Transcript Culture

6th Training Workshop 30th of November 8:30 -16:30
Financial Investigation Coordination in Cyprus:
Hercule III Programme Anti-Fraud Training 2014 -2020
This publication has been produced with the assistance of the European Union. The contents of
this publication are the sole responsibility of EUC and can in no way be taken to reflect the views
of the European Union. Financial Investigation Coordination in Cyprus
[OLAF/2016/D1/014]
1
Dr. Loukia Evripidou
 Defining organizational culture and ethics
 The Importance of Corporate Governance,
organizational culture and ethics to Addressing
Corruption
 Anti-fraud strategies
 Fraud Prevention trough development of a sound
ethical culture
3
Effective governance processes are the foundation
of fraud risk management. Lack of effective
corporate governance seriously undermines any
fraud risk management program. The organization’s
overall tone at the top sets the standard regarding
its tolerance of fraud.” —
“
Managing the Business Risk of Fraud
4
 The first step in develop an effective system to prevent fraud in the organization is
creating a strong culture of ethics and integrity throughout the organization.
 Whatever the organizational structure of a company would be, managers and those
charged with governance set the tone, a trend level of integrity and ethics in the
organization.
 Known in the literature as "tone at the top" (Nettler, 1982), the term defines the
involvement and attitudes of managers and others charged with governance to acts of
fraud within the organization.
 Anti-fraud culture development is an ongoing process, lasting for a long period of
time, managers setting an example on attitudes towards fraud, communicate to
employees the company's policy to acts of fraud and encourage any person involved
in the fraud detection and deterrence.
5
 Without the strong and intensive management support it is hard to believe that the
organization can achieve a culture of integrity.
 The codes of ethics development is providing values and principles of integrity, is a
symbol of the company's attitude towards fraud and should be adopted by all
employees or third parties relational.
 Employees are paying increased attention to managers behaviour and actions and
tend to follow their example.
 If senior management is not concerned with ethics, employees will be more likely to
commit fraud because they feel that the integrity and ethical conduct are not basic
principles and priorities of the organization.
 The company's anti-fraud policy should provide clear descriptions about possible
unethical practices to be encountered by employees and state the company's
delimitation of such behaviour.
6
‘Corporate Governance is a
system by which a company is
directed and controlled’.
– Sir Adrian Cadbury
7
8
9
• Culture can be defined as an evolving set of
collective beliefs, values and attitudes.
• Culture is a key component in business and
has an impact on the strategic direction
of business.
• Culture influences management, decisions and
all business functions from accounting to
production.
10
 Ethics is a set of principles of right
conduct or a system of moral
principles
 Business ethics can be defined as
the principles, norms and standards
that guide an organisation’s conduct
of its activities, internal relations and
interactions with external
stakeholders
11
 Corporations have the same rights and responsibilities as
individuals

All employees must obey
business conduct
laws and regulations defining acceptable
 Corporate culture without values and appropriate
communication about ethics can facilitate individual
misconduct
 Ethical corporate culture does not evolve, but requires ethical
polices
 Implementing a corporate ethics program promotes the
corporation as a moral agent
12
Source: Ethics Resource Center, National Business Ethics Survey ® of Fortune 500 ® Employees: An Investigation into the State of Ethics
at America's Most Powerful Companies (Arlington, VA: Ethics Resource Center, 2012).
13
 It is nearly impossible to know all relevant laws

Ethics programs increase ethical awareness
 Organizations can become bad barrels
 Pressures to succeed create opportunities rewarding unethical
decisions
 Established ethics programs help employees determine
what behaviors are acceptable

Top management must integrate these codes, values and standards into the corporate
culture
14
 Effective ethics program ensure that all employees
understand and comply with the ethical culture
 Cannot assume employees know how to behave when
entering a new job
 Ethics programs act as important restraints to
organizational misconduct
15
• Ethics is the cornerstone of corporate governance
• Ethics ensures the sustainability of a business
• Good corporate reputation is built on a solid foundation of ethical
culture
• A culture of trust must be built on a corporate framework of ethical
principles which are transparency/ openness, competence,
integrity and benevolence
• Ethics play a major role in the prevention of fraud. Fraud
prevention becomes a shared responsibility among the members
of the organisation
16
17
 ACOUNTABILITY
 Ensure that the management is accountable to the board
 Ensure that the board is accountable to the shareholders
 FAIRNESS
 Protect shareholders rights
 Treat all shareholders including minorities equitable
 TRASPARENCY
 Ensure timely, accurate disclosures on material matters, including financial situation,
performance, ownership and corporate governance
 INDEPENDENCE
 Procedures and structures are in place so as to minimize or avoid completely conflicts of
interest
 Independent Directors and Advisors i.e. free from influence of others
18
 “What makes corporate governance necessary? Put simply, the interests of
those who have effective control over a firm can differ from the interests of those
who supply the firm with external finance. The problem commonly referred to as
a principal- agent problem, grows out of the separation of ownership and control
and of corporate outsiders and insiders. In the absence of the protections that
good governance supplies, asymmetries of information and difficulties of
monitoring results in capital providers who lack control over the corporation,
finding it risky and costly to protect themselves from the opportunistic behaviour
of managers and controlling shareholders.” (OECD)
19
20
 A strong ethics program includes
 Written codes of conduct
 Ethics officers to oversee the program
 Careful delegation of authority
 Formal ethics training
 Rigorous auditing, monitoring, enforcement, and revision
of program standards
21
 Most countries’ laws prohibit theft, corruption, and
financial statement fraud.
 Stock prices drop dramatically at any hint of
financial scandal.
 Customers punish firms whose reputations are
sullied by indications of harmful behavior.
 Board and senior management are held
accountable for fraud under their watch.
22
A strong culture can be observed by its
outcome rather than by individual
components.
It is more than just a checklist of initiatives.
 Even companies with sound policies in place
can have a culture of corruption.
23
 Board ownership of agendas
 Independent nomination processes
 Free information flow to the board
 Access to multiple layers of management
 Effective control of a whistleblower hotline
 Effective oversight of senior management:
 Evaluations
 Performance management
 Compensation Succession planning
 A code of conduct specifically for senior management
24
 Strong emphasis on the board’s own independent effectiveness and
process
 Board evaluations
 Executive sessions
 Active oversight of strategic and risk-mitigation efforts
 Board assurance of ethical considerations in:
 Hiring, evaluation, promotion, and remuneration policies for employees
 All aspects of relationships with customers, vendors, and other stakeholders
 Business strategy, operations, and long-term survival
25
26
 According to studies conducted by the Centre for Ethics Resources in 2011, the managers’ actions
and attitude towards fraud and unethical behaviour in the workplace, influence significantly
employees' behaviour.
 Employees who feel that managers act in an ethical manner at work and have a positive attitude
towards moral values (talking about the importance of business ethics, inform employees, keep
their promises), will less commit fraud than employees who feel that managers only talk about
the principles of ethics, without actually apply them and exemplify by their own behaviour.
 The study examines the variation of the four criteria:
a) pressure on employees,
b) the level of unethical behaviour at work,
c) failure reporting on unethical and
d) retail against whistleblowers in two contexts: that of a strong culture of ethics and a
weak one.
 The results show that in an organization with a high degree of ethical management, the pressure
on employees (representing an important aspect of the fraud triangle) decreases by 75%, the
unethical behavior in the workplace decreases by 48%, reporting failure situations decreases by
38% and unethical behaviour on whistleblower retaliation are reduced 5 times
27
 Workmates behaviour influence the ethical conduct of a
person, so that if an unethical behaviour is tolerated, new
employees will certainly quickly adopt the same behavior
 In the opposite situation, employees who observe ethical
behavior from their peers will be less inclined to commit
misconduct)
28
 Ethical practices in the industry are applied daily by employees at work.
 If in a particular industry is rooted some unethical practice and works like an
unwritten law, employees will adapt to, as a standard or as an essential requirement
in order to achieve the marketing objectives.
 The company's anti-fraud policy should provide clear descriptions about possible
unethical practices to be encountered by employees and state the company's
delimitation of such behaviour.
 If the company does not accept forms of fraud as bribery, influence peddling or
illegal gratuities and combat all acts of fraud of this kind, it is unlikely that an
employee will be influenced by practices in the market.
29
 An anti-fraud official policy means that the organization will publicly
condemn unethical behaviour and will say moral misconduct will not be
tolerated, regardless of their potential opportunity cost.
 This policy should be applied in practice and exemplified by the daily
behaviour of persons in leadership so that employees are aware that antifraud policy is not only an apparent form adopted for maintaining the
company's reputation, but an active mood in the workplace.
30
 Creating a work environment that feeds employee loyalty coincides with obtaining a
positive work.
 A negative work environment is characterized by unrecognized and unappreciated
organizational performance, negative feedback for morality and personal integrity,
unreasonable expectations about performance indicators, uneven and unclear
organizational responsibilities, poor communication methods and practices within
the organization.
 In a negative work environment, employees' level of moral integrity and loyalty is
low or nonexistent.
 This creates prerequisites for employees to commit fraud against the company, or for
the company, but regardless of its consequences as it does not consider any
obligation to protect the employing organization.
31
32
 A mission statement that refers to ‘quality’ or ‘ethics’ and defines how the
organisation wants to be regarded externally.
 Clear policy statements on business ethics and anti-fraud, with explanations about
acceptable behaviour in risk-prone circumstances.
 Management which is seen to be committed through its actions.
 Fraud risk training and awareness for all employees and key business partners.
 A process of reminders about ethical and fraud policies, for example, an annual
letter and/or declarations.
 Periodic assessment of fraud risk.
 A route through which suspected fraud can be reported.
 An aggressive audit process which concentrates on fraud risk areas.
33
 An internal control system comprises all those policies and procedures that
collectively support an organisation’s operation.
 Internal controls typically deal with approval and authorisation processes, access
restrictions, transaction controls, account reconciliations and physical security.
 These procedures often include the division of responsibilities, and checks and
balances to reduce risk.
 An internal control system comprises all those policies and procedures that
collectively support an organisation’s operation.
 Internal controls typically deal with approval and authorisation processes, access
restrictions, transaction controls, account reconciliations and physical security.
 These procedures often include the division of responsibilities, and checks and
balances to reduce risk.
34
 It will never be possible to eliminate all fraud.
 No system is completely ‘fraud proof’ because many fraudsters can by pass the
control systems put in place to stop them.
 However, if an organisation pays greater attention to the most common indicators,
this can provide early warning that something is wrong and increase the likelihood
of discovering the fraudster.
 Fraud indicators fall into two categories:
 Warning signs
 Fraud alerts
35
 Business risk can be indicated by the absence of an anti-fraud policy and culture,
together with lack of staff management supervision. Bonus schemes linked to
ambitious targets or directly to financial results can point to risky behaviour. Unusual
staff behaviour patterns, for example, employees who do not take their annual leave
allocation or who are unwilling to share duties, can also indicate business risk.
 Financial risk: Significant pressures on management to obtain additional finance can
indicate a financial risk. Other signs include the extensive use of tax havens without
clear business justification, along with complex transactions or financial products.
 Environmental risk: This can occur when new accounting or other regulatory
requirements are introduced. Highly competitive market conditions and decreasing
profitability levels can also lead to environmental risk, as can significant changes in
customer demand.
 IT and data risk: Unauthorised access to systems gives rise to IT and data risk, as do
rapid changes in information technology. Users sharing or displaying passwords is
also highly risky.
36
Fraud alerts have been described as specific events, or red flags, which may
indicate fraud. Some examples of fraud red flags are:
 discrepancy between earnings and lifestyle
 photocopied documents in place of originals
 missing approvals or authorisation signatures
 extensive use of ‘suspense’ accounts
 inappropriate or unusual journal entries
 above average number of failed login attempts.
37
Available tools and techniques for identifying possible fraudulent activity
include:
 ongoing risk assessment
 trend analysis
 data matching
 exception reporting
 internal audit
 reporting mechanisms.
38
An organisation’s approach to dealing with fraud should be clearly described in its fraud
policy and fraud response plan. The plan is intended to provide procedures which allow for
evidence gathering and collation. In summary, a fraud response plan should include
information under the following headings:
 purpose of the fraud response plan
 corporate policy
 definition of fraud
 roles and responsibilities
 the response
 the investigation
 organisation’s objectives with respect to dealing with fraud
 follow up action.
39
 Reasonable steps for responding to detected or suspected instances of fraud include:
 clear reporting mechanisms
 a thorough investigation
 disciplining of the individuals responsible (internal, civil and/or criminal)
 recovery of stolen funds or property
 modification of the anti-fraud strategy to prevent similar behaviour in future.
 There are lessons to be learned from every identified fraud incident.
 The organisation’s willingness to learn from experience is as important as any other
response.
 Organisations should examine the circumstances and conditions which allowed the
fraud to occur, with a view to improving systems and procedures so that similar
frauds do not occur in future.
40
 It is clear from the previous diagram that the various elements of an effective anti-fraud
strategy are closely interlinked.
 Each plays a significant role in combating fraud, with fraud deterrence at the centre.
 Fraud detection acts as a deterrent by sending a message to likely fraudsters that the
organisation is actively fighting fraud and that procedures are in place to identify any
illegal activity.
 The possibility of being caught will often persuade a potential perpetrator not to commit
a fraud.
 There should also be complementary detection to counter the fact that the prevention
controls may be insufficient in some cases.
 It is also important to have a consistent and comprehensive response to suspected and
detected fraud incidents.
 This sends a message that fraud is taken seriously and that action will be taken against
perpetrators. Each case that is detected and investigated should reinforce this deterrent
and act as a form of fraud prevention.
41
THANK YOU!!!
QUESTIONS????
42