Part 2: Detailed results for these entities
Preventing fraud
Having the right framework to prevent fraud means having a code of conduct and policies about fraud, protected disclosures, receiving gifts, and using credit cards. It means making it safe and easy for staff to talk about fraud and raise any concerns or suspicions. It also means having fraud controls that are reviewed regularly, carrying out due diligence checks of suppliers, doing pre-employment screening, and providing staff with fraud awareness training.
Code of conduct and policies
Most respondents said that their entities had a fraud policy.
Most of these rates were lower than the average for the local government sector (where 76% of respondents said they had a fraud policy) and the public sector overall (where 79% said they had a fraud policy).
For small entities, a specific fraud policy might seem excessive – what is most important is that clear guidance is accessible and understood by all staff.
Most respondents also said that their entity had a code of conduct:
- airports, 75%;
- council-controlled organisations, 83%;
- electricity lines businesses, 82%;
- local government – other, 91%; and
- port companies, 67%.
The percentages dropped when respondents were asked whether these policies were regularly communicated. For example, only half of the airport respondents had received communication on their policies.
Fewer respondents said that their entities had a protected disclosures policy, even though every public entity is legally required to have such a policy.
The percentages of respondents answering "Yes" to this question were lower than the percentages for the local government sector (62%) and the overall public sector (71%).
Most respondents said that their entity had a clear policy on accepting gifts or services:
- airports, 70%;
- council-controlled organisations, 84%;
- electricity lines businesses, 79%;
- local government – other, 36%; and
- port companies, 67%.
There results were mostly higher than the overall public sector response of 71%. However, this question in the survey still generated significantly more "free text" responses than any other question. It was clear to us that many respondents have unanswered questions, regardless of the clarity of their policy.
In our view, the most important matter is the conflict of interest risk – staff should always decline a gift if accepting it could influence, or be seen as influencing, their decision-making. And gifts need to be recorded in a gifts register.
Clear and consistent policies, and messages about those policies, can prevent inappropriate behaviour, provide guidance to all staff, and ensure that everyone understands their role in, and responsibility for, preventing fraud.
Clear roles and responsibilities
Although the culture modelled by the leaders of an entity is critical, preventing fraud is not the responsibility of any one person. Most respondents felt confident that other employees understood their responsibilities and would know if they discovered fraud (responses ranged from 82% down to 33%). Airports, council-controlled organisations, and local government - other entities had higher results than the overall public sector (73%).
Respondents from all levels in these entities (from the chief executive through to operational and administration staff) felt confident that managers understood their roles and responsibilities for preventing and detecting fraud. Electricity lines businesses (93%) had the highest affirmative response rate.
Senior managers understood well the importance of building an anti-fraud culture and regularly communicating with staff about fraud incidents. However, less than half of the respondents (from 0% to 45%) said that managers told staff about incidents of fraud.
In our view, all employees need to understand their roles and responsibilities so that a culture receptive to discussing fraud can be supported and maintained.
Environment receptive to conversations about fraud
Most respondents worked in an environment where staff were encouraged to raise concerns if they suspect fraud:
- airports, 84%;
- council-controlled organisations, 87%;
- electricity lines businesses, 93%;
- local government – other, 91%; and
- port companies, 67%.
Almost all said that they could do so knowing that their concerns would be taken seriously and without fear of retaliation.
Responses were mixed (from 33% to 80%) about whether entities took a proactive approach to preventing and detecting fraud.
Fraud controls
Fraud most commonly occurs when controls are inadequate and when staff do not comply with policies and procedures. Although entities should be able to trust their employees to do the right thing, having trusted employees is not a fraud control. The likelihood of being discovered is often a strong deterrent for those contemplating wrongdoing, so internal controls and culture play a critical role in preventing and detecting fraud.
The pace of change in many work environments means that the process of ensuring that fraud controls align with the business should be an ongoing exercise.
Some respondents said that their entity regularly reviews its fraud controls:
- airports, 37%;
- council-controlled organisations, 72%;
- electricity lines businesses, 57%;
- local government – other, 73%; and
- port companies, 0%.
Those entities that do not regularly review their fraud controls could have fraud controls that are no longer effective, because systems and processes change over time. To work effectively, fraud controls need to be reviewed annually or every two years.
Due diligence checks and pre-employment screening
Many frauds occur through the use of fake suppliers and suppliers with a close personal relationship with an employee. Carrying out due diligence checks can help to mitigate the risk that suppliers can pose. Some examples of due diligence checks are:
- removing unused suppliers from the system;
- requesting references or credit checks; and
- regularly monitoring the changes to supplier details.
The percentage of respondents who said that due diligence checks were carried out was mixed, with higher and lower results than for the wider local government sector (46%) and the whole public sector (48%).
In our view, all public entities should be carrying out due diligence checks on new suppliers.
Most often, it is trusted employees who commit fraud. Trusting employees is important, but to trust without first ensuring that it is appropriate to do so exposes entities to unnecessary risk.
The percentage of respondents who said that new employees undergo pre-employment screening that includes a criminal history check was also generally lower than the result for the wider local government sector (50%) and lower than the whole public sector (71%).
Fraud awareness training
Even the most diligent employees might not identify a fraud if they have not had training. Knowing where to look and what to look for can be difficult. Only 37% of airport respondents, 23% of respondents in council-controlled organisations, and 9% of respondents in local government – other entities had received fraud awareness training at their current workplace.
By combining due diligence checks with awareness training and internal controls, any entity can foster a strong anti-fraud culture. Raising awareness of fraud helps build a culture that is receptive to fraud conversations and encourages employees to come forward if they suspect anything.
Greater risk during tougher economic times
We note that 69% of all respondents did not feel that their entity had a change in risk because of the current economic climate. Experience internationally generally confirms that recessionary economic climates – when staff feel less secure in their employment and increasingly under pressure – present a greater fraud risk. Fraud increases because of "need" rather than "greed".
Questions 1 to 15 in Appendix 1 set out the survey response data about fraud prevention.
Detecting fraud
Responding to risks
Survey participants were asked whether their entity takes proactive steps to reduce any risks when fraud or corruption risks are raised. The percentage of "Yes" responses from respondents in these entities was similar to wider local government respondents (85%) and all public sector respondents (87%).
Monitoring credit card spending
Almost all respondents said that their organisation was closely monitoring credit card spending. Again, the rate of "Yes" responses was similar to other local government respondents (90%) and all public sector respondents (90%). The rates of "Yes" responses were:
- airports, 84%;
- council-controlled organisations, 97%;
- electricity lines businesses, 89%;
- local government – other, 82%; and
- port companies, 100%.
Monitoring staff expenses
Almost all respondents were also certain their organisation closely monitored staff expenses. The rate of "Yes" responses was again similar to the rate of 94% for other local government respondents and of 97% for all public sector respondents.
Questions 16 to 22 in Appendix 1 set out the survey response data about fraud detection.
Responding to fraud
Telling staff about incidents of fraud
Overall, just over a third of respondents said that their senior managers told all staff about incidents of fraud (wider local government respondents: 35%, all public sector respondents: 29%).
Communicating with staff is vital in raising awareness about fraud. Greater awareness makes it easier for staff to be vigilant, can confirm the organisation's "zero tolerance" approach to fraud, and helps to maintain an environment where it is easy for staff to speak up about risks and raise any concerns.
Referring suspected fraud to the appropriate authorities
Most respondents (ranging from 50% to 79%) expected that suspected fraud would be reported to the appropriate authorities. In reality, most recent incidents of fraud were not reported to the appropriate authorities.
We know that many entities are reluctant to bring criminal charges against their employees, because of materiality – but also because of the time and costs of preparing a case, resolving matters in the courts, and a perception that fraud is a low priority for the Police.
However, all public sector entities are expected to consider reporting fraud to the appropriate authorities. We encourage all entities to do this.
Any decision made not to report or respond to fraud can erode staff confidence in the senior management team. It can create a perception that managers are not committed enough to preventing fraud and discourage staff from reporting their concerns. Taking no action when fraudulent behaviour occurs also increases the risk that an employee suspected of committing fraud could move to another public entity and continue their dishonest behaviour.
Credit card and expense claim fraud
Respondents were confident that their entity would take inappropriate credit card spending seriously and discipline the person involved. The affirmative response rates were about the same as or higher than those of respondents in the wider local government sector (81%) and the public sector overall (83%):
- airports, 89%;
- council-controlled organisations, 91%;
- electricity lines businesses, 68%;
- local government – other, 73%; and
- port companies, 100%.
There were similar responses to the question about whether inappropriate expense claims were taken seriously and resulted in disciplinary action. The affirmative response rates were close to the 84% response rate of those in the wider local government sector and the 86% of public sector overall.
Most respondents were confident that their entity would take all reasonable action to recover any money lost through fraud (affirmative responses ranged from 50% to 96%). These results were similar to the percentages for the local government sector (91%) and to the findings for the public sector overall (93%).
A clear process to recover funds shows the seriousness with which fraud is taken. In our view, chief executives and senior managers for these entities are doing well in sending clear messages that they will seek to recover any misappropriated funds.
Questions 23 to 31 in Appendix 1 set out the survey response data about fraud responses.
page top