What is an integrated fraud control strategy, what are the implementation challenges Public Sector Anti-Corruption Conference 25 October 2007 Peter Achterstraat Auditor-General of NSW
What is Fraud An intentional act involving the use of deception to obtain an unjust or illegal advantage Australian Auditing and Assurance Standards Board (AuASB) The use of one s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organisation s resources or assets The Association of Certified Fraud Examiners, USA
Potential Impact of Fraud Estimated 2 5% of turnover For the NSW public sector, potential fraud risk is $2.6 billion annually, or about $400 per person in NSW
Potential Impact of Fraud - cont $1.7 million per company asset misappropriation, false pretences and counterfeiting PWC Global Economies Crime Survey 2005 Not just financial reputation, staff morale and stakeholders relationships
Role of the Audit Office Fraud Primary focus opinion on financial report Fraud obligations ASA 240 Restricted to: fraud risks that materially effect financial reports advising management of material fraud risks testing material fraud risks Maintain an attitude of professional scepticism Seek written confirmation from management on adequacy of fraud control and any frauds Agency management responsible for fraud prevention, detection and investigation
Audit Office Performance Audits Performance audits - Review effectiveness, efficiency, economy and compliance with law Performance audits on fraud Fraud Control performance audits - 1993, 1998, 2005 Better Practice Guide 1994 updated 2005 Fraud Control Improvement Kit - 1996
What is required of NSW Government Agencies 1990 Premier s Department NSW public sector agencies to have formal fraud control strategy 1994 Audit Office Fraud Control guide endorsed by Premier s
Management Responsibility Integrated Fraud Control Attributes Prevention 1. Integrated macro policy 2. Responsibility structures 3. Fraud risk assessment 4. Employee awareness 5. Customer and community awareness Detection 6. Notification systems 7. Detection systems 8. External notification systems Investigation 9. Investigation systems 10.Conduct and disciplinary systems NSW Audit Office 2005 better practice guide
Audit Office Fraud Control Improvement Kit - 2006 Help with two main problems: Achieve effective fraud control in all work areas all 10 attributes Maintain long-term staff awareness of fraud control Two tools: Fraud Control Health Check Fraud Control Improvement Workshop
Audit Office Fraud Control Improvement Kit cont Health Check Questionnaire Please put a tick in the most appropriate box Strongly Disagree Disagree Agree Strongly Agree 1. Our fraud control policies and procedures tell us how to deal effectively w ith the fraud risks w e face 2. Most staff in m y work area are aware of their responsibilities for m inim ising fraud in our w orkplace 3. The functions of m y w ork area are regularly assessed to identify and address the fraud risks we face 4. O ur organisation conducts regular training in fraud control 5. I am confident that our custom ers/clients, suppliers and contractors would understand that our organisation w ill n ot accep t fraud u len t dealings/transactions 6. Staff are encouraged to report alleged fraud or corruption in m y organisation 7. I am confident that m y organisation system atically makes efforts to detect fraud and corruption 8. I am confident that m y organisation w ould report fraud and corruption to external organisations (eg. ICAC, Police) where it was required to do so 9. I am confident that internal investigations of alleged fraud and corruption would be carried out to high standards in m y organisation 10. M ost staff in m y w ork area understand that staff w ill be disciplined for fraudulent or corrupt behaviour, and for breaches of our code of conduct/ethics
Audit Office Fraud Control Improvement Kit cont Health Check Report Fraud Control Attribute Overall Results for Individual Fraud Control Attributes Results for Individual Work Areas Work Area 1 Work Area 2 Work Area 3 Work Area 4 1. Fraud Control Policy green green green green orange 2. Responsibility Structures green green green green green 3. Fraud Risk Assessment orange green orange green red 4. Employee Awareness red orange red red red 5. Customer & Community Awareness orange green green orange red 6. Notification Systems orange green orange green red 7. Detection Systems green orange green green green 8. External Notification Systems red green red orange red 9. Investigation Systems green green green green orange 10. Conduct & Disciplinary Systems green green green green green Overall Work Area Results green orange orange red Key Good performance green Action required orange Urgent action required red
Audit Office Fraud Control Improvement Kit cont Improvement Workshop Template for each fraud control attribute includes: Just so you know Signs of success Previous fraud control performance improvement initiatives Rating current performance Determining future actions
Audit Office Fraud Control Improvement Kit cont Sample of workshop template Attribute 3 Fraud Risk Assessment Just so you know This is attribute No. 3 (of 10) in your organisation s fraud control strategy. It is one of a number of elements that contribute to establishing a fraud control environment for the organisation. This specific attribute would be working well if: your organisation undertakes regular assessments of its fraud risks fraud risk assessment quantifies the level, nature and form of the fraud risks to be managed your organisation takes actions to mitigate issues identified in the fraud risk assessment. Signs of success? Please consider your own views about the following points. People in different roles and at different levels may have different knowledge and different views about these matters that is fine. Just say what you think, based on what you know has your organisation assessed its fraud risks? has fraud risk been assessed within the past 2-3 years? have fraud risks been formally identified at your work area? have fraud controls been discussed at your work area?
NSW Public Sector Fraud Control Audit Office Report 2005 Public Sector Fraud Control Strategies 1993 Audit Results 2004 Audit Results Ineffective 25% Highly Effective 20% Partly Effective 16% Generally Ineffective 6% Ineffective 2% Highly Effective 13% Generally Ineffective 10% Partly Effective 15% Fairly Effective 17% Effective 13% Fairly Effective 26% Effective 37% Improving still a long way to go
NSW Public Sector Fraud Control Audit Office Report 2005 - cont Only 50 per cent of NSW agencies have effective or highly effective fraud control strategies more than 15 years after Premier s Department requirement Universities had more generally ineffective strategies Budget sector better than non-budget sector
NSW Public Sector Fraud Control Audit Office Report 2005 - cont Public sector better at: Protected Disclosure part of attribute 6 (notification) External Reporting - attribute 8 (external notification systems) Consolidating and harmonising relevant agency policies attribute 1 (integrated macro policy) Defining organisational arrangements and responsibilities attribute 2 (responsibility structures)
NSW Public Sector Fraud Control Audit Office Report 2005 - cont Public sector is not performing well with: Customer and community awareness attribute 5 Employee awareness attribute 4 Fraud risk assessment attribute 3 Investigation standards attribute 9
Current and Emerging Issues in Implementing Effective Fraud Control Poor Risk Assessment Practices Ethical Behaviours in the Workplace Appropriate Training for All Staff Organisational Change Commitment of Senior Management Technological Change Short Cuts in Decision Making Quality and Quantity of Audits
Role of Audit Committees Review the adequacy of processes supporting an agency s fraud control Everyone has responsibilities
Standards for Fraud Control Corporate governance standards A core set of governance principles (features) (AS 8000) Fraud control and corruption prevention (AS 8001) Codes of conduct (AS 8002) Corporate social responsibility (AS 8003) Whistleblower systems (AS 8004)
THANK YOU