Public Sector Risk Management Framework
Guidebook: Fraud Risk Management Policy
(for the purposes of this guideline, the term “Institution” refers to National Departments, Provincial Department, Constitutional Institutions, Public Entities, Provincial Entities, Municipalities (Metropolitan, Local and District) and Municipal Owned Entities)
Note: All underlined words in this document contain a link to a relevant example, guidebook or template. If you click on the link it will open the relevant document automatically.
Published by:
Guidebook: Fraud risk management policy
v1.0608
“Naganela Pele – Think Ahead”
Contents
1 Introduction 1
2 Deliverable 1
3 How to draft a fraud risk management policy 2
4 Fraud Risk Management Strategy 3
4.1 Matters to consider 3
4.2 Implementation 4
5 Fraud Prevention Committee 4
i
Guidebook: Fraud risk management policy
V1.0608
“Naganela Pele – Think Ahead”
1 Introduction
It is important that the Accounting Authority / Officer sets the right tone for the prevention and management of fraud in the institution. All staff may be aware of the need to prevent loss and to safeguard stakeholders’ interests, however they may not be clear about the institution’s standpoint relating to fraud.
It is a requirement for the Accounting Authority / Officer to publish a fraud risk management policy. This includes a statement that declares the institution’s commitment to effective fraud risk management. It should explain that all key fraud risks identified are to be managed appropriately.
The fraud risk management policy will outline the institution’s commitment to the reduction and possible eradication of incidences of fraud and misconduct. It will also confirm a commitment to legal and regulatory compliance.
2 Deliverable
The fraud risk management policy should be introduced by a brief statement regarding the institution’s commitment to the elimination of fraud. It is the basis for the fraud management plan. Institutions should have the fraud risk management policy published and circulated to all stakeholders as part of an awareness campaign.
The fraud and misconduct risk policy or strategy will encompass the identification of exposures to fraud and misconduct in the everyday operations of the institution and the effective reduction or eradication of those identified exposures by the adoption of an awareness and education campaign applicable to all stakeholders.
3 How to draft a fraud risk management policy
The Accounting Authority / Officer will be responsible for ensuring that the institution’s fraud risk management policy is transmitted to all stakeholders and that the policy carries with it the commitment of senior management to uphold the principles encompassed in the policy.
The fraud risk management policy should be included in each and every letter of appointment and both current and new staff members should be required to sign an acknowledgement of having read and accepted the institution’s fraud risk management policy as being binding on them.
Contravention of the policy and subsequent detailed strategy should be met with the strongest condemnation and immediate disciplinary action.
The institution’s philosophy regarding fraud and misconduct risk will be self-evident from its existing operating style, but the Accounting Authority / Officer may choose to add additional requirements to this and have it communicated to all stakeholders.
The contents of a fraud risk management policy and strategy document should emphasise the institution's zero tolerance for any forms of fraud.
The fraud risk management policy should be the introduction to the institution’s fraud and misconduct strategy.
4 Fraud Risk Management Strategy
4.1 Matters to consider
In order to develop and implement a Fraud Risk Management Strategy, the institution needs to identify where exposures to fraud exist within the institution’s current operating systems and procedures. Only once these exposures have been identified will it be possible to implement action to counter the exposures and, wherever possible, prevent or reduce the incidence of fraud in the future.
The identification of exposures to fraud can be performed by conducting a series of workshops with management and employees involved in the operations at the “coal face”. These are the individuals who work on a daily basis either enforcing controls or adhering to them during the course of their duties. It is these individuals who become aware of which controls are in place and which are effective and which are observed more in the breach than in the application. Their input is invaluable to the assessment of the effectiveness of controls.
4.2 Implementation
The strategy should include the detailed procedures to be adopted by the institution in the identification of exposures to fraud and misconduct. Once exposures to fraud and misconduct have been identified, it will be necessary to evaluate the effectiveness of existing controls and counter measures. Where additional or new controls and procedures are deemed to be necessary, responsibility for their development and application must be allocated to individual management personnel. Ultimate responsibility for the application of anti fraud controls and procedures is that of every institution stakeholder.
Monitoring of the application and ensuring adequate supervision and dynamism of the controls and procedures will be the responsibility of the Fraud Prevention Committee.
Click here to view an example of a fraud risk management policy.
5 Fraud Prevention Committee
It is recommended that institutions constitute a Fraud Prevention Committee, to consist of members of staff drawn from a variety of levels of the institution under the chairmanship of an independent person, for example the Audit Committee Chairperson.
The Fraud Prevention Committee will be charged with ensuring the implementation of the fraud and misconduct strategy, creating fraud awareness amongst all stakeholders and accepting responsibility for considering any reports of fraud or misconduct and for taking appropriate action in consultation with the Accounting Authority / Officer.
5
Guidebook: Fraud risk management policy
v1.0608
“Naganela Pele – Think Ahead”