The risk to organisations across all industry sectors from fraud and corruption is as high as ever.
The speed with which transactions occur through electronic media and the complexity associated with locating funds once they have been stolen can result in those funds being unrecoverable.
According to research performed by the Association of Certified Fraud Examiners, the COVID-19 pandemic has increased the level of fraud uncovered within organisations. Key statistics include:
- 51% of organisations having uncovered more fraud since the onset of the pandemic.
- 71% of organisations are expecting the level of fraud to increase over the next year.
- A significant increase in cyber related fraud (82% increase in cyber related fraud is expected through to May 2022).
Shifts in business operations, remote working, changing consumer behaviours, weaknesses in IT systems / controls, lack of employee fraud awareness and training have led to an increase in fraud. Accordingly, organisations need to be aware of areas susceptible to fraud and corruption and establish a fraud and corruption control framework to mitigate the associated risks.
A robust framework will assist organisations in:
- Promoting a consistent approach to managing fraud related risks.
- Helping organisations in assessment of integrity, fraud and corruption risks.
- Providing guidance on the development of appropriate policies and processes to strengthen integrity culture.
- Reducing the likelihood of fraud and corruption within the business.
Fraud & corruption control framework
Majority of Australian entities utilise the Fraud and Corruption Control Standard from Standards Australia to formulate their fraud and corruption control framework. The standard is widely regarded as a benchmark for providing guidance in implementing preventative and detective controls to mitigate fraud and corruption risks. The standard also includes measures for responding to fraud and corruption events if and when they occur. The AS 8001:2021 Fraud and Corruption Control Standard has superseded its predecessor the AS 8001:2008.
Key changes to the Fraud and Corruption Control Standard include:
- The Fraud Control Plan has been replaced and requires organisations to have a robust documented Fraud and Corruption Control System. The system should outline the organisation’s approach to controlling fraud and corruption exposures at strategic, tactical and operational levels, including detailed prevention, detection and response protocols.
- The new standard requires organisations to implement Information Security Management Systems based on ISO / IEC 27001 Information Technology better practice standard.
- The new standards require organisations to have mechanisms in place to manage external ‘cyber-born’ related attacks / threats.
- The new standard requires governing bodies and top management to play a critical role in improving overall fraud culture within the organisation by providing clearer guidance to staff and active management of fraud related risks.
- The standard expands on how entities should manage fraud and corruption risks relating to third parties such as customers / clients, government services, etc.
- New guidance and requirements with respect to whistle-blowing have been established which play an important role in identifying and calling out misconduct within organisations.
- The need for organisations to perform pressure / mock testing exercises of internal controls to assess their effectiveness forms part of the new standard. For example, submitting a ‘false’ invoice for payment or emailing the finance team to request a change in bank account details of a supplier to determine whether the entity will identify this anomaly and respond to such scenarios appropriately.
How we can help
We have significant experience in the provision of fraud risk management related services and can assist you with respect to:
- AS 8001:2021 compliance assessments.
- Information Security Management Systems reviews.
- Special investigations of procurement practices.
- Fraud investigations.
- Fraud control and awareness surveys.
- Fraud training and awareness workshops.
- Review of risk management frameworks.
- Probity advice.
We are here to help. To find out more, contact our Risk, Assurance and Consulting team.
This article was co-authored by Kundai Mtsambiwa – Senior Manager Audit & Assurance, HLB Melbourne.