“Many eyeballs make all bugs shallow”: Why a strong integrity culture is critical to fraud prevention.
“Many eyeballs make all bugs shallow”. This is known as Linus’s Law. In the world of software development, it means that if enough people are testing a product, any bugs can be quickly detected and resolved. What may not be obvious to one person may be obvious to another and vice versa. The same principle could be applied in the context of a fraud aware culture.
Fraud by its nature is a concealed crime. To be successful, fraudsters rely on their activities being hidden. If we know what to look for it can help to uncover previously hidden indicators of fraud. The Association of Certified Fraud Examiners (ACFE) have identified that reports and tip offs from employees are consistently the most common method of detecting fraud, identifying fraud at more than twice the rate of any other method. The most powerful tool for preventing and detecting fraud may be your employees, so it makes sense to invest in building a strong integrity culture that promotes fraud awareness and values fraud prevention.
Culture can be deceptively influential when it comes to employee behaviour. A strong integrity culture based on ethical behaviour will help to effectively prevent, detect and respond to fraud. We all play a key role in setting the ethical tone within our entities. Studies have invariably found that a proactive integrity culture can work to neutralise elements of the fraud triangle. The opportunity for fraudulent or corrupt activities to occur is mitigated, and they are also less likely to be rationalised.
On the contrary, a weak organisational culture can lead to a failure in early fraud detection, and to greater losses and reputational damage. The ACFE found Australian organisations lose up to 5 percent of their annual revenue to fraud alone - and that’s before the human cost has been factored in (which can’t be quantified by numbers). Fraud can result in an erosion of trust in government and industries, and lead to a loss of international and economic reputation. Fraud can also cause lasting mental and physical trauma for victims. When it comes to fraud, the adage an ‘ounce of prevention being better than a pound of cure’ rings true.
Creating and maintaining a strong integrity culture is crucial to public confidence and trust in the APS. A critical component of developing a strong integrity culture is first accepting that fraud can happen to any entity. The Australian Institute of Criminology (AIC) acknowledges that when entities find fraud it may attract negative attention and criticism from the public, media and ministers. However, failing to prevent, detect or respond to fraud is arguably worse. Equally, the perceived absence of fraud does not mean it isn’t occurring.
Entities that effectively measure and monitor integrity culture over time are generally better positioned to identify fraud risks and act on them. Culture is increasingly moving away from being an elusive, intangible concept to something that can be defined, measured and improved. There is no universal ‘one size fits all’ approach to defining and measuring an entity’s integrity culture. This will be nuanced based on an entity’s maturity level, its risk profile and available resources.
The Australian Public Service Commission (APSC) has published guidance to help Commonwealth entities improve their integrity culture and maturity. The Integrity Metrics Toolkit identifies key risk, fraud and corruption metrics that can be used to assess an entity’s cultural maturity. These can be useful prompts to help understand where your entity is in its maturity journey, and what activities may be required to enable continuous improvement. For example, using perception-based surveys could be a cost-effective method that offers critical insights into the realities of an entity’s maturity level towards counter-fraud activities and attitudes. This could also help inform where to focus future efforts to lift counter fraud capability, and ensure these are appropriately pitched.
As important as it is to have sound policies, frameworks and institutions in place to manage fraud, they cannot work on their own. The effectiveness of those systems will depend on individuals doing the right thing at the right time. It comes down to us, as Commonwealth public officials, to collectively safeguard the integrity of the resources and services we are entrusted to deliver to the Australian community.
Author: Lisa Palaszewski