Influence change to develop a strong counter fraud culture
The best way to manage fraud is to focus efforts on developing a strong culture that promotes and values fraud prevention. This could require a change in how an entity views finding fraud. The International Public Sector Fraud Forum advises finding fraud must be viewed as a positive achievement. If you can’t find fraud, you can’t fight it.
How to develop a strong counter fraud culture
A vital part of developing a strong counter fraud culture is first accepting that fraud can happen to any entity and acknowledging that not all fraud can be prevented. The Australian Institute of Criminology (AIC) notes that when entities find fraud there can be negative attention and criticism from the public, media and Ministers. However, failing to prevent, detect or respond to fraud is arguably worse. AIC also notes that the perceived absence of fraud does not mean that fraud is not occurring. Failure to detect fraud early can lead to greater losses, more reputational damage and a toxic workplace culture.
Creating an organisational culture based on sound ethics and integrity will help to effectively prevent, detect and respond to fraud. Fostering an ethical culture encourages all staff and contractors to play their part in protecting public resources. A code of conduct is vital to establishing an ethical culture within an entity. It is good practice for a code of conduct to be promoted throughout the entity and to form part of its culture.
Accountable Authorities also play a key role in setting the ethical tone within their entities. They are responsible for fostering and maintaining a culture of fraud awareness and prevention. Accountable Authorities are strongly encouraged to foster this culture in their senior leadership as well as across staff. Creating a culture in which staff and contractors are prepared and supported to report suspected fraud is critical for the ongoing effectiveness of an entity’s counter fraud activities.
How to implement this culture change
Before starting out, consider your entity’s maturity level regarding activities and attitudes in countering fraud. Research shows that a ‘one-size-fits-all’ approach does not work when communicating and influencing change, so it is important that fraud officers understand the circumstances in which they are operating and pitch their communication and activities at the appropriate level.
A maturity model shows how capable an entity or system is of achieving continuous improvement. It is a useful prompter to analyse your entity and understand where it sits in its maturity journey and what activities or processes may be required to enable improvement.
There are limitations to maturity models but they are useful tools to enable conversations and reflection. An example of one potential maturity model, adapted to the Fraud context, is below.
In this model a strong counter fraud culture would be achieved at the engaged and embedded levels.
You could consider the following in order to understand your entity’s counter fraud maturity:
- Do you have executive buy-in across your entity?
- How well are your current risk practices understood within your entity?
- Does your entity have the capability to effectively run fraud risk assessment workshops? Is this function outsourced?
- How well are your current risk practices working for your entity?
- Are you benchmarking your entity’s performance?
- Do you have the resources, processes and capability in place to effectively identify, counter and manage fraud risk?
Examples of activities
Level 1 - Interested
Activities may be primarily focussed on raising awareness of fraud issues and explaining why countering fraud is an essential responsibility. Entities at this level are unlikely to have buy-in and countering fraud is likely to be viewed as unimportant or not a priority. At this level your entity could try:
- making sure that fraud risk is considered in organisational-level risk assessments
- building and maintaining a culture that sees finding fraud as positive outcome
- promoting fraud awareness week
- profiling significant fraud cases
- creating a communications strategy
- implementing fraud training
- making your staff aware of what fraud is and how to report it.
Level 2 - Invested
Activities might begin to transition from general promotion and awareness raising to embedding more specific projects and activities. Fraud may be viewed as an important issue but there is likely to be little to no resources allocated. At this level your entity could try:
- making sure that fraud risk is considered in the program-level risk assessments
- considering if internal capability for fraud risk assessments could be developed in the future
- establishing an internal fraud risk community of practice
- developing or reviewing an internal fraud risk matrix (if one is not already in place)
- discussing at senior management levels the fraud risk and counter fraud practices
- beginning to seek investment in processes, tools or other resources to help in countering fraud.
Level 3 - Committed
A committed entity understands that countering fraud is critical to their programs, and its executives are actively involved in this effort. At this level your entity could try:
- expanding fraud training
- actively investigating fraud
- developing internal expertise in conducting fraud risk assessments at the program and entity level
- benchmarking your entity’s performance year-on-year
- implementing processes, design and testing of tools, or other resources to help in countering fraud.
Level 4 - Engaged
Engaged entities have a culture that views countering fraud as a necessary, non-negotiable priority. Activities performed at the engaged level will look slightly different as countering fraud becomes a common practice within your entity. At this level your entity could try:
- reviewing data and Key Performance Indicators about fraud culture or behaviour
- running fraud risk assessment workshops and using this information to drive improvements across your fraud control environment
- benchmarking your entity’s performance against other entities
- regularly reviewing fraud training and counter fraud practices
- implementing robust processes and regularly reviewing them to counter fraud.
Level 5 - Embedded
Entities at the embedded level have a robust counter fraud culture which focusses on regular reviews and refinements of their processes, tools, risk appetite and understanding. Entities will engage widely to inform their knowledge, have implemented best practice, and be working to constantly improve their standards, as well as the knowledge of its people.
Other key tips for implementing a strong counter fraud culture
- Make sure your staff inductions and training include discussion of ethical standards.
- Champion your entity's code of conduct and ethics and make sure they are available to staff, contractors and consultants.
- Connect with the counter fraud community to share your approach and better practice.
- Engage with the Commonwealth Fraud Prevention Centre’s communities of practice, committees and working groups.
- Make sure your fraud tolerance, countermeasure effectiveness and fraud incidents are discussed at executive-level committees.
- Designate an individual who is accountable for fraud and corruption at an executive/senior management level.
- Choose an influential person who understands fraud and corruption and how it is evolving and make them responsible for your entity’s response (a functional lead or fraud manager).
- Make sure all staff and contractors are aware of fraud and corruption appropriate to their role, including understanding how to identify and detect it.
- Create a culture that allows staff and contractors to speak freely about pressures and management to resolve such pressures before they become a problem.
- Advertise the processes in place that enable staff and contractors to safely report concerns about internal fraud.
- Communicate the results of fraud investigations to raise awareness of your entity’s active management of fraud risk and corrective action (where appropriate).
- Make sure your entity’s ethical standards are appropriately reflected when entering into arrangements with third parties to deliver services or programs on behalf on the Australian Government.
Contact us for help with influencing change in your Commonwealth entity.