Mumbai/Bangalore: Audit and security experts and a stock market analyst say the fraud at India’s third largest information technology services exporter Wipro Ltd, although small in magnitude, has raised questions regarding disclosure policy, the efficacy of internal controls and the use of outdated models for authorizing large cash transfers.
The embezzlement by Anup Kumar Agarwal, a chartered accountant who joined the company as an intern in 2006, and was later promoted as an assistant manager in a division of the finance department, was discovered after one of Wipro’s bankers alerted the company in December about the lack of funds in an account. The division, since restructured, had powers to authorize payments on behalf of Wipro.
“It is total lack of information security. Passwords in these cases are normally changed at least once in three months. The individual cannot be stealing every time,” said N. Vijaya Shankar, a cyber law expert, who was part of the panel that helped frame the IT Act, 2000. “Even if the security systems had been breached, the statutory auditors should have found this.”
The Economic Times, which first reported the fraud on 17 February, put the amount at $4 million (Rs18.44 crore), while on Tuesday, news agency PTI, citing unnamed sources, said the amount could be as high as Rs32 crore.
On 23 December, Agarwal, 28, was found dead on a railway track in east Bangalore. “He was under mental stress because of charges of financial irregularities in his office,” Railway superintendent of police D.C. Rajappa said, quoting a written statement by Agarwal’s wife, Rashmi. “We registered a case of unnatural death.”
The police did not pursue the case as she did not suspect or name anyone as being behind the action, he added.
Rashmi, also a chartered accountant, could not be reached for comment, while phone calls to Agarwal’s father, Sajjan Agarwal in Dhanbad, Jharkhand, went unanswered.
So far, Wipro has not made any formal disclosure about the embezzlement, besides a brief statement—issued in response to queries from the media—admitting to its existence. The company has not lodged a police complaint regarding the fraud.
Wipro is listed on the Bombay Stock Exchange and the National Stock Exchange, besides the New York Stock Exchange.
Wipro did not provide any answers to a detailed questionnaire from Mint. An official spokesperson said that in keeping with legal advice, Wipro would be able to disclose any details pertaining to the fraud only after an internal investigation is completed. It did not set a time frame for a report.
Suresh Senapaty, a board member and Wipro’s chief financial officer,?did?not respond to calls or text messages.
According to a person familiar with the developments, Agarwal reportedly stole the password of Satish Arunachalam, his immediate supervisor, to transfer funds to his personal bank account. Arunachalam, a chartered accountant and general manager for SEC (the US Securities and Exchange Commission) and financial reporting at Wipro, according to his Linkedin profile, could not be reached for comment. Arunachalam and one other person have reportedly resigned, two people familiar with the development said. Mint couldn’t immediately confirm any of these details.
An analyst said that while the embezzlement itself may not have been something the management could control, the company should have come clean earlier as part of good corporate governance practice.
“The company could have been proactive in disclosing the fraud, especially when it had an opportunity in January while declaring the December quarter results,” said Ankur Rudra, analyst at the Indian arm of UK-headquartered investment advisory Noble Group Ltd. “Even now, a strong statement would be good to assuage any investor or client concerns.”
An expert said that while it may not be possible to completely rule out the possibility of fraud, it is possible to reduce the scope for this by putting in place intelligent checks and balances.
“They (companies such as Wipro) do have the data points from these control systems. What they lack is an efficiency in monitoring these data points and acting on them,” said Murali Talasila, director, forensic services, at consultancy KPMG.