Part 2: Detailed results for government departments
Preventing fraud
Setting the right tone with clear and consistent messages
Policies, and management's communication of policies, can set the "tone at the top". It is important that messages from managers about fraud – including the policies – are clear and consistent.
Clear and consistent messages can prevent inappropriate behaviour, provide guidance to all staff, and ensure that everyone understands their role in, and responsibility for, preventing fraud.
The survey results confirm that many government departments have mature and connected policies and approaches to mitigating the risk of fraud. Government departments continue to provide good frameworks through their fraud policies (79%) and a code of conduct (98%).
Policies and guidance are a positive start to building a culture of fraud prevention – but they can be effective only if staff know about them. Most senior managers (79%) and chief executives (84%) were aware of policies and guidance, but fewer operational staff (68%) were aware of them.
Only 50% of the government department respondents said that they received regular communication about their fraud policy. This percentage was lower than that of central government respondents (63%) and all public sector respondents (64%). Interestingly, 71% of the government department respondents said that their Code of Conduct was communicated regularly – a result similar to that for central government and all of public sector respondents.
For small entities, a specific fraud policy may seem excessive – what is most important is that clear guidance is accessible and understood by all staff.
Clear roles and responsibilities
Although the culture modelled by the leaders of an entity is critical, preventing fraud is not the responsibility of any one person. Only 71% of government department respondents said they understood their responsibilities and would know if they discovered fraud. In our view, all employees need to understand their roles and responsibilities so that a culture receptive to discussing fraud can be supported and maintained.
Respondents from all levels in government departments (from the chief executive through to operational and administration staff) felt confident that managers understood their roles and responsibilities for preventing and detecting fraud. Senior managers understood well the importance of building an anti-fraud culture and regularly communicating with staff about incidents – but only 22% of respondents said that managers told staff about incidents of fraud.
Due diligence checks
Most often, it is trusted employees who commit fraud. Government departments need to safeguard themselves against this risk. Most departments carry out pre-employment screening but 53% of the respondents said either that their department does not carry out these checks or that they were unaware whether the checks were carried out. Trusting employees is important, but to trust without first ensuring that it is appropriate to do so exposes departments to unnecessary risk.
Even the most diligent employees might not identify a fraud if they have not had training. Knowing where to look and what to look for can be difficult. Most respondents (73%) had not received any fraud awareness training at their current organisation. For more than a quarter of the respondents who had received training, it was more than two years ago.
Many frauds occur through the use of fake suppliers and suppliers with a close personal relationship with an employee. Carrying out due diligence checks can help to mitigate the risk that suppliers can pose. Some examples of due diligence checks are:
- removing unused suppliers from the system;
- requesting references or credit checks; and
- regularly monitoring the changes to supplier details.
Only 46% of respondents were certain that their government department was completing checks like this. More than half of the operational staff who responded did not know whether these sorts of checks occurred in their entity. A further 41% did not know whether their government department carried out due diligence checks on new suppliers.
Although operational staff should be carrying out these checks, they were less aware than senior management and chief executives of the checks and their purpose.
When combining due diligence checks with awareness training and internal controls, any entity can foster a strong anti-fraud culture. Raising awareness of fraud helps build a culture that is receptive to conversations about fraud and encourages employees to come forward if they suspect anything.
Almost all government department respondents (97%) said that their entity had a clear policy on accepting gifts or services. However, this question in the survey still generated significantly more "free text" responses than any other question. It was clear to us that many respondents have unanswered questions, regardless of the clarity of their department's policy. In our view, the most important matter is the conflict of interest risk – government department staff should always decline a gift if accepting it could influence, or be seen as influencing, their decision-making. And gifts need to be recorded in a gifts register.
Greater risk during tougher economic times
We note that 69% of respondents did not feel that their entity had a change in risk because of the current economic climate. Experience internationally generally confirms that recessionary economic climates – when staff feel less secure in their employment and increasingly under pressure – present a greater fraud risk. Fraud increases because of "need" rather than "greed".
At the time of our survey, government department employees felt relatively secure in their jobs (90%), but had one of the lowest rates of the central government entities. The number of government department employees who felt that they were required to achieve higher targets with fewer resources was significantly higher than average (81%, compared with 73% for the wider central government sector and 66% for all public entities).
Questions 1 to 15 in Appendix 1 set out the survey response data about fraud prevention.
Detecting fraud
Regularly reviewing fraud controls
Fraud most commonly occurs when controls are inadequate and when staff do not comply with policies and procedures. Although entities should be able to trust their employees to do the right thing, having trusted employees is not a fraud control. The likelihood of being discovered is often a strong deterrent for those contemplating wrongdoing, but internal controls and culture play a critical role in preventing and detecting fraud.
The pace of change in many work environments means that the process of ensuring that fraud prevention controls align with the business should be an ongoing exercise. The only way to successfully achieve this is a proactive approach to reviewing controls, training staff, and reducing risks.
Only 53% of respondents said that their department regularly reviews the fraud controls. This suggests that some systems and processes could be outdated and no longer effective. This result was lower than the percentages for all central government entities (70%) and all of the public sector (67%).
In our view, all departments could carry out regular reviews of their fraud controls to ensure that those controls remain effective. It could be that government departments do regularly review their fraud controls, but their staff are not aware of this. If staff knew that controls were reviewed, it could help improve perception about whether their department takes a proactive approach to preventing fraud.
Making it easy for staff to raise concerns
Most government departments (95%) have a culture where staff can raise issues and do not fear retaliation. Respondents who said they worked in an environment where staff were willing to raise concerns (86%) were also working in departments where respondents reported fewer incidents of fraud.
All public entities are required to have a protected disclosures policy. A quarter of the respondents said that either their department did not have such a policy or they were unsure whether their department had such a policy. Staff might not know that their department has such a policy if they are not regularly reminded.
Almost all of the surveyed government departments (95%) were creating the right environment by being receptive to staff speaking up about any concerns. Most respondents (92%) had confidence that their department would take proactive steps to reduce the risk of fraud if fraud was discovered in their department.
Questions 16 to 22 in Appendix 1 set out the survey response data about fraud detection.
Responding to fraud
Telling staff about incidents of fraud
The public sector has an obligation to have no tolerance of fraud. The survey responses provide some assurance that government departments have good policies and procedures, and that staff have confidence that steps are taken to reduce risks before they occur. Despite this, government departments could respond better to incidents of fraud.
As many as 78% of government department respondents said that management had not communicated about fraud incidents after they were resolved (or if management had, the staff were not aware of it). This is higher than the average for other central government entities and for the survey overall. By not communicating their responses to fraud, management can discourage staff from raising concerns.
Senior managers should consider communicating incidents of fraud to their staff when they occur (subject to any legal constraints). This will help to promote the message that fraud and any associated misconduct are taken seriously. Informing staff about fraud is a vital part of building a culture that promotes fraud awareness. The actions that managers take set the tone in any entity, and poor decisions can erode staff confidence.
Referring suspected fraud to the appropriate authorities
Most respondents said that their department dealt with incidents of fraud internally. Matters were referred to the appropriate law enforcement agency only if they were significant enough or there was evidence available.
We know that many entities are reluctant to bring criminal charges against their employees, because of materiality – but also because of the time and costs of preparing a case, resolving matters in the courts, and a perception that fraud is a low priority for the Police.
However, all public sector entities are expected to consider reporting fraud to the appropriate authorities. We encourage all government departments to do this.
Credit card and expense claim fraud
Although most respondents said that their department took credit card spending (81%) and expense claims (80%) seriously, the percentages were lower than those of other central government entities and lower than the overall survey results. Similarly, a number of government department respondents did not know whether inappropriate credit card expenditure (17%) or fraudulent expense claims (18%) were taken seriously.
Government department staff also had the lowest confidence level (84%) within central government and of all of the public sector that action would be taken to recover any misappropriated funds. A clear process to recover funds shows the seriousness with which fraud is taken. In our view, chief executives and senior managers need to send clear messages that they will seek to recover any and all misappropriated funds.
In our view, government departments also need to review their internal controls after any fraud investigation to ensure that those controls are still appropriate. When a control weakness is identified, government departments should strengthen the controls to prevent any repeated fraud and communicate with their staff about it.
Questions 23 to 31 in Appendix 1 set out the survey response data about fraud responses.
page top