Part 2: Detailed results for these entities
Preventing fraud
Having the right framework to prevent fraud means having a code of conduct and policies about fraud, protected disclosures, receiving gifts, and using credit cards. It means making it safe and easy for staff to talk about fraud and raise any concerns or suspicions. It also means having fraud controls that are reviewed regularly, carrying out due diligence checks of suppliers, doing pre-employment screening, and providing staff with fraud awareness training.
Code of conduct and policies
Most respondents said that their entities had a fraud policy.
The affirmative response rates about fraud policies, for most of these entities, were higher than the average for both the central government sector (83%) and the public sector overall (79%). The percentages dropped when respondents were asked whether these policies were regularly communicated. For example, only 56% of independent Crown entity respondents had received communication on their fraud policy.
For small entities, a specific fraud policy may seem excessive – what is most important is that clear guidance is accessible and understood by all staff.
More respondents also said that their entity had a code of conduct:
- autonomous Crown entities, 100%;
- central government – other, 94%;
- Crown agents or companies, 97%;
- Crown research institutes, 92%; and
- independent Crown entities, 86%.
Respondents varied more in their answers about whether their entity had a protected disclosures policy. Crown research institutes and autonomous Crown entities (both with 87%) had the highest response rate. Central government – other and independent Crown entities (both with 62%) had the lowest. Crown agents or companies also had a result higher (76%) than the central government sector (75%) and the overall public sector (71%).
Most respondents said that their entity had a clear policy on accepting gifts or services:
- autonomous Crown entities, 98%;
- central government – other, 78%;
- Crown agents or companies, 97%;
- Crown research institutes, 87%; and
- independent Crown entities, 95%.
These results were markedly higher than the overall public sector response of 71%. However, this question in the survey still generated significantly more "free text" responses than any other question. It was clear to us that many respondents have unanswered questions, regardless of the clarity of their policy. In our view, the most important matter is the conflict of interest risk – staff from these entities should always decline a gift if accepting it could influence, or be seen as influencing, their decision-making. And gifts need to be recorded in a gifts register.
Clear and consistent policies, and messages about those policies, can prevent inappropriate behaviour, provide guidance to all staff, and ensure that everyone understands their role in, and responsibility for, preventing fraud.
Clear roles and responsibilities
Although the culture modelled by the leaders of an entity is critical, preventing fraud is not the responsibility of any one person. Autonomous Crown entities (80%) had the highest affirmative response rate for the question about other employees understanding their responsibilities for preventing and detecting fraud.
In our view, all employees need to understand their roles and responsibilities so that a culture receptive to discussing fraud can be supported and maintained.
Respondents from all levels in these entities (from the chief executive through to operational and administration staff) felt confident that managers understood their roles and responsibilities for preventing and detecting fraud. Senior managers understood well the importance of building an anti-fraud culture and regularly communicating with staff about incidents. However, only 22% to 42% of respondents said that managers told staff about incidents of fraud.
Environment receptive to conversations about fraud
Most respondents worked in an environment where staff were encouraged to come forward if they see or suspect fraud:
- autonomous Crown entities, 91%;
- central government – other, 89%;
- Crown agents or companies, 90%;
- Crown research institutes, 92%; and
- independent Crown entities, 84%.
Almost all said that they could do so knowing that their concerns would be taken seriously and without fear of retaliation:
- autonomous Crown entities, 98%;
- central government – other, 100%;
- Crown agents or companies, 98%;
- Crown research institutes, 97%; and
- independent Crown entities, 97%.
The percentages of respondents answering "Yes" to this question were higher than the central government sector (95%) and the public sector overall (95%).
Most respondents (93% to 79%) said their entity took a proactive approach to preventing and detecting fraud. These results were higher than the percentages for the central government sector (77%) and the public sector overall (77%).
Fraud controls
Fraud most commonly occurs when controls are inadequate and when staff do not comply with policies and procedures. Although entities should be able to trust their employees to do the right thing, having trusted employees is not a fraud control. The likelihood of being discovered is often a strong deterrent for those contemplating wrongdoing, so internal controls and culture play a critical role in preventing and detecting fraud.
The pace of change in many work environments means that the process of ensuring that fraud controls align with the business should be an ongoing exercise.
Most respondents said that their entity regularly reviews its fraud controls:
- autonomous Crown entities, 80%;
- central government – other, 78%;
- Crown agents or companies, 78%;
- Crown research institutes, 79%; and
- independent Crown entities, 68%.
Those entities that do not regularly review their fraud controls could have fraud controls that are no longer effective, because systems and processes change over time. To work effectively, fraud controls need to be reviewed annually or every two years.
Due diligence checks and pre-employment screening
Many frauds occur through the use of fake suppliers and suppliers with a close personal relationship with an employee. Carrying out due diligence checks can help to mitigate the risk that suppliers can pose. Some examples of due diligence checks are:
- removing unused suppliers from the system;
- requesting references or credit checks; and
- regularly monitoring the changes to supplier details.
The percentage of respondents who said that due diligence checks were carried out was generally lower than the result for the wider central government sector (51%) and the whole public sector (48%).
In our view, all public entities should be carrying out due diligence checks on new suppliers.
Most often, it is trusted employees who commit fraud. Trusting employees is important, but to trust without first ensuring that it is appropriate to do so exposes entities to unnecessary risk.
The percentage of respondents who said that new employees undergo pre-employment screening that includes a criminal history check was also lower than the result for the wider central government sector (62%) and the whole public sector (71%).
Fraud awareness training
Even the most diligent employees might not identify a fraud if they have not had training. Knowing where to look and what to look for can be difficult. Only 30% of Crown agent or company respondents and 11% of independent Crown entity respondents had received fraud awareness training at their current workplace. For 27% of those who had received some training, the training occurred more than two years ago.
By combining due diligence checks with awareness training and internal controls, any entity can foster a strong anti-fraud culture. Raising awareness of fraud helps build a culture that is receptive to fraud conversations and encourages employees to come forward if they suspect anything.
Greater risk during tougher economic times
We note that 69% of all respondents did not feel that their entity had a change in risk because of the current economic climate. Experience internationally generally confirms that recessionary economic climates – when staff feel less secure in their employment and increasingly under pressure – present a greater fraud risk. Fraud increases because of "need" rather than "greed".
Questions 1 to 15 in Appendix 1 set out the survey response data about fraud prevention.
Detecting fraud
Responding to risks
Survey participants were asked whether their entity takes proactive steps to reduce any risks when fraud or corruption risks are raised. The percentage of "Yes" responses was higher among respondents in these entities than wider central government respondents (94%) and all public sector respondents (87%).
Monitoring credit card spending
Almost all respondents said that their organisation was closely monitoring credit card spending. Again, the rate of "Yes" responses was higher than it was for other central government respondents (94%) and all public sector respondents (90%).
Monitoring staff expenses
Almost all respondents were also certain their organisation closely monitored staff expenses. The rate of "Yes" responses was again higher than the rate of 97% for other central government respondents and for all public sector respondents:
- autonomous Crown entities, 98%;
- central government – other, 100%;
- Crown agents or companies, 99%;
- Crown research institutes, 97%; and
- independent Crown entities, 97%.
Questions 16 to 22 in Appendix 1 set out the survey response data about fraud detection.
Responding to fraud
Telling staff about incidents of fraud
Overall, about a third of respondents said that their senior managers told all staff about incidents of fraud.
Communicating with staff is vital in raising awareness about fraud. Greater awareness makes it easier for staff to be vigilant, can confirm the organisation's "zero tolerance" approach to fraud, and helps to maintain an environment where it is easy for staff to speak up about risks and raise any concerns.
Referring suspected fraud to the appropriate authorities
Most respondents (ranging from 71% to 91%) expected that suspected fraud would be reported to the appropriate authorities. In reality, less than half of the most recent incidents of fraud were reported to the appropriate authorities.
We know that many entities are reluctant to bring criminal charges against their employees, because of materiality – but also because of the time and costs of preparing a case, resolving matters in the courts, and a perception that fraud is a low priority for the Police.
However, all public sector entities are expected to consider reporting fraud to the appropriate authorities. We encourage all Crown entities and central government – other entities to do this.
Any decision made not to report or respond to fraud can erode staff confidence in the senior management team. It can create a perception that managers are not committed enough to preventing fraud and discourage staff from reporting their concerns. Taking no action also increases the risk that an employee suspected of committing fraud could move to another public entity and continue their dishonest behaviour.
Credit card and expense claim fraud
Respondents were confident that their entity would take inappropriate credit card spending seriously and discipline the person involved. The affirmative response rates were about the same as or higher than those of respondents in the wider central government sector (86%) and the public sector overall (83%).
There were similar responses to the question about whether inappropriate expense claims were taken seriously and resulted in disciplinary action. The affirmative response rates were close to the 86% response rate of those in the wider central government sector and the public sector overall.
Most respondents were confident that their entity would take all reasonable action to recover any money lost through fraud (affirmative responses ranged from 92% to 98%). These results were higher than the percentages for the central government sector (91%) and similar to the findings for the public sector overall (93%).
A clear process to recover funds shows the seriousness with which fraud is taken. In our view, chief executives and senior managers for these entities are doing well in sending clear messages that they will seek to recover any misappropriated funds.
Questions 23 to 31 in Appendix 1 set out the survey response data about fraud responses.
page top