overall persona, as experienced through personal interactions
  • How they handle crises
  • The policies and procedures they implement to manage the organization14

Values alignment: Culture can guide employees toward making ethical or unethical decisions. However, individual differences also influence decision-making, and the degree of alignment between employee and organizational values affects fraud risk.15

Aligning employee values with organizational values is essential to reducing fraud risks. When employees’ personal values align with those of the organization, they are more likely to behave ethically and adhere to expected standards. For example, if an employee who values honesty and transparency works for an organization that emphasizes transparency and fairness in billing practices, that employee may be more likely to initiate a review of the billing process if they observe the misuse of billing codes that could confuse or mislead customers. Employees who share their organization’s values also tend to feel more connected and loyal, which reduces the likelihood of engaging in fraud. Conversely, employees who feel disconnected from their organization’s culture and values may more easily rationalize unethical behavior.16

Gallup polling across various types of organizations demonstrates that connection to culture strongly influences professional and personal outcomes. Employees who feel deeply connected to their organization’s culture are four times more likely to be engaged at work. However, the same research revealed that only two in 10 employees strongly agree that they feel connected to their organization’s culture.17

To ensure a consistent ethical message within an organization’s culture, both formal and informal systems must align to promote ethical behavior. Formal systems include policies, codes of conduct, and guidance established by executive leadership. Informal systems include the day-to-day behaviors and interpersonal interactions among employees and managers. Organizational cultures can range from strongly aligned to significantly misaligned when these systems send conflicting messages. For example, if an organization claims to value honesty but rewards sales personnel for misleading customers, it sends a contradictory message. When formal values promote integrity; but informal norms reward unethical behavior, a culture of mistrust and misconduct can develop, ultimately increasing the likelihood of fraud.18

Values should be relevant to employees across all functions, from daily tasks to company-wide meetings. However, Gallup research shows most organizations struggle to connect values to employees’ daily work. Only 19% of employees strongly agree that their manager explains how the organization’s cultural values apply to their roles. Additionally, only 27% strongly agree that leadership consistently upholds those values.

These findings raise important questions about whether employees truly embrace company culture or the values that an organization promotes.

Pressures and incentives: The Fraud Triangle, originally developed by criminologist Donald Cressey in the 1950s, identified three key elements that contribute to fraud: pressure, opportunity, and rationalization.

Although the fraud triangle has evolved over time to address the complexities of modern fraud and incorporate ongoing research into how and why fraud occurs, the concept of pressure remains central. Pressure refers to the internal or external motivations that may drive someone to commit fraud.

Internally, organizations may inadvertently increase fraud risk by placing excessive pressure or unrealistic performance or sales goals on employees. If bonuses, promotions, or compensation are tightly tied to aggressive metrics, employees may feel pressured to manipulate results or compel others to do so.20 For example, pressure can arise when:

  • Individual or team bonuses are contingent on aggressive sales targets,
  • Compensation increases are tied to unrealistic financial metrics, or
  • Advancement depends on divisional performance over ethical decision-making.

Externally, employees may also feel pressure to meet the expectations or targets set by investors, analysts, or lenders.21

Conversely, organizations can mitigate fraud risk through measures such as setting performance goals tied to ethical behavior, fostering open communication across all levels, providing employee support programs, and establishing realistic performance goals and expectations. For example, organizations could incorporate feedback on ethical conduct and compliance training adherence into employee performance evaluations.

Open versus closed communication:

Communication is the “continual, iterative process of providing, sharing, and obtaining necessary information,” and includes both internal and external forms.22 Internal communication involves disseminating information within the organization, while external communication refers to incoming information from outside sources and outgoing communications to external parties.

For information to flow effectively, organizational culture should encourage open communication and a clear commitment to reporting and addressing potential violations or fraud.23

Promoting open communication can reduce fraud risks by encouraging transparency and accountability. This includes providing reporting mechanisms (such as ethics hotlines and whistleblower channels) that allow employees to report suspected violations confidentially. For these mechanisms to be effective, employees must trust that their concerns will be treated confidentially and taken seriously and that they will not face retaliation.

Whistleblowing is one of the most effective tools for uncovering fraud and other misconduct. Reports may be made internally or externally (such as to regulatory authorities), and successful tips may result in financial awards. For example, the SEC’s Whistleblower Program has awarded more than $2 billion to whistleblowers since its inception in 2011 through the end of fiscal year 2024, while helping the SEC recover billions in financial penalties for securities fraud and other violations.24

Equally as important, employees must believe that supervisors and senior leadership genuinely want to know about potential issues and will act appropriately. If an employee reports a suspected violation but sees no response, they may assume that leadership is indifferent, discouraging future reporting. Although legal requirements may prevent full disclosure about specific reporting outcomes, promoting transparency wherever feasible builds trust and reinforces ethical culture.

Ultimately, employee trust in reporting mechanisms is an important characteristic of a positive organizational culture.

Trust and autonomy: Balancing trust, oversight, and autonomy is essential to mitigating fraud risk. According to AI-powered strategic planning and execution software platform Quantive, an autonomous workplace gives employees more control over where, when, and how they perform their responsibilities. When employees feel trusted and supported in their roles, they are more likely to be engaged and motivated. Autonomy provides employees with the freedom to make decisions, perform tasks without micromanagement, take ownership of their work, and offer suggestions for improvement.25

Increased autonomy has been linked to increased engagement, lower burnout, greater internal motivation, and a sense of purpose.26 Engaged employees are less likely to commit fraud because they feel connected to the organization’s mission and values. However, excessive autonomy without proper oversight can increase opportunities for misconduct. Therefore, organizations must strike a balance between encouraging initiative and ownership and maintaining clear expectations and oversight. For example, Google empowers its employees to pursue passion projects but evaluates those initiatives through frameworks to ensure they create measurable value.27

How Toxic Culture Can Lead to Fraud

Cultures that promote autonomy, open communication, and ethical leadership reduce the risk of fraud. However, when those attributes are absent or misaligned, organizations may experience an erosion of values, opening the door to misconduct. This shift can be subtle or systemic. The following sections explore the characteristics and consequences of toxic organizational culture.

Characteristics of Toxic Culture

A 2023 survey by the Ethics & Compliance Initiative (ECI) revealed that 87% of employees reported their workplace did not have a strong ethical culture.28 In contrast to organizations that prioritize ethics and integrity through consistent leadership tone, standards of conduct, and timely remediation of violations,29 toxic cultures tend to share several red flags:

  • Weak oversight, poor internal controls, and a lack of accountability30
  • Intense pressure to meet unrealistic goals or deadlines
  • Justification of unethical behavior in response to mistreatment
  • Lack of ethical leadership and disregard for ethical norms31

Tone at the top is critical, but it must cascade downward to all levels. Middle managers play a pivotal role in reinforcing culture. If they fail to model ethical behavior, the message sent to frontline employees is inconsistent and potentially damaging. Similarly, if frontline employees do not embrace and act in line with organizational values, the culture will falter. A breakdown at any level increases the risk of fraud.32

Impact on Employee Behavior

As previously discussed, socialization – through training, mentoring, communications, and observation – teaches employees how to behave within a workplace culture. If this process reinforces ethical norms, employees are more likely to act ethically. But when socialized into a toxic or unethical culture, employees may adopt those behaviors, even if they conflict with personal values.33

The shift to remote and hybrid work following the COVID-19 pandemic disrupted many traditional socialization channels. By 2024, employee engagement fell to a 10-year low. Among the contributing factors were declining clarity about role expectations and a weaker sense of connection to their organization’s purpose.34

When culture is toxic, employees may feel emboldened to act unethically or believe that misconduct will go unpunished. They may also hesitate to report misconduct due to fear of retaliation or skepticism from leadership.

Ultimately, employees mirror what is rewarded and avoid what is punished. If the sole focus is meeting business targets (regardless of how), they may rationalize unethical shortcuts.35 Leaders must clearly communicate that goals must be met ethically and transparently, or they will not be recognized or rewarded.36

Indicators of a Fraud-Prone Culture

Organizational circumstances may suggest a culture that is susceptible to fraud. Although these indicators do not guarantee that fraud will occur, individuals conducting fraud risk assessments or culture evaluations should be aware of these factors. The existence of multiple risk indicators within an organization can increase the risk of fraudulent activity.

The following “red flags,” among others, may indicate a culture prone to fraud:

  • High employee turnover: A company’s ability to attract, train, develop, and retain talent reflects its organizational culture. High employee turnover – especially when tied to employee dissatisfaction, leadership concerns, or tolerance of misconduct – can be a red flag. Persistent understaffing or failure to retain qualified staff may also enable fraud due to inadequate supervision or inexperience.
  • Lack of diversity in thought: When teams are homogeneous in background or perspective, they may fail to question decisions, recognize ethical concerns, or challenge misconduct. Groupthink can emerge, making it less likely that employees will speak out about fraud. In contrast, diverse teams can approach problems with broader viewpoints, which can improve fraud detection and ethical awareness.
  • Top-down decision-making without input: Isolated decision-making that excludes employee input may create blind spots in internal controls and reduce employee accountability. If employees feel excluded from decisions or uninformed about the rationale behind them, they may become disengaged or mistrustful, and potentially more inclined to rationalize misconduct.
  • Poor internal control and oversight: Internal controls are a key element of corporate culture. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines the control environment as “the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization.”37 Weak internal controls can create gaps that fraudsters exploit. Additionally, in a negative culture, employees may disregard controls.
  • Rationalization of unethical behavior: Cultures that reward results over integrity or fail to hold individuals accountable for misconduct can normalize unethical behavior. If employees believe that ethical lapses are tolerated (or even rewarded), they are more likely to rationalize their own actions.38

Preventing Fraud Through a Positive Culture

Conversely to “red flags,” certain attributes can contribute to a positive organizational culture and mitigate fraud risk. Though the presence of a positive culture cannot eliminate all fraud risk, it can significantly reduce the risk of fraud occurring and, if it does, increase the likelihood that it is detected and reported sooner.

  • Leadership commitment to ethical culture: Ethical leadership is more than just doing the right thing. Leaders must model behaviors that encourage others to act ethically (such as communicating the importance of ethics, abiding by company standards and policies, supporting employees, recognizing ethical behavior, and holding individuals accountable for misconduct).

    Although top executives set the overall tone, mid-level managers often have a more direct influence on employees’ daily experiences.39 Two in five employees identify their immediate supervisor as the face of senior leadership. Organizations with strong ethical leadership tend to experience lower misconduct rates, less pressure to break rules, and greater employee engagement.40

Strategies to strengthen ethical leadership include the following:

  • Hiring for integrity. Character should be a key consideration during recruitment. Integrity can be assessed through structured and open-ended interview questions, as well as formal integrity tests as part of behavioral or situational assessments.41
  • Educating managers. Leadership training should include how employees evaluate ethics in leadership and emphasize the importance of modelling ethical behavior in and out of the workplace, including on social media platforms such as LinkedIn, Instagram, and Reddit.
  • Sharing credit and recognizing ethical behavior. Leaders should consistently highlight employee actions that align with organizational values and promote a culture of shared success.
  • Seeking honest feedback. Tools like 360-degree performance reviews can help leaders understand how they are perceived and identify areas for improvement.
  • Aligning business objectives with ethical values. Leadership regularly reviews policies and goals to ensure that ethical performance is promoted and celebrated.42
  • Whistleblower protections: Globally, workplace misconduct is at an all-time high. According to the 2023 Global Business Ethics Survey, nearly two-thirds of employees observed one act that they believed violated company standards or the law within the past year.43 Encouragingly, 72% of employees who observed misconduct reported it, which was a record high.44 However, retaliation remains a significant concern. Globally, nearly half of the employees who reported misconduct experienced retribution.45

    Now, more than ever, it is critical that organizations create an environment in which employees feel safe to report issues without the fear of retaliation. Retaliation has a silencing effect on an organization, affecting not only the employees who directly experience retaliation but also colleagues who observe it or hear about it from others.

Leading practices related to internal whistleblower programs include the following:

  • Providing secure and accessible reporting mechanisms. Internal hotlines, digital platforms, or direct-report options should be easy to use and supported by visible leadership commitment.46
  • Assigning independent oversight. Investigations should be conducted by individuals or departments (typically within compliance) with independence, authority, and proper qualifications. Whistleblowers should be kept informed throughout the process and have opportunities to provide relevant input.47
  • Consistent communication and awareness. Employees are more likely to report suspected or observed misconduct when they are regularly reminded of how to do so and assured of protections in place. Some employees prefer to report potential misconduct to an individual they know and trust, so offering multiple reporting channels is essential.48
  • Implementing anti-retaliation protocols. Managers should be trained to recognize and prevent retaliation. Clear policies should prohibit retaliation, define consequences, and establish systems for monitoring when a report is made.49 For example, the anti-retaliation policy for US construction corporation Bechtel outlines protections, obligations, and disciplinary actions. This policy is part of Bechtel’s commitment to maintaining a work environment free from harassment, intimidation, discrimination, or retaliation.50 The Occupational Safety and Health Administration (OSHA) also offers best practices for building effective anti-retaliation programs.51
  • Open Communication: Internal communications aren’t just for disseminating information. They can also promote a positive culture and reinforce leadership’s commitment to ethical behavior.

Organizations can effectively utilize the following internal communications as part of an overall strategy:

  • Reinforce values and behaviors. Use internal communications to highlight the importance of values and clarify acceptable (and unacceptable) behaviors within the organization.
  • Encourage reporting of misconduct. Promote the use of ethics hotlines or encourage employees to report concerns to supervisors or human resources. Reiterate available reporting methods, including hotline phone numbers and web portals.
  • Celebrate and spotlight employees. Recognize employees who exemplify organizational values through features on internal calls, newsletters, or other platforms.
  • Provide examples of ethical solutions. Share real or hypothetical cases that show how employees can handle ethical dilemmas, tailored to different roles.52

    To ensure that information flows smoothly through an organization, it’s essential to be transparent and possess a genuine willingness to share and listen. Management and employees must trust that leaders are sincerely interested in hearing about issues and that they will respond appropriately.
  • Training and awareness programs: Regular and targeted training can reinforce the importance of ethics and highlight the consequences of fraud. This is a critical component of an organizational culture that promotes ethical behavior.

Considerations include the following:

  • Tailored trainings. Training is not a one-size-fits-all approach. Instead, successful training programs are tailored to the organization’s mission, unique risks (including fraud risk assessment), and relevant ethical challenges.
  • Values and policies. Value statements, policy manuals, and codes of conduct should serve as “living” resources that guide everyday behavior, not merely documents that are distributed and forgotten.
  • Audience-specific training. Successful training is designed for the specific audience, considering the attendees’ level, length of employment, and responsibilities.
  • Executive participation. Senior executives should also participate in tailored training, both as recipients and through modelling expected behaviors. Modelling these behaviors reinforces accountability at the top.
  • Real ethical issues. Training should address real ethical issues employees may face. Examples of past situations and how to properly resolve them can be particularly effective.
  • Interactive content. Ideally, training includes interactive content and encourages dialogue regarding real-world ethical dilemmas faced by employees, as well as questions about relevant issues.53
  • Incentivize and reward ethical behavior: Incentives and rewards can be powerful ways to promote ethical behavior within an organization. Specific incentives should be tailored to the organization’s needs, and expectations should be embedded in formal compensation programs and decisions.

Examples of ways to reward and incentivize ethical behavior include the following:

  • Performance reviews. Ethical behavior should be integrated into formal performance reviews. Core competencies might include integrity, fairness, respect, and transparency. Conversely, unethical behavior should negatively affect evaluations, regardless of financial metrics.
  • Employee nominations. Allow employees to nominate colleagues or managers who exemplify ethical behavior and promote a positive culture in the workplace.
  • Points and reward system. Create a system in which employees earn points for ethics and compliance-related behavior. For example, employees who complete all compliance training might earn recognition points redeemable for small rewards or acknowledgments in internal communications. Additional examples include participation in employee surveys and completing 360-degree feedback requests.
  • Compliance requirements for promotions. Ensure that certain compliance and ethics requirements are met for promotion consideration (such as completing all compliance training on time, obtaining compliance and ethics certifications, and having a record of past behavior consistent with effective compliance).
  • Spot awards. Recognize special contributions to specific projects or tasks with spot awards for good ethical practices.55
  • Financial rewards. Provide financial rewards for employees who report suspected fraud violations.56 Note, these should be structured to avoid incentivizing false reports.

Incentives and rewards may be tied to individual performance or to a department’s overall performance. For example, organizations might reward the department in which all employees complete their compliance training on time, the department that records no complaints within a given period, or the department that reaches certain levels of reported customer satisfaction. By incentivizing and rewarding ethical behavior, organizations can foster a culture where ethics and integrity are valued.

The Worst Case Scenarios: Culture as a Driver of Fraud

Wells Fargo

In late 2016, Wells Fargo announced a $185 million settlement of a lawsuit related to claims brought by regulators and Los Angeles County, California, that employees had opened customer accounts and issued debit or credit cards in customers’ names without their authorization. The bank faced significant reputational damage, leading to the resignation of CEO John Stumpf and other senior executives.57

A 2017 report on an independent investigation into the matter found that the following aspects of Wells Fargo’s organizational culture contributed to the cross-selling scandal:

  • The company put undue pressure on employees to meet sales goals and tied performance incentives to those sales goals without ensuring that proper safeguards existed to mitigate misconduct.
  • The company’s control functions and risk mitigation procedures were conducted within a decentralized organizational structure, which led to a lack of oversight and a failure to identify the systemic nature of the problem.
  • Leadership and the board of directors failed to adequately respond to the risks involved or reports of misconduct.58

The Wells Fargo example illustrates how fraud can occur due to breakdowns in organizational culture. As a result of these breakdowns, Wells Fargo faced reputational damage, suffered regulatory consequences, and incurred significant costs to understand and attempt to solve the underlying cultural issues that contributed to the fraud.

The Kraft Heinz Company

The Kraft Heinz Company represents another example of culture influencing improper conduct. In 2021, the SEC charged the company and two former executives with engaging in an expense management scheme that resulted in restating financials. According to the SEC, one former executive was aware of expenses being manipulated through supplier agreements and pressured the procurement division to deliver unrealistic savings targets. Another former executive approved several of the manipulated supplier contracts. Without admitting or denying the SEC’s findings, Kraft Heinz consented to cease and desist from future violations and agreed to pay a civil penalty of $62 million. The former executives were also subject to fines and penalties for their actions.59

Theranos

Not every organization can survive the fallout caused by a toxic organizational culture. Theranos offers a stark example of how toxic culture can lead to fraudulent behavior. Despite the company’s blood testing technology being found to be flawed, Theranos executives pushed employees to lie and pressured them to resign to avoid being fired. According to testimony, Theranos had a culture of isolation, secrecy, retaliation, and fear. This led to the falsification of test results and the misleading of investors and patients about the technology’s capabilities for years.60 In 2018, a grand jury indicted Theranos founder Elizabeth Holmes and Sunny Balwani, the company’s chief operating officer, on multiple counts of wire fraud and conspiracy to commit wire fraud. Theranos was subsequently dissolved. In 2022, both Holmes and Balwani were found guilty on multiple counts of fraud.61

These examples highlight the critical role that organizational culture plays in reducing fraud risk and the serious ramifications that can arise if it is neglected.

Practitioner Practice Tips:

  • Demonstrate a strong tone at the top. Ensure that leadership exemplifies commitment to ethical behavior and communicates its importance across all organizational levels.
  • Foster open communication. Create and maintain accessible channels for employees to report unethical behavior, ensuring that these mechanisms are visible and easy to use.
  • Safeguard against retaliation. Implement policies that ensure that employees can report concerns without fear of retaliation, fostering a culture of trust.
  • Deliver regular ethics and anti-fraud training. Develop and conduct training tailored to the organization and specific employee groups, emphasizing ethical practices and fraud prevention.
  • Align incentives and rewards with ethical behavior. Design incentive structures that promote ethical conduct and discourage unethical practices, ensuring alignment with organizational values.

1Assessing Corporate Culture: A Proactive Approach to Deter Misconduct (Anti-Fraud Collaboration, March 2020), 4, https://www .thecaq .org/enhanceyourcultur

2Assessing Corporate Culture, 6

3Michael A. Crain, William S. Hopwood, Richard S. Gendler, George R. Young, and Carl Pacini, Essentials of Forensic Accounting, 2nd ed . (AICPA, 2019), 215

4“Fraud risk: The fundamentals,” Thomson Reuters, March 26, 2024, https://legal.thomsonreuters.com/blog/the-fundamentals-of-fraud-risk/#head-1

5Joseph T. Wells, Corporate Fraud Handbook: Prevention and Detection, 4th ed . (John Wiley & Sons, 2013)

6Internal Control — Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission (COSO), 2013, 70. COSO is recognized as a leading framework for designing, implementing, and conducting internal control and assessing the effectiveness of internal control

72013 COSO framework.

8Managing the Business Risk of Fraud: A Practical Guide (AICPA 2014), https://www.aicpa-cima.com/resources/download/managing-the-business-risk-of-fraud-a-practical-guide

9Assessing Corporate Culture, 4

10Treviño and Katherine Nelson, Managing Business Ethics: Straight Talk About How to Do It Right, 5th ed. (Routledge, 2011), 151

11Shannon Mullen O’Keefe and Vibhas Ratanjee, “Cultivate 5 Drivers for a High-Performance Culture,” Gallup, September 25, 2020, https://www.gallup.com/workplace/320960/cultivate-drivers-high-performance-culture.aspx .

12Treviño and Nelson, 153

13Ethical Leadership: Every Leader Sets a Tone (Ethics Resource Center, 2014), i. A research report from the National Business Ethics Survey (NBES)

14Ethical Leadership, 2.

15Treviño and Nelson, 150

16Jody Paterson, “Employee Satisfaction and the Impact on Corporate Fraud,” Corporate Compliance Insights, June 3, 2020, https://www.corporatecomplianceinsights.com/employee-satisfaction-corporate-fraud/

17“Organizational Culture,” Gallup survey, https://www.gallup.com/471521/indicator-organizational-culture.aspx

18Treviño and Nelson, 154

19“What Is Organizational Culture? And Why Does It Matter?,” Gallup, https://www.gallup.com/workplace/327371/how-to-build-better-company-culture.aspx

20Gamlath Mohottige Mudith Sujeewa, Mohd Shukri Ab Yajid, Ali Khatibi, S.M. Ferdous Azam, and Isuri Dharmaratne, “The New Fraud Triangle Theory: Integrating Ethical Values of Employees,”

International Journal of Business, Economics and Law 16, no. 5 (2018), https://ijbel.com/wp-content/uploads/2018/08/ijbel5_216.pdf.

21Gamlath Mohottige Mudith Sujeewa et al., “The New Fraud Triangle Theory: Integrating Ethical Values of Employees."

222013 COSO framework, 105.

232013 COSO framework, 115.

24“SEC Whistleblower Program,” U.S. Securities and Exchange Commission, accessed June 1, 2025, https://www.sec.gov/enforcement-litigation/whistleblower-program.

25“6 Ways to Build a Culture of Autonomy in the Workplace,” Quantive, accessed June 1, 2025, https://quantive.com/resources/articles/autonomy-in-the-workplace.

26Paula Davis, “Why Employees Need Autonomy,” Knowledge at Wharton, February 17, 2025,

https://knowledge.wharton.upenn.edu/article/why-employees-need-autonomy/#:~:text=Autonomy%20at%20work%20is%20linked,freedom%20based%20on%20individual%20preference.

27“What Leadership Style Does Google Use: A Data-Driven Approach,” Quarterdeck, May 27, 2025, https://quarterdeck .co .uk/articles/what-leadership-style-does-google-use.

28Global Business Ethics Survey: The State of Ethics & Compliance in the Workplace, A Global Look — 2023 Update (Ethics & Compliance Initiative (ECI), 2023). The Global Business Ethics Survey is a longitudinal, cross-sectional study of workplace conduct from the employee’s perspective. The data provides a benchmark on the state of ethics and compliance in business across the globe.

292013 COSO framework.

30David Schrieberg, “How Does Corporate Culture Fuel Fraud? Start With Volkswagen and Wells Fargo,” Forbes, September 16, 2016, https://www.forbes.com/sites/davidschrieberg1/2016/09/16/how-does-corporate-culture-fuel-fraud-start-with-volkswagen-and-wells-fargo/.

31“Culture Week: Part 3 — A Toxic Culture and the Fraud Triangle,” Compliance Podcast Network, May 1, 2024, https://compliancepodcastnetwork.net/culture-week-part-3-a-toxic-culture-and-the-fraud-triangle/.

32Tone at the Top, Middle and Frontline, KPMG (2017), https://assets.kpmg.com/content/dam/kpmg/za/pdf/2017/02/16342MC%20Fraud%20Risk%20Management.pdf.

33Treviño and Nelson, 152-153.

34Jim Harter and Ben Wigert, “The Post-Pandemic Workplace: The Experiment Continues,” Gallup, March 11, 2025, https://www.gallup.com/workplace/657629/post-pandemic-workplace-experiment-continues.aspx.

35Global Business Ethics Survey (ECI, 2023).

36Treviño and Nelson, 262-263.

372013 COSO framework.

38Treviño and Nelson, 270-271.

39Tone at the Top, Middle and Frontline (KPMG 2017).

40Ethical Leadership. i.

41Eric Friedman, “How to Hire for Integrity and Why It’s Important,” Forbes, September 29, 2021, https://www.forbes.com/councils/forbeshumanresourcescouncil/2021/09/29/how-to-hire-for-integrity-and-why-its-important/ .

42Ethical Leadership, ii.

43Global Business Ethics Survey (ECI, 2023).

44Global Business Ethics Survey (ECI, 2023).

45Global Business Ethics Survey (ECI, 2023).

46Policy Brief: Internal Whistleblowing Systems — Best Practice Principles for Public and Private Organisations (Transparency International UK, 2022), p. 5.

47Policy Brief: Internal Whistleblowing Systems (Transparency International UK, 2022), p. 5.

48Global Business Ethics Survey (ECI, 2023).

49Global Business Ethics Survey (ECI, 2023); Policy Brief: Internal Whistleblowing Systems (Transparency International UK, 2022), p. 6

50“Anti-Retaliation Policy,” Bechtel, October 2024, https://www.bechtel.com/wp-content/uploads/2024/10/Anti-Retaliation-Policy.pdf.

51“Recommended Practices for Anti-Retaliation Programs,” U.S. Department of Labor, Occupational Safety and Health Administration, accessed June 2, 2025, https://www .osha .gov/sites/default/files/publications/OSHA3905 .pdf.

52“Oversight of Corporate Culture: A Core Asset in Driving Performance and Deterring Fraud” webcast, Center for Audit Quality et al, December 13, 2017, https://www.thecaq.org/wp-content/uploads/2019/03/webcast_slides_oversight_corporate_culture_12-2017.pdf .

53Treviño and Nelson, 215-238.

54“Corporate Compliance Forms and Tools 2025: Ideas for Using Incentives in Compliance and Ethics Programs,” COSMOS Compliance Universe, https://compliancecosmos.org/corporate-compliance-forms-and-tools, accessed June 2, 2025. (Cited for all but one example of ethical incentive strategies.)

55Incentivising Ethics: Managing Incentives to Encourage Good and Deter Bad Behaviour (Transparency International UK, 2024), https://www.transparency.org.uk/publications/incentivising-ethics-managing-incentives-to-encourage-good-and-deter-bad-behaviour.

56Incentivising Ethics (Transparency International UK, 2024).

57James Rufus Koren, “Wells Fargo to Pay $185 Million Settlement for ‘Outrageous’ Sales Culture,” Los Angeles Times, September 8, 2016, https://www.latimes.com/business/la-fi-wells-fargo-settlement-20160907-snap-story.html.

58Brian Tayan, “The Wells Fargo Cross-Selling Scandal,” Stanford Closer Look Series, January 2019, https://www .gsb .stanford .edu/faculty-research/publications/wells-fargo-cross-selling-scandal.

59“SEC Charges the Kraft Heinz Company and Two Former Executives for Engaging in Years-Long Accounting Scheme,” press release, U.S. Securities and Exchange Commission, September 3, 2021, https://www.sec.gov/newsroom/press-releases/2021-174.

60Heather Somerville, “In Elizabeth Holmes Trial, Ex-Theranos Employees Cite Culture of Fear and Isolation,” The Wall Street Journal, November 13, 2021, https://www.wsj.com/tech/in-elizabeth-holmes-trial-ex-theranos-employees-cite-culture-of-fear-and-isolation-11636812000.

61Clare Duffy, “The Rise and Fall of Theranos: A Timeline,” CNN Business, July 7, 2022, https://www.cnn.com/2022/07/07/tech/theranos-rise-and-fall.

×