<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>FRAUD AND CORRUPTION | InConsult</title>
	<atom:link href="https://inconsult.com.au/publication-category/fraud-and-corruption/feed/" rel="self" type="application/rss+xml" />
	<link>https://inconsult.com.au</link>
	<description>Helping you confidently take risks</description>
	<lastBuildDate>Wed, 21 Aug 2024 22:40:24 +0000</lastBuildDate>
	<language>en-AU</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	

<image>
	<url>https://inconsult.com.au/wp-content/uploads/2021/06/cropped-favicon-3-32x32.jpg</url>
	<title>FRAUD AND CORRUPTION | InConsult</title>
	<link>https://inconsult.com.au</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>How to Create a Culture of Fraud Reporting</title>
		<link>https://inconsult.com.au/publication/how-to-create-a-culture-of-fraud-reporting/</link>
		
		<dc:creator><![CDATA[Tony Harb]]></dc:creator>
		<pubDate>Thu, 03 Aug 2023 20:33:26 +0000</pubDate>
				<guid isPermaLink="false">https://inconsult.com.au/?post_type=publication&#038;p=10958</guid>

					<description><![CDATA[<p>Fraud, whether perpetrated internally or externally, can inflict severe financial losses, tarnish reputations, and undermine stakeholder trust. Moreover, the rise of sophisticated cyber threats and rapidly evolving techniques employed by fraudsters pose unprecedented challenges to many small and large businesses. Implementing robust fraud risk management strategies is not only essential for protecting an organisation&#8217;s bottom [&#8230;]</p>
The post <a href="https://inconsult.com.au/publication/how-to-create-a-culture-of-fraud-reporting/">How to Create a Culture of Fraud Reporting</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></description>
										<content:encoded><![CDATA[<p>Fraud, whether perpetrated internally or externally, can inflict severe financial losses, tarnish reputations, and undermine stakeholder trust. Moreover, the rise of sophisticated cyber threats and rapidly evolving techniques employed by fraudsters pose unprecedented challenges to many small and large businesses.</p>
<p>Implementing robust fraud risk management strategies is not only essential for protecting an organisation&#8217;s bottom line but also for upholding its ethical integrity and sustaining long-term success.</p>
<p>Building a culture of fraud reporting is crucial.  By fostering an environment where employees feel safe and empowered to report suspicious activities, organisations can identify and address fraud early, protecting their interests and stakeholders.</p>
<p>In this publication, the InConsult team explore the essential steps in creating a culture of fraud reporting within an organisation to help combat such unethical behaviour.</p>
<h3>Establish a Clear Code of Ethics and Conduct</h3>
<p>A robust and transparent code of ethics and conduct serves as the foundation for fostering integrity within an organisation. This code should clearly outline the expectations for ethical behaviour, including zero tolerance for fraud, bribery, corruption, and other dishonest practices. It should also emphasize the importance of reporting any violations or suspicions without fear of retaliation.</p>
<p>The Code of Ethics and Conduct should be provided to all employees during onboarding.  It should be reviewed and signed as acknowledgement.  Elements of the organisations Code of Ethics and Conduct should be included in induction training and reinforced periodically at least annually by leaders and executives. Regular communication sets the tone for the entire organisation.</p>
<h3>Lead by Example</h3>
<p>Culture is usually top-down and not bottom-up, so creating a culture of fraud reporting starts at the top.  Leaders must “walk the talk” and demonstrate a real commitment to fraud prevention.  They must explain to employees that fraud is morally wrong and it will not be tolerated.  Leaders and executives must:</p>
<ul>
<li>actively encourage employees to report incidents and do so themselves,</li>
<li>lead by example and consistently adhere to the organisation&#8217;s ethical standards, and</li>
<li>demonstrate integrity in decision-making and day-to-day behaviours.</li>
</ul>
<h3>Establish Clear Boundaries, Policies and Procedures</h3>
<p>Guided by the governing body or board, leaders and executives need to provide clear and transparent fraud and corruption prevention policies as well as clear reporting guidelines and procedures that include the expectations, responsibilities and appropriate channels for reporting fraud incidents.</p>
<p>Ensure such policies are communicated to all employees and stakeholders and easily accessible to employees and external service providers/public.</p>
<p><img fetchpriority="high" decoding="async" class="aligncenter wp-image-8223" src="https://inconsult.com.au/wp-content/uploads/2021/11/AS-8001-2021-1.jpg" alt="AS 8001-2021 fraud" width="716" height="565" srcset="https://inconsult.com.au/wp-content/uploads/2021/11/AS-8001-2021-1.jpg 1251w, https://inconsult.com.au/wp-content/uploads/2021/11/AS-8001-2021-1-300x237.jpg 300w, https://inconsult.com.au/wp-content/uploads/2021/11/AS-8001-2021-1-1224x966.jpg 1224w, https://inconsult.com.au/wp-content/uploads/2021/11/AS-8001-2021-1-768x606.jpg 768w" sizes="(max-width: 716px) 100vw, 716px" /></p>
<p>Consider using the AS 8001:2021 Fraud &amp; Corruption Control standard as a guide to establish the foundations of your fraud and corruption prevention framework, including reporting. AS 8001:2021 is very comprehensive and covers all elements of fraud and corruption, including reporting.</p>
<p>Key aspects of the framework should be modified for local laws that are specific to each country the organisation operates in.  Also, whilst many fraud risks are homogenous, some fraud risks that can be specific to an industry.</p>
<h3>Communicate the Importance of Fraud Reporting</h3>
<p>Regular communication about the significance of fraud reporting is essential.</p>
<p>Organisations should conduct workshops, training sessions, and awareness campaigns to educate employees about the potential consequences of fraud, the reporting process, and the protection provided to whistleblowers. Employees need to understand that their actions play a crucial role in safeguarding the organisation&#8217;s financial and reputational well-being.</p>
<h3>Anonymous Fraud Reporting Channels</h3>
<p>Many employees are reluctant to report fraud due to fear of retaliation or reprisals from colleagues or superiors. Providing anonymous reporting channels for whistleblowers, such as hotlines or dedicated email accounts, can address these concerns. Anonymity empowers employees to come forward without the fear of their identity being revealed.</p>
<p>Whistleblowers play an important role in identifying and calling out misconduct and harm to consumers and the community.  Research by the Association of Certified Fraud Examiners (ACFE) found that 46% of all frauds were uncovered by whistleblowers i.e. anonymous reporting channels, while only 3% were detected by law enforcement.</p>
<h3>Protect Whistleblowers</h3>
<p>Ensuring the protection of whistleblowers is paramount in creating a culture of fraud reporting. Implementing strict policies against retaliation and taking measures to safeguard the identity of the reporter will encourage more individuals to step forward with crucial information. Whistleblower protection laws may vary by jurisdiction, so organisations should be compliant with the relevant legislation.</p>
<p>In Australia, the Corporations Act 2001 (Corporations Act) gives certain people legal rights and protections as whistleblowers to encourage them to come forward with their concerns and protect them when they do.</p>
<p>Company officers, company auditors, and other senior people within companies have obligations under the Corporations Act if they receive a report from a whistleblower.</p>
<p>Both the ACFE and the Organisation for Economic Co-operation and Development (OECD) recognise the important role of whistleblowers and whistleblower protection in the detection of fraud, bribery and corruption.</p>
<h3>Foster Trust and Open Communication</h3>
<p>Organisations must build trust with their employees to encourage honest and open communication. Creating an environment where employees feel comfortable discussing their concerns or suspicions with supervisors or designated compliance officers is essential. Trust can be built through transparency, responsiveness, and consistent support for ethical behaviour.</p>
<h3>Implement a Comprehensive Fraud Reporting Process</h3>
<p>A well-defined and comprehensive fraud reporting process simplifies the reporting procedure for employees, suppliers and the public. This process should specify the types of fraudulent activities that should be reported, the channels for reporting, and the steps that will be taken to investigate and address reported incidents. Regularly updating employees on the status of reported cases ensures confidence in the system.</p>
<h3>Conduct Regular Audits and Fraud Monitoring</h3>
<p>Frequent internal audits and monitoring mechanisms can help identify potential fraudulent activities proactively. Audits provide an opportunity to assess the effectiveness of the fraud reporting culture and ensure that the organisation is adhering to its code of ethics.</p>
<p>AS 8001:2021 Fraud &amp; Corruption Control standard requires an organisation implement procedures aimed at assessing the effectiveness of internal controls that are specifically designed or intended to mitigate fraud and corruption risks.  Examples of pressure tests include desktop review of case studies, process walk-throughs and data analysis.</p>
<h3>Takeaways</h3>
<p>Creating a culture of fraud reporting is an ongoing effort that requires commitment and dedication from an organisation&#8217;s leadership and employees. By fostering transparency, trust, and open communication, organisations can build a robust framework that encourages employees to report fraud without hesitation. Emphasizing the importance of ethics and providing effective reporting channels and protection for whistleblowers can significantly contribute to detecting and preventing fraudulent activities, safeguarding the organisation&#8217;s reputation and financial health in the long run.</p>
<h3>How we can help</h3>
<p>InConsult is committed to helping organisations better understand the benefits and value of fraud and corruption control.  We have extensive experience in fraud and corruption prevention, cyber security, investigations, crisis management, internal auditing, risk management, probity, business continuity, climate risk management and pandemic planning.</p>
<p>Can we help? Find out more about our <a href="https://inconsult.com.au/services/fraud-financial-crime-prevention/" target="_blank" rel="noopener">fraud and corruption prevention</a> services.  If you would like to know more, <a href="https://www.inconsult.com.au/contact-us/" target="_blank" rel="noopener">contact us</a> to discuss your needs.</p>
<p>#fraud #corruption #control #FCCS #fraudcorruption #as8001 #whistleblowing</p>
<div class='printomatic pom-default ' id='id7445'  data-print_target='body'></div>The post <a href="https://inconsult.com.au/publication/how-to-create-a-culture-of-fraud-reporting/">How to Create a Culture of Fraud Reporting</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Key Changes to AS 8001:2021 Fraud &#038; Corruption Control</title>
		<link>https://inconsult.com.au/publication/key-changes-to-as-80012021-fraud-corruption-control/</link>
		
		<dc:creator><![CDATA[Tony Harb]]></dc:creator>
		<pubDate>Sun, 31 Oct 2021 23:20:58 +0000</pubDate>
				<guid isPermaLink="false">https://inconsult.com.au/?post_type=publication&#038;p=8180</guid>

					<description><![CDATA[<p>The third edition of the Australian Standard AS 8001:2021 &#8211; Fraud &#38; Corruption Control was released in June 2021. This better practice Standard is arguably the benchmark guide for how organisations should manage and mitigate fraud and corruption risks. The first release of AS 8001 was in 2003 after a spate of corporate collapses that included [&#8230;]</p>
The post <a href="https://inconsult.com.au/publication/key-changes-to-as-80012021-fraud-corruption-control/">Key Changes to AS 8001:2021 Fraud & Corruption Control</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></description>
										<content:encoded><![CDATA[<p>The third edition of the <a href="https://store.standards.org.au/product?designationId=AS%208001%3A2021" target="_blank" rel="noopener">Australian Standard AS 8001:2021 &#8211; Fraud &amp; Corruption Control</a> was released in June 2021. This better practice Standard is arguably the benchmark guide for how organisations should manage and mitigate fraud and corruption risks.</p>
<p>The first release of AS 8001 was in 2003 after a spate of corporate collapses that included Enron, WorldCom, One.Tel and <a href="https://inconsult.com.au/publication/lessons-from-the-hih-collapse/" target="_blank" rel="noopener">HIH</a> in the early 2000&#8217;s.  AS 8001 was updated again in 2008, right in the middle of the Global Financial Crisis.  But a lot has happened since then, especially around information technology, and the 2021 refresh of AS 8001 reflects some of these major changes.</p>
<h3>Why is AS 8001 so important?</h3>
<p>Whilst many standards are not legally binding unless they are specifically included in legislation, they are considered better practice guides.</p>
<p>AS 8001 is a very good standard.  It&#8217;s very popular and has a strong following.  This means it is widely used as a reference point by many organisations in the public and private sector to help set the foundations of their fraud and corruption policy and framework.  It is also currently the backbone of other better practice fraud and corruption prevention guidelines.  There are many instances where regulators and government agencies use standards like AS 8001 as a reference point to guide and encourage organisations to adopt them.  For example:</p>
<ul>
<li>the Audit Office of New South Wales’ <a href="https://www.audit.nsw.gov.au/sites/default/files/auditoffice/Governance-and-Policies---Current/Fraud_Control_Improvement_Kit_February_2015%20whole%20kit.pdf-updated%20August2015.pdf" target="_blank" rel="noopener">Fraud Control Improvement Kit</a> closely aligns to AS 8001:2008; and</li>
<li>the Australian Prudential Regulation Authority (APRA) makes reference to AS 8001:2008 in prudential practice guide <a href="https://www.apra.gov.au/sites/default/files/prudential-practice-guide-spg-223-fraud-risk-management-june-2015_0.pdf" target="_blank" rel="noopener">SPG 223 – Fraud Risk Management.</a></li>
</ul>
<p>As many organisations have adopted AS 8001:2008 for fraud &amp; corruption control, they are likely to migrate and adopt the new 2021 edition.  Therefore it is important every organisation reviews the new Standard and makes changes to their policies, plans, systems and processes to realign with the new AS 8001:2021.</p>
<p>A word of warning, the changes are far from &#8216;cosmetic&#8217; and will require a well planned and executed approach.  You will need to involve more stakeholders to realign to the 2021 edition.  Lets look closely at some of these major changes.</p>
<p><img decoding="async" class="wp-image-8223 aligncenter" src="https://inconsult.com.au/wp-content/uploads/2021/11/AS-8001-2021-1.jpg" alt="AS 8001-2021 fraud" width="716" height="565" srcset="https://inconsult.com.au/wp-content/uploads/2021/11/AS-8001-2021-1.jpg 1251w, https://inconsult.com.au/wp-content/uploads/2021/11/AS-8001-2021-1-300x237.jpg 300w, https://inconsult.com.au/wp-content/uploads/2021/11/AS-8001-2021-1-1224x966.jpg 1224w, https://inconsult.com.au/wp-content/uploads/2021/11/AS-8001-2021-1-768x606.jpg 768w" sizes="(max-width: 716px) 100vw, 716px" /></p>
<h3>AS8001 objectives</h3>
<p>So what does the Standard aim to achieve?  The objective of the Standard is to &#8220;…provide minimum requirements and additional guidance for organisations wishing to develop, implement and maintain an effective fraud and corruption control system (FCCS) through initiatives aimed at —</p>
<ul>
<li>preventing fraud and corruption;</li>
<li>detecting fraud and corruption; and</li>
<li>responding to fraud and corruption events that have already occurred.”</li>
</ul>
<p>Clearly, the Standard aims to guide organisations to establish and maintain the minimum requirements for an effective fraud and corruption control system.  Organisations can and should go over and above when the exposure to fraud and corruption risks are greater.  For example, whilst Crown Resorts had many risk, governance and fraud control measures in place, it is clear now that they could have done more to recognise and manage the money laundering risks in their business.</p>
<p><em>Implications: Don&#8217;t assume that compliance or adoption of a standard like AS 8001 will solve all your problems.  The fraud and corruption control system must be aligned to the level and nature of risks in your organisation.</em></p>
<h3>1. More definitions and updated definitions for ‘fraud’ and ’corruption’</h3>
<p>The first change to note is the introduction of <strong>Fraud and Corruption Control System</strong> (FCCS) in place of a Fraud and Corruption Control Plan.   This recognises the fact that fraud and corruption control works within a broader and often integrated system&#8230;not just in a policy or plan.</p>
<p>Secondly, the Standard introduces the term <strong>&#8216;minimum requirements&#8217;</strong> by using the word &#8220;shall&#8221; instead of &#8220;should&#8221; about 90 times in the new Standard.  The word &#8220;shall&#8221; was not used in the 2008 edition.</p>
<p>The new Standard has doubled the number of definitions &#8211; close to 20 new definitions. Also, the definitions of fraud and corruption have been broadened to include conduct that may not be necessarily be illegal or a breach of the criminal law, but can still have negative consequences to the organisation.</p>
<p><em>Implications: When updating your fraud and corruption control system documentation, ensure you cover the entire fraud and corruption control &#8216;system&#8217; in your framework and use &#8216;shall&#8217; in more areas. Also ensure your definitions are in line with the new Standard.</em></p>
<h3>2. More focus on the foundations</h3>
<p>The 2008 version of the Standard started with 4 pages on &#8220;Planning and Resourcing&#8221; before moving onto Prevention – Detection – Response.  In comparison, the new standard strengthens the foundations of the fraud and corruption control system with 13  pages of guidance to help set the foundations.  It also introduces the Governing Body and appointment of an Information Security Management System’ (ISMS) professional.</p>
<p><em>Implications: When updating your fraud and corruption control system documentation, ensure your foundations are in line with the new Standard.  With 13 pages of new guidance, this will be important. Also, there are new roles and responsibilities that will require more consultation with stakeholders and integration into day-to-day fraud and corruption control processes and governance practices.</em></p>
<h3>3. The governing body</h3>
<p>The new Standard introduces the ‘Governing body’ and brings in the Board as a new line as distinct from ‘Top management’. This closely aligns with the Institute of Internal Auditors&#8217; Three Lines Model and ISO&#8217;s &#8216;oversight body&#8217;.</p>
<ul>
<li>The Governing Body has &#8216;ultimate responsibility and authority&#8217; for the organisations activities, governance and policies.</li>
<li>Top management should manage the fraud and corruption risks and have an understanding of their role in combatting fraud and corruption risk and ensure they are in a position to understand the organisations risks so they can inform the Board.</li>
</ul>
<p><em>Implications: When updating your fraud and corruption control system documentation, ensure you clearly define the roles of the Governing Body and Top Management in understanding and managing the risks of fraud and corruption. You may also need to enhance your reports to the Audit and Risk Committee to provide regular updates.</em></p>
<h3>4. Compliance with other standards</h3>
<p>The revised Standard introduces the concept of &#8216;normative references&#8217;, meaning that some other standards issued by the International Organization for Standardization (ISO), International Electrotechnical Commission (IEC), Standards Australia (SA), Auditing and Assurance Standards Board (AASB) and National Institute of Standards and Technology (NIST) must also be complied with in order to fully comply with AS 8001:2021.   The normative references in the new Standard include:</p>
<ol>
<li>AS 4811, Employment screening</li>
<li>AS ISO 31000, Risk management — Guidelines</li>
<li>AS ISO 37001, Anti-bribery management systems — Requirements with guidance for use</li>
<li>AS ISO/IEC 27001, Information technology — Security techniques — Information security management systems — Requirements</li>
<li>ISO/IEC 27037, Information technology — Security techniques — Guidelines for identification, collection, acquisition and preservation of digital evidence</li>
<li>ISO/IEC 27041, Information technology — Security techniques – Guidance on assuring suitability and adequacy of event investigative method</li>
<li>ISO/IEC 27042, Information technology — Security techniques – Guidelines for the analysis and interpretation of digital evidence</li>
<li>ISO/IEC 27043, Information technology — Security techniques &#8211; Incident investigation principles and processes</li>
<li>ASA 240 The Auditor&#8217;s Responsibility Relating to Fraud in An Audit of a Financial Report issued by the Auditing And Assurance Standards Board</li>
<li>NIST SP 800-61 Revision 2, Computer Security Incident Handling Guide</li>
</ol>
<p><em>Implications: We see this as a major challenge for small to medium organisations to fully comply with the new AS 8001:2021. Organisations should still pursue alignment with the new Standard and the normative references but recognise not all areas may be fully compliant. Recognise the standard provides an opportunity for continuous improvement and keep making small and large improvements over several years. </em></p>
<h3>5. Information security</h3>
<p>With increasing dependency on information technology, external vendors and growing importance of cyber security, most of the normative references directly relate to information security and computer security incident handling. This is a major upgrade to the new Standard.</p>
<p>In addition, the new Standard now includes updated guidance in relation to preventing, detecting and responding to external &#8220;cyber-born&#8221; attacks. The definition of &#8216;attack&#8217; is broad and includes any &#8220;attempt to destroy, expose, alter, disable, steal or gain unauthorised access to or make unauthorised use of an asset&#8221;.  The Standard also:</p>
<ul>
<li>requires appointing an Information Security Management System’ (ISMS) professional,</li>
<li>requires organisations to now plan in preventing, detecting and responding to external ‘cyber-born’ attacks,</li>
<li>provides guidance in relation to the capture and analysis of digital evidence, and</li>
<li>introduces the concept of Digital Evidence First Response.</li>
</ul>
<p><em>Implications: There are significant and complex information security processes and practices required to fully comply to the ISO/IEC 27000 series of standards that will be a challenge for many organisations.  We expect organisations to consider information security as part of their fraud and corruption control system documentation, but not always fully comply.  When updating your fraud and corruption control system documentation, ensure you include information and reference to plans and processes in your organisation designed to protect information assets, enhance information security and prevent, detect and respond to cyber attacks.  </em></p>
<h3>6. Harmonise fraud and corruption with Anti-Bribery Management Systems</h3>
<p>AS ISO 37001, Anti-bribery management systems is also a normative reference i.e. organisations must once again comply with AS ISO 37001 to comply with AS 8001:2021.  The new Standard also defines bribery as a form of corruption, introduces the term &#8220;business associate&#8221;  and requires appropriate risk-based screening and management of business associates.</p>
<p><em>Implications: Guidance in respect to anti-bribery is more comprehensive in the new Standard. When updating your fraud and corruption control system documentation, ensure there is alignment between your anti-bribery practices, the new Standard and AS ISO 37001.</em></p>
<h3>7. Whistleblowing</h3>
<p>Research by the Association of Certified Fraud Examiners (ACFE) found that 46% of all frauds were uncovered by whistleblowers, while only 3% were detected by law enforcement. Both the ACFE and the Organisation for Economic Co-operation and Development (OECD) recognise the important role of whistleblowers and whistleblower protection in the detection of fraud, bribery and corruption.</p>
<p>For the private sector, Australian Securities and Investments Commission (ASIC) requires public companies, large proprietary companies, and corporate trustees of APRA-regulated superannuation entities to have a whistleblower policy from 1 January 2020. In the public sector, there has been whistleblowing legislation in place for many years.  For example, in NSW, there is the Independent Commission Against Corruption Act 1988 (&#8220;the ICAC Act&#8221;) and the Public Interest Disclosures Act 1994 (&#8220;the Public Interest Diclosures Act&#8221;).</p>
<p>The new Standard includes better guidance in relation to whistleblower protection and misconduct reporting channels to help align to the proposed new Standard <a href="https://www.iso.org/standard/65035.html" target="_blank" rel="noopener">ISO 37002: 2021 Whistleblowing management systems — Guidelines</a>.</p>
<p><em>Implications: When updating your fraud and corruption control system documentation, ensure there is alignment between your whistleblowing policies, regulatory requirements and the new Standard.</em></p>
<h3>8. Pressure testing fraud and corruption internal controls</h3>
<p>The new Standard requires an organisation implement procedures aimed at assessing the effectiveness of internal controls that are specifically designed or intended to mitigate fraud and corruption risks.  Examples of pressure tests include desktop review of case studies, process walk-throughs and data analysis.</p>
<p><em>Implications: When updating your fraud and corruption control system documentation, ensure you include information about the scope and types of pressure tests to be applied as well as the appropriate governance arrangements and responsibilities.</em></p>
<h3>9. Notifying impacted third-parties about fraud and corruption</h3>
<p>The new Standard requires an organisation to consider the impact of a fraud and corruption event on third-parties.  Third-parties include customers, clients, Government services, law enforcement, community, environment, industry and national security.</p>
<p><em>Implications: When updating your fraud and corruption control system documentation, ensure there is a notification process for impacted third-parties when responding.</em></p>
<h3>10. D<strong>isruption of fraud and corruption</strong></h3>
<p>The Standard also recognises the fact that an investigation may not always uncover all the perpetrators or obtain enough evidence for police, regulators or prosecution. But &#8216;disruption&#8217; of the activity is recognised as an adequate response because they help ensure such activities don&#8217;t continue.</p>
<p><em>Implications: When updating your fraud and corruption control system documentation, ensure disruption is included as part of the response.  Disruption activities can include increase checking and monitoring, improving exception reporting and increasing audit activity.</em></p>
<h3>Takeaways</h3>
<p><em><strong>A cut and paste review and update is not enough:</strong></em> The revised AS 8001:2021 is a welcome change.  It will require organisations to look closely at their entire fraud and corruption control system and update many components to re-align to the 2021 edition.  A simple document edit to find &#8220;2008&#8221; and, do a cut, copy and replace with &#8220;2021&#8221; is not going to cut it&#8230;.excuse the pun!</p>
<p><em><strong>A comprehensive review is required:</strong></em> This presents an opportunity for each organisation to conduct a comprehensive, end-to-end review of their current fraud and corruption control system and several other supporting systems such as information security, whistleblowing, third-parties, business associates, anti-bribery, and risk management to identify shortfalls in policies, plans, responsibilities, processes and practices across the fraud and corruption control ecosystem.</p>
<p><em><strong>The review will take time and consume resources:</strong></em> As the revised AS 8001:2021 spreads its tentacles into other areas through the normative reference, the refresh will take time and require input from several stakeholders &#8211; from the Governing body down.</p>
<p><em><strong>Expect gaps between different frameworks: </strong></em> The revised AS 8001:2021 edition will mean that other better practice toolkits recommended by regulators and government agencies that previously relied on the 2008 edition will need to be updated&#8230;and this may take many months or perhaps years.</p>
<h3>How we can help</h3>
<p>InConsult is committed to helping organisations better understand the benefits and value of fraud and corruption control.  We have extensive experience in fraud and corruption prevention, cyber security, investigations, crisis management, internal auditing, risk management, probity, business continuity, climate risk management and pandemic planning.</p>
<p>Can we help? Find out more about our <a href="https://inconsult.com.au/services/fraud-corruption-prevention/" target="_blank" rel="noopener">fraud and corruption prevention</a> services.  If you would like to know more, <a href="https://inconsult.com.au/contact-us/" target="_blank" rel="noopener noreferrer">contact us</a> to discuss your needs.</p>
<p>#fraud #corruption #control #FCCS #fraudcorruption #as8001</p>
<div class='printomatic pom-default ' id='id7402'  data-print_target='body'></div>The post <a href="https://inconsult.com.au/publication/key-changes-to-as-80012021-fraud-corruption-control/">Key Changes to AS 8001:2021 Fraud & Corruption Control</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Looking Out For The Fraud Red Flags</title>
		<link>https://inconsult.com.au/publication/looking-out-for-the-fraud-red-flags/</link>
		
		<dc:creator><![CDATA[CreativeTeam]]></dc:creator>
		<pubDate>Wed, 02 Oct 2019 03:45:58 +0000</pubDate>
				<guid isPermaLink="false">https://ac861nz9.dreamwp.com/?post_type=publication&#038;p=3963</guid>

					<description><![CDATA[<p>In recent years, there have been a number of instances of fraud and corruption in local government.  Tony Harb and Mitchell Morley, risk management, audit and governance specialists from InConsult identify elements of an effective fraud management program, list some of the fraud red flags to look for and provide an overview of the fraud [&#8230;]</p>
The post <a href="https://inconsult.com.au/publication/looking-out-for-the-fraud-red-flags/">Looking Out For The Fraud Red Flags</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></description>
										<content:encoded><![CDATA[<p><em>In recent years, there have been a number of instances of fraud and corruption in local government.  Tony Harb and Mitchell Morley, risk management, audit and governance specialists from InConsult identify elements of an effective fraud management program, list some of the fraud red flags to look for and provide an overview of the fraud triangle.</em></p>
<h4>Fraud and corruption are alive and well</h4>
<p>In 2007, the NSW Audit Office estimated the potential fraud risk at $2.6B or 2-5% of turnover.</p>
<p>In May 2010, an Independent Commission Against Corruption (ICAC) report concluded that local councils are highly vulnerable to corruption yet did not use adequate risk controls such as audits.</p>
<p>12 months later, ICAC found that a council’s Community Services Manager solicited a payment of $10,000 from a supplier for his own benefit.</p>
<p>In June 2011, ICAC found that a council employee, corruptly exercised his official functions in favour of various business owners within the council area in return for money, gifts, free meals and free visits to massage parlours.</p>
<p>In October 2011, ICAC held a public inquiry to examine an alleged $1.5m fraud concerning councils. Between 2006 and 2008, a NSW council paid invoices for safety mesh totalling 444.55 kilometres, enough to line the Great Western Highway between Bathurst and Sydney both ways&#8230;the problem was that none of the safety mesh was delivered and the invoices were false, part of a corrupt scheme whereby the council was ripped off to the tune of $757,000.</p>
<p>At present, ICAC is investigating allegations that between September 2009 and February 2010, a councillor accepted a cash payment from a developer to secure assistance to expedite approval for a development application lodged for a restaurant/karaoke bar.</p>
<h4>Elements of an effective fraud and corruption management program</h4>
<p>An effective fraud and corruption management program requires five elements working together in harmony to be effective.</p>
<p><strong style="line-height: 25.2000007629395px;">1. Fraud Prevention Policies</strong><span style="line-height: 25.2000007629395px;"> that set the tone of expected behaviour for councillors, staff, suppliers and the community are the foundation of a good fraud management program. Examples include Code of Conduct, Public Interest Disclosure/ Whistle-blower Policy, Complaints/ Grievance Procedures, Gifts and Benefits Policy and Statement of Business Ethics. In line with best practice, a formal Fraud and Corruption Strategy should be developed to reinforce council’s position.</span></p>
<p><strong style="line-height: 25.2000007629395px;">2. Communication and Training</strong><span style="line-height: 25.2000007629395px;"> is essential for ensuring all people are aware of the various policies, structures and responsibilities so council’s position is clear. Regular communication, well written job descriptions and fraud awareness training is required.</span></p>
<p>Good policies are necessary elements, but alone, they’re far from sufficient.</p>
<p>According to the <em>Association of Fraud Examiners</em>, an effective internal audit function, surprise audits, fraud awareness training and whistle-blower hotlines will reduce median fraud losses by half.</p>
<p><strong style="line-height: 25.2000007629395px;">3. Fraud Risk Assessments</strong><span style="line-height: 25.2000007629395px;"> are designed to identify specific fraud risks, their causes and assess level of risk.</span></p>
<p>In these workshops, participants are proactively thinking like fraudsters and developing scenarios to perpetrate the fraud asking how can the controls be over-ridden?</p>
<p><strong style="line-height: 25.2000007629395px;">4. Fraud Control </strong><span style="line-height: 25.2000007629395px;">involves designing and implementing specific fraud risk controls i.e. internal controls that prevent, detect and correct fraud risks.</span></p>
<p>The best organisations monitor and record all incidents of fraud (minor and major) and formally report statistics to the Risk and Audit Committees.</p>
<p>Examples of fraud and corruption performance indicators include:</p>
<ul>
<li>Staff education is tested and X% of staff understand their rights and responsibilities in relation to fraud.</li>
<li>Timeframes for implementation of strategies/controls are met.</li>
<li>Ongoing testing of controls shows that they are effective in preventing fraud.</li>
<li>Allegations are dealt with within agreed timeframes.</li>
<li>Investigations are undertaken in line with standards, including timeframes.</li>
<li>Results of investigations and remedies are disseminated to act as a deterrent.</li>
</ul>
<p><strong>5. Fraud Response Plan</strong> establishes clear escalation lines, investigation protocols, external reporting measures and remedies. Remedies sought may include:</p>
<ul>
<li>Recovery action</li>
<li>Transfer to another area</li>
<li><span style="line-height: 25.2000007629395px;">Loss of privileges</span></li>
<li>Greater scrutiny/increased controls</li>
</ul>
<h4>The Fraud Triangle</h4>
<p>One of the most popular hypotheses to explain why people commit fraud is the “Fraud Triangle” developed by criminologist Donald R. Cressey in the 1950s.</p>
<p>The Fraud Triangle consists of three conditions generally present when fraud occurs: Opportunity, Pressure, and Rationalisation.</p>
<p>Over the years, input from forensic experts and academics consistently shows that evaluation of information about fraud is enhanced when auditors and fraud experts evaluate fraud in the context of these three conditions.</p>
<p><strong>Opportunity</strong> is the ability to commit fraud. Because fraudsters don’t wish to be caught, they must firstly believe that their activities will not be detected.</p>
<p>Opportunity is created by weak internal controls, poor management oversight, and/or through use of one’s position and authority. Failure to establish adequate systems and procedures to detect fraudulent activity increases the opportunities for fraud and corruption.</p>
<p>Opportunity is the element over which councils have the most control. Limiting opportunities for fraud is one way every council can reduce it.  Red flags that can increase opportunity include:</p>
<ul>
<li>Management environment – lax style and attitude.</li>
<li>Unsupported transactions.</li>
<li>Undue secrecy.</li>
<li>Employee relationships.</li>
<li>Related party arrangements.</li>
<li>Too much trust placed on too few employees.</li>
<li>Weak security checks for employees.</li>
</ul>
<p><strong>Pressure</strong>, motivation or incentive is another piece of the fraud triangle.  It is the pressure or a “need” felt by the person who commits fraud. Red flags that could motivate individuals to commit fraud include:</p>
<ul>
<li>Addictions to gambling and/or drugs.</li>
<li>Desire for material goods but not the means to get them.</li>
<li>Living beyond ones means.</li>
<li>Significant losses from speculative investments.</li>
<li>High personal debt.</li>
<li>High medical bills or debts.</li>
</ul>
<p><strong>Rationalisation </strong>involves a person convincing themselves that the fraud is OK.  This is the hardest fraud condition to understand and determine.</p>
<p>Common rationalisations include:</p>
<ul>
<li>Just “borrowing” money and will pay it back one day.</li>
<li>Making up for being underpaid.</li>
<li>Replacing a bonus that was deserved but not received.</li>
<li>Council doesn’t need the money or won’t miss the assets.</li>
</ul>
<p>Remember, fraudsters are generally trusted, respected, normal people.</p>
<p>In a recent <em>PwC Global Economic Survey</em>, it was found that 71% of public sector fraud was committed due to pressure, 15% because more opportunities were present and 12% could rationalise the fraud.</p>
<p>For people who are generally dishonest, it is often easier to rationalize a fraud. For people with higher moral standards, it is probably not so easy…and it is the combination of policies, procedures, training and communication that help raise peoples’ moral standards and set expectations.</p>
<p>A fraud and corruption management framework should be ongoing, dynamic and reflect council’s environment and activities otherwise it will be seen as useless.  In a recent ICAC hearing it was reported that a council’s fraud check was like “using a rubber band to drive a Mercedes”…i.e. totally inadequate!</p>
<div class='printomatic pom-default ' id='id3626'  data-print_target='body'></div>The post <a href="https://inconsult.com.au/publication/looking-out-for-the-fraud-red-flags/">Looking Out For The Fraud Red Flags</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Whistleblower policies: what you need to know</title>
		<link>https://inconsult.com.au/publication/whistleblower-policies-what-you-need-to-know/</link>
		
		<dc:creator><![CDATA[CreativeTeam]]></dc:creator>
		<pubDate>Wed, 02 Oct 2019 02:32:22 +0000</pubDate>
				<guid isPermaLink="false">https://ac861nz9.dreamwp.com/?post_type=publication&#038;p=3889</guid>

					<description><![CDATA[<p>For all public sector organisations, a whistleblower policy is nothing new.  However, the new Whistleblower Bill requires all public companies and large proprietary companies to have a Whistleblower Policy in place. These reforms aim to help protect those who &#8220;blow the whistle&#8221; or make disclosures about corporate, financial or tax misconduct. For most organisations impacted, [&#8230;]</p>
The post <a href="https://inconsult.com.au/publication/whistleblower-policies-what-you-need-to-know/">Whistleblower policies: what you need to know</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></description>
										<content:encoded><![CDATA[<p>For all public sector organisations, a whistleblower policy is nothing new.  However, the new Whistleblower Bill requires all public companies and large proprietary companies to have a Whistleblower Policy in place. These reforms aim to help protect those who &#8220;blow the whistle&#8221; or make disclosures about corporate, financial or tax misconduct. For most organisations impacted, the changes will take effect from 1 July 2019. Large proprietary companies must have a whistleblower policy, no later than six months after a proprietary company first becomes a large proprietary company. The transitional provisions give a further six month period for the whistleblower policy to be in place (so if the legislation commences 1 July 2019, the policy must be in place by 1 January 2020). A Whistleblower Policy must contain information about:</p>
<ul>
<li>The protections available to whistleblowers, including the protections available under the legislation;</li>
<li>The person/organisations to whom protected disclosures may be made, and how they can be made;</li>
<li>How the company will support whistleblowers and protect them from detriment;</li>
<li>How the company will investigate protected disclosures;</li>
<li>How the company will ensure fair treatment of employees of the company who are mentioned in protected disclosures, or to whom such disclosures relate;</li>
<li>How the policy is to be made available to officers and employees of the company; and</li>
<li>Any other matters prescribed by the regulations.</li>
</ul>
<h4>Compliance challenges</h4>
<p>The changes will present some challenges, these include:</p>
<ol start="1">
<li>Appointing internal resources who receive and investigate protected disclosures;</li>
<li>Employers need to evaluate if current processes for handling such information are appropriate or need enhancing;</li>
<li>Additional training / awareness/ communications will be required for all staff to ensure they know how to identify a whistleblower report and what to do if they receive one;</li>
<li>Employers need to &#8216;have-ready&#8217; the services of an appropriate conduct investigator should the need arises; and</li>
<li>Organisations operating in multiple jurisdictions should consider whether a ‘one size fits all’ approach is appropriate, given there are differences between the whistleblower protection laws in various jurisdictions.</li>
</ol>
<h4>Consequences of contravention</h4>
<p>Failure to comply with the new requirements is a criminal offence and significant penalties for corporations (and individuals) rising from contraventions of the legislation.</p>
<h4>The Bottom line</h4>
<p>Public companies and large proprietary companies will need to comply to the new Whistleblower Bill , but all employers are encouraged to have a compliant Whistleblower Policy in place and consider some form of training to all staff.</p>
<div class='printomatic pom-default ' id='id1314'  data-print_target='body'></div>The post <a href="https://inconsult.com.au/publication/whistleblower-policies-what-you-need-to-know/">Whistleblower policies: what you need to know</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></content:encoded>
					
		
		
			</item>
	</channel>
</rss>
