Updated: Jan 27
As a leader or professional working within an environment that is targeted by or is a high risk from fraud and corruption threats, do you have access to an assessment of this risk to design your mitigation approach?
The greatest risk one can take is not to take a risk
One of the lessons learned working in and with large organisations is the disconnect between introducing risk control measures, a response to risk through investigation or change management and an understanding of an organisations risk picture. If an organisation doesn't fully appreciate its level of risk, how can it accurately respond or measure the level of procurement fraud and corruption risk that it is impacted by.
In attempting to understand how and where an organisation is targeted and the levels of financial loss it must first answer this simple question,
Are you able to identify, collect and analyse your own data that can help assess procurement fraud and corruption risk?
A simple question, however in all organisations that I've assessed over the years, that answer has generally been 'No'.
As part of the planning stage, in addition to the anti-fraud policies and procedures that it has in place, an assessment of risk identification and mitigation procedures that it currently in place and the fraud and corruption risks within finance, procurement, quality, security and asset management processes will help map out the current approach that is being taken to fraud and corruption.
In addition to these areas, it is important to understand the level of anti-fraud and corruption culture. The communication and engagement within an organisation that drives ethical standards can be the difference between identifying or receiving a report of procurement fraud or an individual not reporting suspicions because they don't trust a manager or leaders response.
The process of creating a risk assessment starts with recognising the typologies of procurement fraud and corruption. Education and awareness is an essential element of the mitigation process to ensure individuals conducting the risk assessment understand how, where and by whom an organisation can be targeted.
This approach helps identify the data sources that are relevant to the risk assessment, an organisation must take stock of activities that are associated with procurement that might include finance, human resources, quality assurance, asset management and maintenance as well as compliance, investigation or intelligence information.
The size and scale of an organisation structure may have an impact on the complexity of a risk assessment, individuals or organisations involved and the information to be considered. Particularly where an organisation conducts an annual assessment or regularly assesses new risks against the current assessment, it may wish to create a risk model that can be used to consider typologies, individuals, departments, organisations and the mitigation structure.
Creating a risk register where risks and mitigation recommendations are documented and using this method to support a decision making structure. If an organisation doesn't have a centralised group of managers or leaders that considers each risk and allocates ownership to affect change, what might be the consequences in this inefficient approach.
Part of a decision making structure is to consider prevention and detection activities to mitigate the identified risks by enhancing systems and controls, policies and procedures and expertise and capabilities to prevent future procurement fraud and corruption.
Introducing a proactive approach and techniques to identify procurement fraud and corruption is a valuable method of testing the integrity of an organisation's mitigation framework and also the continued support and update of a risk assessment. Additionally, targeted audits and data analysis from the published risk assessment can be a useful exercise to more effectively use finite resources.
Documenting a procurement fraud Response Plan can add great value where a new risk is identified and requires a coordinated response. Having a centralised decision making group that is guided by the plan not only creates an efficient and effective response to risk but also gives responsibility and ownership for each action.
As part of the change management process do you use a strategic approach to risk, specifically do you have a one, three or five year plan. Is your annual risk assessment used to identify current and potential future risks, are there new patterns of fraud and corruption typologies and what prevention, detection or mitigation actions should be introduced.
In the continual improvement lifecycle, measurement and monitoring should be integral in performance assessment of the procurement fraud framework. Generally, a natural consequence of enhancing communication, engagement, prevention and detection techniques is the increase in data. Identifying mitigation risk that might include communication barriers that prevents discussion and reporting can be a valuable tool in the monitoring process.
To support all areas of risk mitigation, training and awareness should be introduced to all leaders, managers and staff that are involved in the mitigation approach to help clarify their responsibilities and how procurement fraud can impact their organisation. If an organisation takes the approach that all staff and suppliers have the potential to identify and report risk, they have a greater opportunity to receive additional reports and create a greater understanding of their risk picture where education and awareness of current threats and methodologies are shared.
If you have any comment on this approach to risk, please feel free to comment on our LinkedIn page.