By David Carson and Barry Robinson
There are specific requirements all organisations should note in their formulation of a sound foundation for managing fraud and corruption risks. Such a foundation requires augmentation in respect of organisation-specific environments.
As a minimum, organisations should have all of the below measures in place. This list is not exhaustive and serves simply as a foundation for managing fraud and corruption risks. However, it should be helpful in putting you – and your organisation – on the right track.
- Embed an effective fraud prevention strategy: ensure that there is an approved fraud prevention strategy, protected disclosures policy, conflict of interest policy, anti-bribery and corruption policy and fraud response plan (including cyber-incident response), which are clearly articulated, implemented and communicated throughout the organisation.
- Implement a tiered approach: implement a three-tier approach to reducing fraud and corruption, which should include essential elements of prevention, response and detection.
- Effective fraud risk assessments: initiate ongoing fraud risk assessments (including the assessment of cyber-related risks), which are a non-negotiable element of mitigating the risks of fraud. These should be conducted at an enterprise and business unit level.
- Optimise the use of technology in detecting fraud: leverage technology in order to implement continuous control monitoring measures through forensic data analytics aimed at the early detection of fraud and corruption risk indicators.
- Assess employee awareness: conduct an annual online fraud health check survey among employees, which should ideally be anonymous in nature.
- Eliminate conflicts of interests: manage the risk of conflicts of interest through the implementation of an auditable declaration process where all declarations are assessed and verified.
- Manage relationships with external stakeholders: discourage/prohibit the receipt of gifts from suppliers as this alleviates the risk of potential irregularities and furthermore reduces the administration of any gift register.
- Know your business partners: supplier vetting should entail stringent verification and approval measures, including a conflict of interest declaration.
- Create awareness: fraud awareness and anti-fraud education should be consistently applied throughout the organisation on a continuous basis.
- Inform employees how to raise concerns: organisations should ensure that all employees know the policy for making protected disclosures under the Protected Disclosure Act 2014.
David Carson is a Partner in Forensics and Barry Robinson is a Director in Corporate Finance in Deloitte.
This article was originally published by Chartered Accountants Ireland in January 2018. You can read the article here.