What is an integrated fraud control strategy, what are the implementation challenges

What is an integrated fraud control

strategy, what are the

implementation challenges

Public Sector Anti-Corruption Conference

25 October 2007

Peter Achterstraat

Auditor-General of NSW

What is Fraud

‘An intentional act … involving the use of

deception to obtain an unjust or illegal

advantage’

Australian Auditing and Assurance Standards Board (AuASB)

‘The use of one’s occupation for personal

enrichment through the deliberate misuse or

misapplication of the employing organisation’s

resources or assets’

Potential Impact of Fraud

• Estimated 2–5% of turnover

• For the NSW public sector, potential fraud risk is

$2.6 billion annually, or about $400 per person

in NSW

Potential Impact of Fraud - cont

• $1.7 million per company – asset

misappropriation, false pretences and

counterfeiting

PWC Global Economies Crime Survey 2005

• Not just financial – reputation, staff

Role of the Audit Office – Fraud

Primary focus – opinion on financial report

Fraud obligations – ASA 240

• Restricted to:

– fraud risks that materially effect financial reports

– advising management of material fraud risks

– testing material fraud risks

• Maintain an attitude of professional scepticism

• Seek written confirmation from management on

adequacy of fraud control and any frauds

Agency management responsible for fraud

prevention, detection and investigation

Audit Office Performance Audits

Performance audits on fraud

• Fraud Control performance audits - 1993, 1998, 2005

• Better Practice Guide 1994 – updated 2005

• Fraud Control Improvement Kit - 1996

Performance audits -

Review effectiveness, efficiency,

What is required of

NSW Government Agencies

• 1990 – Premier’s Department – NSW public sector

agencies to have formal fraud control strategy

• 1994 – Audit Office Fraud Control guide endorsed

by Premier’s

Management Responsibility

Integrated Fraud Control Attributes

Prevention

1. Integrated macro policy

2. Responsibility structures

3. Fraud risk assessment

4. Employee awareness

5. Customer and community awareness

Detection

6. Notification systems

7. Detection systems

8. External notification systems

Investigation

9. Investigation systems

10.Conduct and disciplinary systems

Audit Office Fraud Control

Improvement Kit - 2006

Help with two main problems:

• Achieve effective fraud control in all work

areas – all 10 attributes

• Maintain long-term staff awareness of fraud

control

Two tools:

• Fraud Control Health Check

Health Check Questionnaire

P l e a s e p u t a t i c k i n t h e m o s t a p p r o p r i a t e b o x _{D i s a g r e e} S t r o n g l y D i s a g r e e A g r e e S t r o n g l y _{A g r e e} 1 . O u r f r a u d c o n t r o l p o l i c i e s a n d p r o c e d u r e s t e l l u s h o w t o d e a l e f f e c t i v e l y w i t h t h e f r a u d r i s k s w e f a c e 2 . M o s t s t a f f i n m y w o r k a r e a a r e a w a r e o f t h e i r r e s p o n s i b i l i t i e s f o r m i n i m i s i n g f r a u d i n o u r w o r k p l a c e 3 . T h e f u n c t i o n s o f m y w o r k a r e a a r e r e g u l a r l y a s s e s s e d t o i d e n t i f y a n d a d d r e s s t h e f r a u d r i s k s w e f a c e 4 . O u r o r g a n i s a t i o n c o n d u c t s r e g u l a r t r a i n i n g i n f r a u d c o n t r o l 5 . I a m c o n f i d e n t t h a t o u r c u s t o m e r s / c l i e n t s , s u p p l i e r s a n d c o n t r a c t o r s w o u l d u n d e r s t a n d t h a t o u r o r g a n i s a t i o n w i l l n o t a c c e p t f r a u d u l e n t d e a l i n g s / t r a n s a c t i o n s 6 . S t a f f a r e e n c o u r a g e d t o r e p o r t a l l e g e d f r a u d o r c o r r u p t i o n i n m y o r g a n i s a t i o n 7 . I a m c o n f i d e n t t h a t m y o r g a n is a t i o n s y s t e m a t i c a l l y m a k e s e f f o r t s t o d e t e c t f r a u d a n d c o r r u p t i o n 8 . I a m c o n f i d e n t t h a t m y o r g a n is a t i o n w o u l d r e p o r t f r a u d a n d c o r r u p t i o n t o e x t e r n a l o r g a n i s a t i o n s ( e g . I C A C , P o l i c e ) w h e r e i t w a s r e q u i r e d t o d o s o 9 . I a m c o n f i d e n t t h a t i n t e r n a l i n v e s t i g a t i o n s o f a l l e g e d f r a u d a n d c o r r u p t i o n w o u l d b e c a r r i e d o u t t o h i g h s t a n d a r d s i n m y o r g a n i s a t i o n 1 0 . M o s t s t a f f i n m y w o r k a r e a u n d e r s t a n d t h a t s t a f f w i l l b e d i s c i p l i n e d f o r f r a u d u l e n t o r c o r r u p t b e h a v i o u r , a n d f o r b r e a c h e s o f o u r c o d e o f c o n d u c t / e t h i c s

Audit Office Fraud Control

Improvement Kit – cont

Health Check Report

Results for Individual Work Areas

Fraud Control Attribute

Overall Results for

Individual Fraud

Control Attributes

Work Area 1 Work Area 2 Work Area 3 Work Area 4

1. Fraud Control Policy

green

green

green

green

orange

2. Responsibility Structures

green

green

green

green

green

3. Fraud Risk Assessment

orange

green

orange

green

red

4. Employee Awareness

red

orange

red

red

red

5. Customer & Community Awareness

orange

green

green

orange

red

6. Notification Systems

orange

green

orange

green

red

7. Detection Systems

green

orange

green

green

green

8. External Notification Systems

red

green

red

orange

red

9. Investigation Systems

green

green

green

green

orange

10. Conduct & Disciplinary Systems

green

green

green

green

green

Overall Work Area Results

green

orange

orange

red

•Key •Urgent action _•red

required •orange

•Action required •green

•Good performance

Audit Office Fraud Control

Improvement Kit – cont

Audit Office Fraud Control

Improvement Kit – cont

• Just so you know

• Signs of success

• Previous fraud control performance

improvement initiatives

• Rating current performance

• Determining future actions

Improvement Workshop

Audit Office Fraud Control

Improvement Kit – cont

Attribute 3

Fraud Risk Assessment

Just so you know

This is attribute No. 3 (of 10) in your organisation’s fraud control strategy.

It is one of a number of elements that contribute to establishing a fraud control environment for the organisation.

This specific attribute would be working well if:

ƒ

your organisation undertakes regular assessments of its fraud risks

ƒ

fraud risk assessment quantifies the level, nature and form of the fraud risks to be managed

ƒ

your organisation takes actions to mitigate issues identified in the fraud risk assessment.

has your organisation assessed its fraud risks?

has fraud risk been assessed within the past 2-3 years?

have fraud risks been formally identified at your work area?

have fraud controls been discussed at your work area?

Signs of success?

Please consider your own views about the following points. People in different roles and at different levels may have different knowledge and

different views about these matters – that is fine. Just say what you think, based on what you know

NSW Public Sector Fraud Control

Audit Office Report 2005

1993 Audit Results

Highly

Effective

20%

Effective

13%

Fairly

Effective

17%

Partly

Effective

15%

Generally

Ineffective

10%

Ineffective

25%

2004 Audit Results

Generally

Ineffective

6%

Fairly

Effective

26%

Effective

37%

Partly

Effective

16%

Ineffective

2%

Highly

Effective

13%

Improving – still a long way to go

Public Sector Fraud Control Strategies

• Only 50 per cent of NSW agencies have

‘effective’ or ‘highly effective’ fraud control

strategies – more than 15 years after Premier’s

Department requirement

• Universities had more ‘generally ineffective’

strategies

• Budget sector better than non-budget sector

NSW Public Sector Fraud Control

Audit Office Report 2005 - cont

Public sector better at:

• Protected Disclosure – part of attribute 6

(notification)

• External Reporting - attribute 8 (external

notification systems)

• Consolidating and harmonising relevant agency

policies – attribute 1 (integrated macro policy)

• Defining organisational arrangements and

responsibilities – attribute 2 (responsibility

structures)

NSW Public Sector Fraud Control

Audit Office Report 2005 - cont

Public sector is not performing well with:

• Customer and community awareness –

attribute 5

• Employee awareness – attribute 4

• Fraud risk assessment – attribute 3

• Investigation standards – attribute 9

NSW Public Sector Fraud Control

Audit Office Report 2005 - cont

Current and Emerging Issues in

Implementing Effective Fraud Control

Poor Risk

Assessment

Practices

Ethical Behaviours

in the Workplace

Appropriate

Training for

All Staff

Organisational

Change

Technological

Change

Commitment of

Senior Management

Quality and

Quantity of Audits

Short Cuts in

Decision Making

Role of Audit Committees

• Review the adequacy of processes supporting an

agency’s fraud control

Standards for Fraud Control

Corporate governance standards

• A core set of governance principles (features)

(AS 8000)

• Fraud control and corruption prevention (AS

8001)

• Codes of conduct (AS 8002)

• Corporate social responsibility (AS 8003)

• Whistleblower systems (AS 8004)