It is not known if Citibank was previously suspicious of Shivraj Puri. But five years ago, another company handling Citibank money, MsourcE, had reason to make a note of an employee in its institutional memory. It didnt, and ended up Rs 2 crore poorer for it.

Maurelene Dilioris Fernandes, then 25, was a team leader at MsourcE, the BPO arm of MphasiS BFL that serviced Citibank retail customers worldwide. Conspiring with four current and former colleagues, she obtained the account passwords of some Citibank customers in New York, and transferred about $425,000 (about Rs 2 crore) of their money into dummy accounts in India.

The investigations that followed revealed a small fact about Fernandes that could have prevented this big crime. Seven months before being busted, Fernandes had been accused by a colleague of stealing her credit card and running up bills of Rs 50,000.

If her company had taken note of this incident, the next fraud may have been avoided, says Anil Roy, Partner and Head of forensic investigation services at Grant Thornton India, who worked on the case. It was, in accounting and risk management parlance, a red flag a portent of bigger, worse things to come.

Were their any red flags in Puris case? If so, did Citibank ignore them? Did the bank learn and apply lessons from the MsourcE case? Citibank did not reply to emails or telephone calls.

The larger issue is now a throbbing one: are Indian companies capable of detecting and dealing with internal frauds? Or are they sitting ducks for bigger scams?

India Inc is in a trust-induced slumber. According to KPMGs India Fraud Survey 2010, conducted on senior executives of 1,000 organisations, 75% of the respondents felt corporate fraud was on the rise. Yet, 41% conceded their organisations did not have a risk-management framework to check fraud. KPMGs Head of forensic services Deepankar Sanwalka wasnt available for comment.

Richard Dailly, India Head of Kroll, a global risk-consulting company, says companies need to take a hard look at their risk-management systems and internal controls. But thats only a starting point for a larger shift in attitudes and organisational culture in India Inc. Having strong compliance and audit teams, and putting in structures and processes is not enough, says Dailly. There has to be an increase in acceptance of corporate fraud, and a willingness to challenge it.

Companies also need to do this more frequently in line with how the business environment and technology evolve. No system is permanent. You have to continuously review your systems and procedures, says DD Rathi, former President and CFO of Grasim, who now heads the business review council for AV Birla Groups services businesses.

While banks and financial services companies are an obvious target, FMCG and construction companies are also facing more incidents of fraud. According to the KPMG survey, the most common forms of frauds in India are theft of funds or goods through false invoicing and claims, and bribery/kickbacks. E-commerce and computer-related frauds come next, followed by financial statement frauds, IP-related (counterfeiting and piracy) and corporate espionage.

Indian companies, however, disclose only a fraction of what takes place. 90% of it is not reported, says Grant Thorntons Roy. Also, the incidence of legal action being initiated against offenders is very low 35% of cases, says the KPMG report. Most companies are scared that such incidents will tarnish their image among customers, investors and suppliers.

Such companies would rather quell the bad news and get on with growing their business in a booming economy. Thats a dangerous trend from a hiring point of view, cautions Atul Vohra, Managing Partner at Transearch India, an executive-search firm. Companies are rushing to hire, he says. Not enough attention is being paid to diligence and quality of intake.

Theres a price to be paid for that. The KPMG survey says 75% of frauds (excluding IP-related) in companies are committed by their own employees, often in collusion with outside parties. At times, such frauds are committed by fairly senior and qualified executives (in the Satyam Computer case, the promoters were involved).

Blame it on technology or the inter-connected nature of our lives, but these could increasingly account for more scams, even in organisations that appear to have robust governance and risk-management practices. Controlled fraud or management fraud is much bigger, and we will see much more of it in India, says Grant Thorntons Roy.

Its also more difficult to unravel. It takes longer to weed out the real extent of damage, and trials drag for many years. This makes the allure of corporate fraud even greater. The issue of ethics and values thus assumes greater significance, especially when hiring knowledge workers and senior executives.

Part of the responsibility (of search firms) is to understand an individuals moral dimensions, and ratify this through a 360-degree referencing across organisations he has worked in, says Transearchs Vohra. This is not often recognised by clients for the value it brings.

While the bogey of fake or falsified CVs in the past has brought in greater rigour in the IT industry, this isnt limited to entry-level candidates alone. People lie about their college degrees at very senior levels as well, says Vohra. He recounts the recent case of a very senior HR executive who has worked with some of the biggest names in Corporate India . Upon investigation, this person was discovered to have a background of sexual harassment and a drinking problem. There are many Shivraj Puris with smaller offences who go around taking up new jobs, says Vohra. Detecting the red flags, and acting on them, can keep them out.