In the current business environment,
fraud represents a widespread challenge that can profoundly affect
organisations' financial stability and reputation. Organisations need to
cultivate a robust anti-fraud culture to address this escalating issue. This
initiative should commence with a commitment from the director level to promote
a zero-tolerance stance against fraudulent activities.
Senior Organisational Support
When an organisation’s Executive team
proactively addresses fraud risks and red flags, it sends a powerful message to
employees about the importance of honesty and integrity in the workplace. By
distributing emails and videos across the organisation’s communication
channels, executives can communicate the organisation’s stance on fraud and
provide employees with the knowledge and resources needed to report any
suspected fraudulent activities.
The involvement of C-level executives in
promoting a zero-tolerance attitude towards fraud can help set the tone for the
entire organisation. Employees are more likely to take fraud prevention
seriously when they see that organisational leadership is committed to creating
a culture of transparency and accountability. This can foster a sense of trust
and encourage stakeholders to speak up if they witness unethical behaviour.
Additionally, when informed about fraud
risks and red flags, employees are better equipped to identify and report
suspicious activities. By providing clear information about where to find
relevant fraud policies and procedures, executives can empower employees to actively
prevent fraud within the organisation.
Furthermore, when employees see that
organisational leadership is serious about combating fraud, they are likely to
adopt positive behaviours that align with the organisation’s values. This can
create a culture of compliance and ethical conduct, where employees understand
the consequences of engaging in fraudulent activities and are motivated to
uphold the organisation’s integrity.
The Need for Fraud Risk Assessments
Fraud is a widespread issue that can
have significant financial and reputational consequences for organisations. To
effectively manage and mitigate fraud risks, organisations must conduct a
comprehensive fraud risk assessment on an annual basis. This assessment should
evaluate internal and external fraud risks that may impact the organisation and
any specific risks unique to group subsidiaries.
An organisation-wide fraud risk
assessment should be conducted annually to ensure the organisation is current
on the latest fraud risks and trends. Fraudsters are constantly evolving their
tactics, and what may have been a low risk in the past could pose a significant
threat in the future. By conducting an annual fraud risk assessment,
organisations can proactively identify and mitigate potential fraud risks
before they materialise.
In addition, including group
subsidiaries in the fraud risk assessment is essential to ensure the entire
organisation is protected from fraud risks. Group subsidiaries may have
different operations, processes, and risks compared to the parent organisation,
and it is essential to assess and address these risks to prevent potential
fraud incidents. By including group subsidiaries in the risk assessment,
organisations can ensure a comprehensive approach to managing fraud risks.
Furthermore, organisations should
document the steps to mitigate external and internal fraud risks identified in
the assessment. This documentation can be a reference point for future
evaluations and audits, and help ensure accountability and transparency in
fraud risk management efforts. By identifying those responsible for 'owning'
fraud risk within each business unit or function, organisations can promote
accountability and support a robust risk governance structure.
To ensure that the organisation-wide
fraud risk assessment remains relevant and practical, it should be reviewed
periodically to incorporate any risks that may have emerged since the last
evaluation. By staying informed about fraud risks and trends, organisations can
adapt their risk management strategies accordingly and stay one step ahead of
fraudsters.
Ownership and Key Organisational
Stakeholders Towards Fraud Mitigation
Key stakeholders overseeing specific
business units, such as those in finance, compliance, and internal audit,
should consider revisiting their existing fraud risk assessments. They must
evaluate how the listed 'in-scope' offences may impact their operations and
activities. Furthermore, it is crucial to clarify ownership of specific fraud
risks from a governance standpoint and ensure this assessment is appropriately
documented.
Individuals managing finance and
internal audit functions, particularly those overseeing personnel involved in
financial reporting, should undergo internal training regarding the offences.
This training is especially pertinent in environmental, social, and governance
(ESG) fraud. It may include misrepresenting an organisation's performance
related to its ESG initiatives to achieve performance goals or financial
targets. Understanding these nuances is vital for maintaining integrity in
reporting. If an organisation benefits from fraudulent financial misreporting,
it risks falling under one of the 'in-scope' fraud offences.
It is crucial to ensure that fraud
prevention systems and controls are regularly updated, refresher training is
conducted, and enhanced procedures are implemented as necessary. Establishing a
working group for fraud risk owners can facilitate collaboration in identifying
emerging fraud risks, including those associated with cybercrime, and promote
information sharing across various business functions such as finance, audit,
legal, and compliance.
Organisational Anti-Fraud Policies and
Procedures
An organisation must regularly revise
its policies and procedures related to fraud, anti-bribery and corruption, ESG
standards, third-party suppliers, and modern slavery. These updates should
clearly articulate the expected behaviours and conduct of employees, agents,
and third-party suppliers in fostering a culture that actively combats fraud.
Additionally, the policies must outline the individual and corporate
repercussions for failing to adhere to these standards, ensuring everyone
understands the importance of compliance.
The policies should also provide clear
guidance on the consequences of non-compliance, which may include severe
penalties such as the termination of employment for individuals found guilty of
committing fraud under UK law. This clarity is crucial in reinforcing the
seriousness of these offences and the organisation's commitment to maintaining
integrity and ethical standards. By establishing a transparent framework for
accountability, the organisation can better protect itself and its stakeholders
from potential risks associated with fraudulent activities.
To ensure accessibility and
comprehension, these policies and procedures should be written in plain English
and, if necessary, translated into other languages. They must be designed to be
easily understood by all employees, regardless of their position. Furthermore,
copies should be readily available on the organisation’s online portal or
intranet and in printed form, with a designated compliance or legal contact
person responsible for maintaining these documents and helping when needed.
The Requirement for Training
It is essential to implement mandatory
fraud training, including pertinent UK fraud offences and their significance to
the organisation's specific operations and services. This training should be
offered as a refresher session to all employees, regardless of their position.
Comprehensive records must be maintained for all participants, and there should
be evident repercussions for those who fail to attend these essential training
sessions.
The training program should be designed
to be accessible and engaging, delivered either in person or through an
e-learning platform. To ensure effective learning, participants should be
assessed through quizzes or tests after the training, with a required pass mark
to validate their understanding of the material covered. This approach
reinforces the training content and encourages accountability among employees.
Organisations should also evaluate their
relationships with third-party service providers and assess how to ensure that
all entities within their supply chains have robust policies, procedures, and
training programs to combat and reduce the risk of fraud. By fostering a
culture of vigilance and compliance throughout the supply chain, organisations
can enhance their fraud prevention strategies and protect their operations.
Eradicating Fraud Risks from the Supply
Chain
When an organisation decides to onboard
third-party suppliers and enter into contracts, due diligence is crucial to
ensure they share the same commitment and values regarding fraud prevention.
Fraud can have severe consequences for an organisation, including financial
losses, damage to reputation, and legal repercussions. Therefore, organisations
must take proactive steps to mitigate the risk of fraud when working with
third-party suppliers.
One of the first steps in onboarding
third-party suppliers should be to assess their commitment to upholding an
anti-fraud culture. This can be done through an initial assessment of the
supplier's policies, procedures, systems, and controls related to fraud
prevention. Organisations should also consider conducting background checks on
the supplier to ensure they do not have a history of fraudulent behaviour.
In addition to assessing the supplier's
commitment to preventing fraud, organisations should ensure that the contract
terms reflect this commitment. Contracts with third-party suppliers should
clearly outline the rights and responsibilities of both parties, including the
organisation's right to audit and review the supplier's processes and controls
related to fraud prevention. The contract should also specify the
organisation's ability to periodically request information from the supplier to
ensure compliance with anti-fraud measures.
By incorporating these provisions into
the contract, organisations can establish a framework for ongoing monitoring
and oversight of the supplier's activities. This can help mitigate the risk of
fraud and provide assurance that the third-party supplier behaves in a manner
consistent with the organisation's values and commitment to fraud prevention.
Ultimately, engaging in considered due diligence and drafting carefully crafted
contracts with third-party suppliers protects the organisation from the potentially
devastating effects of fraud.
By ensuring suppliers share the
organisation's values and commitment to anti-fraud measures, organisations can
establish a strong foundation for a successful and mutually beneficial
relationship. It is important to remember that prevention is always better than
a cure when it comes to fraud, and investing time and resources in preventing
fraud at the outset can save organisations significant time, money, and
reputational damage in the long run.
Reducing the Risks of Supply Chain Fraud
In today's fast-paced and globally
interconnected business environment, organisations increasingly rely on
third-party vendors to deliver goods and services, manage essential functions,
and support critical business operations. While these partnerships can provide
numerous benefits, they also introduce risks and challenges for organisations,
particularly regarding fraud and compliance issues.
Third-party vendors, also known as
suppliers or contractors, play a crucial role in helping organisations
streamline operations, reduce costs, and improve efficiency. However, these
partnerships also have inherent risks, especially in fraud, corruption, data
security breaches, and regulatory compliance. As a result, organisations must
thoroughly assess their third-party vendors to ensure they meet the necessary
standards and are not putting the business at risk.
One effective way organisations assess
their third-party vendors is by engaging third-party audit teams to conduct a
comprehensive review. These audit teams should examine the vendor contracts to
confirm the level of inspection rights afforded to the business, allowing them
to inquire into and inspect the books, records, and premises of those who
perform services for or on behalf of the organisation.
Organisations can identify which vendors
pose the highest risk to the business by conducting a detailed assessment of
third-party vendors. Those vendors assigned a 'high-risk' status should be
subject to enhanced audit and inspection rights to mitigate potential risks. In
cases where certain vendors no longer align with the organisation's fraud risk
appetite, the business should consider whether to exit those relationships to
protect its interests and reputation.
It is crucial for organisations to
continuously monitor and reassess their third-party vendors to ensure ongoing
compliance and alignment with the organisation's risk management framework.
Regular audits and inspections can help identify risks or issues that may
emerge over time, allowing the organisation to take proactive measures to
address them before they escalate into serious problems.
Additional articles can be found
at Commercial
Management Made Easy. This site looks at commercial management
issues to assist organisations and people in increasing the quality,
efficiency, and effectiveness of their products and services to the customers'
delight. ©️ Commercial Management Made Easy. All rights reserved.