This is the final installment of a three-part series about strategies to help compliance professionals reduce the risk of fraud or corruption at their businesses. Part 1 and Part 2 talked about matching "zero tolerance" policies with consistent actions. This post talks about the elements of an effective compliance program.
In my opinion, the best control an organization can have in place to reduce the risk of fraud and corruption is a corruption-aware workforce that is educated in areas such as:
Knowing the red flags of corruption and fraud -- understanding that signs to look for and the common types of fraudulent behavior.
Creating and enforcing related policies, such as a Code of Conduct, Fraud Policy, Protected Disclosure Policy, etc., that explain what is acceptable behavior and what will happen if those expectations are not met.
Knowing what to report and to whom you should report.
Organizations are often concerned that fraud and corruption awareness training might provide ideas to employees, but I can say with certainty that by attending a training session on these topics, an honest employee is not going to suddenly become dishonest.
Rather, they will not be better armed with the knowledge to detect fraud and corruption in the early stages and respond accordingly.
It should also be noted that one of the things that regulators look for when reviewing an organization after it has suffered a fraud or corruption incident is the level of training that has been provided to the staff.
Having a comprehensive training program may go a long way to mitigating potential sanctions against an organization.
In most instances, the more opaque a decision-making process is, the more likely it can either be questioned or compromised. All decisions, particularly those with financial outcomes such as tenders, vendor appointment, procurement terms, etc., should be justified and recorded. They should be made available for scrutiny by relevant internal and external stakeholders.
If that does not occur, there will always be the inference of poor administration or corruption around these decisions. Further, those choosing to engage in fraudulent or corrupt behavior can often hide their behavior in systems and processes that are not well-documented or audited.
If an organization wants to effect positive cultural change in this area, management key performance indicators must be linked to fraud and corruption-prevention strategies. These include the timely implementation of risk controls arising from fraud and corruption risk assessments, responding correctly to disclosures by staff or third parties, and ensuring their staff attend fraud and corruption awareness training.
At the organization level, boards should ensure that sentior management is held accountable for the corrupt conduct of management and staff within their organization, or for control failures that allow third parties to engage in fraudulent or corrupt behavior.
Many organizations are unaware of the fraud and corruption risks inherent in their organization through its products, services, entry into new markets or geographical locations. Not appreciating these risks makes it impossible to manage them.
Fraud and corruption risk assessments must be undertaken at least every two years, or following any of the major changes noted above. As we all know, the only constant in business is change. As an organization changes, so too should its fraud and corruption risk environment.
___
Guy Underwood is the executive chairman and founder of the RISQ Group, one of APAC's leading providers of risk management and employment screening services. He can be reached here.