Developing an Anti-Fraud Culture

Every organisation has its own unique way of doing business, usually referred to as the organisational or corporate culture. This includes the shared values, norms, beliefs and ethical practices that make up the character of the organisation.

Nowadays, shareholders, regulators and other stakeholders expect executives to promote a culture where everyone is aware of, and supports, the message that the organisation will carry out its business in an honest and ethical way. How resistant that organisation will be to fraud will depend a lot on the strength of the ethical culture.

However, in practice, there can be a great deal of difference between the culture the organisation appears to be promoting as perceived by external stakeholders, and the culture employees within the organisation actually perceive. Also, while an ethical culture will go a long way toward keeping most honest employees honest, it may not stop all employees or third parties from seeking ways to defraud. Some people are just plain dishonest. The culture needs to be such that dishonest people are clear in the knowledge that honest employees will not tolerate their potential deceit and will do everything in their power to prevent fraud from occurring.

To achieve this, one of the key components of an anti-fraud culture is the active participation of all employees in predicting, pre-empting and preventing fraud. The fraud risk manager plays a vital role in translating the need to develop an anti-fraud culture into practical training and risk assessment programmes, so that honest employees at all levels are capable of identifying potential acts of dishonesty by colleagues and third parties.

As with any major new initiative, if it is going to be of long-lasting benefit, a programme to develop an anti-fraud culture needs to be well planned and solidly constructed from the top down. It is important certain fundamental issues are addressed first. These prerequisites are:

• the chairman and CEO are committed to setting the right tone at the top and recognise that a fraud risk management strategy is an important way of adding value and effectively governing the organisation

• the board is keen to acquire an understanding of the fraud risks that are faced by the organisation

• the organisation has policies covering business ethics and fraud, which are known, communicated and, in general, fully supported

• appropriate individuals within the organisation are assigned roles and responsibilities for implementing the fraud risk management strategy.

The right tone at the top

The culture within an organisation is strongly influenced by the ethics of the chairman and CEO. They act as pivotal role models for the rest of the organisation and set the tone. The chairman is responsible for managing the board and the CEO is responsible for running the organisation's business. The aim of this division of responsibilities is to ensure there is an effective balance, so that neither individual has unlimited power. Although the fraud risk manager would not normally have any influence on the composition or workings of the board, it is important to understand the dynamics at work when seeking approval for the fraud risk management framework.

Non-executive directors play a vital role in ensuring that financial controls and risk management systems are working correctly and that an ethical culture exists within the organisation. Ensuring that there are an appropriate number of capable, independent non-executive directors on the board should reduce the potential for unethical or dishonest behaviour by executives. Non-executive directors must insist that they are provided with the correct information to make accurate judgments about fraud risks and need to have a strong personality to avoid having the wool pulled over their eyes by potentially dishonest executives. The behaviours and personal attributes required of non-executive directors are:

• must be sound in judgment and have an inquiring mind
• have integrity, probity and high ethical standards
• able and willing to inquire and probe
• have sufficient strength of character to seek and obtain full and satisfactory answers
• have strong interpersonal skills.

An anti-fraud culture is easier to develop in an organisation where the chairman and CEO lead by example and are supported by competent and independent non-executive directors. This sends a powerful message across the organisation. Although this is the ideal case, we have seen a number of organisations where the CEO was unethical or dishonest, and yet the organisation has still flourished because of the ethics and talent of senior managers of individual business units. In other words, the senior managers set an ethical tone at the top of their particular unit, which can filter up as well as down.

In a complex business, it can be quite challenging to implement an effective fraud risk management strategy. The executives, in consultation with the fraud risk manager and other relevant individuals, should decide on the fraud risk management strategy and what organisational changes are required to develop an anti-fraud culture, and then obtain the agreement of the non-executive directors. An independent audit committee should be responsible for overseeing the effectiveness of the implementation of these changes.

This text is an excerpt from A Short Guide to Fraud Risk published by Gower.