In recent years, there have been a number of instances of fraud and corruption in local government. Tony Harb and Mitchell Morley, risk management, audit and governance specialists from InConsult identify elements of an effective fraud management program, list some of the fraud red flags to look for and provide an overview of the fraud triangle.
Fraud and corruption are alive and well
In 2007, the NSW Audit Office estimated the potential fraud risk at $2.6B or 2-5% of turnover.
In May 2010, an Independent Commission Against Corruption (ICAC) report concluded that local councils are highly vulnerable to corruption yet did not use adequate risk controls such as audits.
12 months later, ICAC found that a council’s Community Services Manager solicited a payment of $10,000 from a supplier for his own benefit.
In June 2011, ICAC found that a council employee, corruptly exercised his official functions in favour of various business owners within the council area in return for money, gifts, free meals and free visits to massage parlours.
In October 2011, ICAC held a public inquiry to examine an alleged $1.5m fraud concerning councils. Between 2006 and 2008, a NSW council paid invoices for safety mesh totalling 444.55 kilometres, enough to line the Great Western Highway between Bathurst and Sydney both ways…the problem was that none of the safety mesh was delivered and the invoices were false, part of a corrupt scheme whereby the council was ripped off to the tune of $757,000.
At present, ICAC is investigating allegations that between September 2009 and February 2010, a councillor accepted a cash payment from a developer to secure assistance to expedite approval for a development application lodged for a restaurant/karaoke bar.
Elements of an effective fraud and corruption management program
An effective fraud and corruption management program requires five elements working together in harmony to be effective.
1. Fraud Prevention Policies that set the tone of expected behaviour for councillors, staff, suppliers and the community are the foundation of a good fraud management program. Examples include Code of Conduct, Public Interest Disclosure/ Whistle-blower Policy, Complaints/ Grievance Procedures, Gifts and Benefits Policy and Statement of Business Ethics. In line with best practice, a formal Fraud and Corruption Strategy should be developed to reinforce council’s position.
2. Communication and Training is essential for ensuring all people are aware of the various policies, structures and responsibilities so council’s position is clear. Regular communication, well written job descriptions and fraud awareness training is required.
Good policies are necessary elements, but alone, they’re far from sufficient.
According to the Association of Fraud Examiners, an effective internal audit function, surprise audits, fraud awareness training and whistle-blower hotlines will reduce median fraud losses by half.
3. Fraud Risk Assessments are designed to identify specific fraud risks, their causes and assess level of risk.
In these workshops, participants are proactively thinking like fraudsters and developing scenarios to perpetrate the fraud asking how can the controls be over-ridden?
4. Fraud Control involves designing and implementing specific fraud risk controls i.e. internal controls that prevent, detect and correct fraud risks.
The best organisations monitor and record all incidents of fraud (minor and major) and formally report statistics to the Risk and Audit Committees.
Examples of fraud and corruption performance indicators include:
- Staff education is tested and X% of staff understand their rights and responsibilities in relation to fraud.
- Timeframes for implementation of strategies/controls are met.
- Ongoing testing of controls shows that they are effective in preventing fraud.
- Allegations are dealt with within agreed timeframes.
- Investigations are undertaken in line with standards, including timeframes.
- Results of investigations and remedies are disseminated to act as a deterrent.
5. Fraud Response Plan establishes clear escalation lines, investigation protocols, external reporting measures and remedies. Remedies sought may include:
- Recovery action
- Transfer to another area
- Loss of privileges
- Greater scrutiny/increased controls
The Fraud Triangle
One of the most popular hypotheses to explain why people commit fraud is the “Fraud Triangle” developed by criminologist Donald R. Cressey in the 1950s.
The Fraud Triangle consists of three conditions generally present when fraud occurs: Opportunity, Pressure, and Rationalisation.
Over the years, input from forensic experts and academics consistently shows that evaluation of information about fraud is enhanced when auditors and fraud experts evaluate fraud in the context of these three conditions.
Opportunity is the ability to commit fraud. Because fraudsters don’t wish to be caught, they must firstly believe that their activities will not be detected.
Opportunity is created by weak internal controls, poor management oversight, and/or through use of one’s position and authority. Failure to establish adequate systems and procedures to detect fraudulent activity increases the opportunities for fraud and corruption.
Opportunity is the element over which councils have the most control. Limiting opportunities for fraud is one way every council can reduce it. Red flags that can increase opportunity include:
- Management environment – lax style and attitude.
- Unsupported transactions.
- Undue secrecy.
- Employee relationships.
- Related party arrangements.
- Too much trust placed on too few employees.
- Weak security checks for employees.
Pressure, motivation or incentive is another piece of the fraud triangle. It is the pressure or a “need” felt by the person who commits fraud. Red flags that could motivate individuals to commit fraud include:
- Addictions to gambling and/or drugs.
- Desire for material goods but not the means to get them.
- Living beyond ones means.
- Significant losses from speculative investments.
- High personal debt.
- High medical bills or debts.
Rationalisation involves a person convincing themselves that the fraud is OK. This is the hardest fraud condition to understand and determine.
Common rationalisations include:
- Just “borrowing” money and will pay it back one day.
- Making up for being underpaid.
- Replacing a bonus that was deserved but not received.
- Council doesn’t need the money or won’t miss the assets.
Remember, fraudsters are generally trusted, respected, normal people.
In a recent PwC Global Economic Survey, it was found that 71% of public sector fraud was committed due to pressure, 15% because more opportunities were present and 12% could rationalise the fraud.
For people who are generally dishonest, it is often easier to rationalize a fraud. For people with higher moral standards, it is probably not so easy…and it is the combination of policies, procedures, training and communication that help raise peoples’ moral standards and set expectations.
A fraud and corruption management framework should be ongoing, dynamic and reflect council’s environment and activities otherwise it will be seen as useless. In a recent ICAC hearing it was reported that a council’s fraud check was like “using a rubber band to drive a Mercedes”…i.e. totally inadequate!