Detection systems and activities typically look to uncover:
- false, altered, inadequate or missing documentation
- false authorisations
- undeclared conflicts of interest
- duplicate information such as account numbers and invoices
- real-time actions such as security events and network intrusions
- irregularities such as non-existent officers and suppliers, or ‘ghost officers’.
Why are fraud and corruption detection systems important?
Fraud and corruption can occur at any time. Quick detection reduces real financial loss and reputational damage among other things. Fraud and corruption are often discovered by accident which is why detection should be part of business as usual.
Detection systems or activities complement other detection strategies like:
- multiple reporting pathways
- strong internal oversight structures
- effective supervision
- a culture that values openness and speaking up.
Ideas for good and better practice for fraud and corruption detection systems
Good practice
- Develop systems and activities that are fit-for-purpose. An expensive technological solution is not always required.
- Examine the operating environment and risks. Consult with risk owners and other assurance providers such as internal audit to determine the type of system or activity to implement.
- Real-time analysis is quick and may indicate red flags early.
- Off-line analysis (performed quarterly or annually) usually informs periodic tasks like the audit program and preparation of financial statements.
- Manual solutions are not as effective with large and complex datasets.
- Automated solutions can analyse unstructured data and data across different systems and databases.
- Determine the data sources/holdings to inform the detection system or activity and confirm availability. Business processes need to collect the ‘right’ information in a way that enables analysis. Examples of data sources/holdings include:
- transactional and financial data
- supplier details and information
- officer details and information.
- Determine other administrative data held by the authority such as:
- cases where officers have sought integrity advice
- conflicts of interest disclosures and management strategies
- discipline cases and outcomes
- audit findings highlighting processes vulnerable to fraud
- reports from clients, suppliers and stakeholders alleging that officers did not behave with integrity
- trends in human resources information such as grievances lodged (and what they are about); exit surveys; areas of high absenteeism; and areas of high leave liability.
- Determine tools and techniques to identify trends and irregularities in data and implement them such as:
- statistical techniques; classification (to find patterns in data) and stratification (to detect outlier data)
- matching diverse data sources/holdings; officer details to supplier master file where conflicts of interest are known
- duplicate testing
- testing to uncover gaps in sequential data
- exception reporting
- benchmarking
- systems analysis
- mathematical modelling.
- Design dashboards and reports that are fit-for-purpose for the end user, thoughtfully annotated and easy to understand.
- Document and implement processes to respond to errors, irregularities and trends detected.
- Monitor and update the detection system or activity to keep pace with new and emerging risks. This could be aligned to strategic planning and budgeting cycles.
Better practice
- Add external data sources/holdings to the detection approach, as required, to expand scope, capability and reliability.
- Develop sound working relationships with external specialists with knowledge of fraud risk factors to identify potential areas to explore.
Completing the integrity framework template
Show moreIn this section of the framework, outline the authority’s systems and activities for detecting fraud, corruption, integrity breaches and other errors and irregularities.
There may be good reasons to not disclose extensive details about detection activities. However, include enough detail to give assurance that the authority’s detection approach is thorough.
Responsibility for bringing together a documented detection approach needs to be assigned to an officer with appropriate skills. Doing this in-house has the benefit of internal officers knowing the business and understanding its processes but officers need skills to generate insights. External assistance may bring the required skills, experiences and depth of understanding.