The attitudes within your organization lay the foundation for a high or low fraud risk environment. Where minor unethical practices may be overlooked, larger frauds may also be treated in a similar lenient fashion. In such an environment there may be a risk of total collapse of your organization either through a single catastrophic fraud or through the combined weight of many smaller frauds. A sound ethical culture and sound internal control systems are essential key components of a fraud prevention strategy.
A sound ethical culture
A sound ethical culture is an essential element of anti-fraud strategy. To establish a sound ethical culture, DSFIO supports your organization with the following key actions:
a) A mission statement that refers to quality, ethics and how the organisation wishes to be seen externally.
b) Clear policy statements on business ethics and anti-fraud, with explanations about acceptable behaviour in risk prone circumstances.
c) A route through which suspected fraud can be reported.
d) A process of reminders about ethical and fraud policies.
e) An aggressive risk-based audit process.
f) Management which is seen to be committed through its actions.
A code of ethics or an anti-fraud policy is not sufficient to prevent fraud activities. Ethical behaviour needs to be embedded within the culture of your organisation. Commitment from the senior management of your organization and ‘tone at the top’ is the key. Employees are more likely to do what they see their senior management doing than follow an ethics policy. It is essential that management does not apply double standards.
In addition to encouraging senior management to set ethical examples by their actions, your organization should ensure that senior management is committed to controlling the risks of fraud. Senior managers should be assigned with responsibility for fraud prevention as this sends a message to your employees that your organisation is serious about fraud and ensures that tackling fraud will be handled at a senior level. Adherence to policies and codes should be regularly monitored and policed by appropriate staff within your organisation, such as management and/or internal audit. These documents should also be regularly reviewed and revised.
Sound Internal Control Systems
Sound Internal Control Systems are even essential elements of anti-fraud strategy. This kind of Internal Control comprises all those policies and procedures that, taken together, support your organization’s effective and efficient operation. It deals with factors such as approval and authorisation processes, access restrictions and transaction controls, account reconciliations, pre-employment screening and physical security. The internal procedures often include the division of responsibilities as well as checks and balances to reduce risk.
The internal control system should be embedded within the culture and operations of your organization. It should also be consistent with the nature and size of your organisation.