In the country’s largest ever bribery case, former Auckland Transport senior manager Murray Noone and Projenz MD Stephen Borlase were recently sentenced in the Auckland High Court to five years and five years six months respectively after being found guilty of bribery and corruption. We asked Assistant Auditor-General Local Government Andrea Reeves why she thought such cases were arising now, whether or not she thinks there is now more corruption in local government or is it that audit processes have improved so that such actions can now be more easily traced and challenged. This is her reply.
Let’s start with the bad news. Fraud is an inevitable part of business life. If you haven’t been directly affected by it yourself, chances are you know someone who has. There have been several high-profile cases lately at both local and central government levels. Data collected by the Office of the Auditor-General for 2015/16 shows a variety of frauds detected in local authorities and council-controlled organisations (bit.ly/OAG_ReportingFraud).
Why does it happen? KPMG’s Mael Kaptein aptly summed it up in six words: “Wrong can sometimes be very attractive.” A 2016 KPMG report on corporate fraud found that 54 percent of frauds they looked at were facilitated by weak internal controls. However, 20 percent were committed regardless of internal controls.
Mael’s words came from a presentation with a revealing title: “Why good people sometimes do bad things.” Fraudsters are clearly not “good” in the moral sense; rather, a surprising amount of fraud is committed by senior people in positions of trust.
Another survey from that KPMG report, based on 750 case studies, identifies people in management positions as being responsible for getting around internal controls in 27 percent of cases.
As KPMG explains, “Fraudsters, by virtue of their tenure and seniority at the organisation, understand internal controls and how to circumvent them or find flaws in the internal controls and exploit them.”
These are not opportunistic, spur-of-the-moment crimes. The biggest frauds are often well-planned and sophisticated. Where there’s a will, some people will do everything to find a way. The higher up the chain, the more easily they can conceal their dishonesty.
Now for some good news: It is possible to catch these criminals.
It is not the auditors’ job to find fraud, but we naturally take a deep interest in the issue. In 2012, our Office conducted a survey of almost 2000 people working across the public sector – both in local and central government – to help the public sector understand more about fraud in their backyards (bit.ly/FraudAwareness_2012).
The results showed that good internal controls can, and do, detect fraud in many cases, but not all. For the rest – those most sophisticated frauds – the best control you can put in place is an organisational culture where vigilance against fraud is strongly encouraged.
Our results showed a strong link between a public entity’s culture and the incidence of fraud. Those that talk openly and regularly about fraud prevention and risks are more likely to keep fraud at bay. Such a culture requires:
- setting the right tone at the top;
- putting in place appropriate controls, including policies and procedures;
- talking openly about fraud and the risk of fraud;
- making sure that staff feel safe to report suspected fraud;
- making sure that staff know about fraud policies and procedures – regularly telling them that fraud is not tolerated, how they can help prevent it, and how to raise their concerns;
- dealing effectively with any incidents of suspected fraud; and
- telling staff about incidents of fraud and how they have been dealt with.
Many of you are working hard on fostering such an environment. Of course, no matter how far you’ve come, there is always more to do.
I have spent many hours over the past year talking about our 2016 reflections report on governance and accountability (bit.ly/OAG_Reflections).
If I may give that report one more plug… That report identified eight elements essential to good public sector governance; of those, element 3 (“Lead by setting a constructive tone”), element 7 (“Manage risks effectively”) and element 8 (“Ensure that you have good information, systems, and controls”) are highly relevant here.
Risk management is an area where we need to see a lot of improvement. Public entities are usually not bad at identifying risks – but that’s only step one. Once identified, risks must then be analysed, mitigated, monitored, and communicated.
As for what internal controls you need, they will vary depending on the size of your organisation, its structure, and the risks you need to manage. Your auditors will have some opinions on this! The auditors provide you with a management report that often outlines areas for improvement. It is important that these recommendations are properly considered.
The final step: If your controls and vigilance detect something that makes you suspect fraud, follow up swiftly and thoroughly. Find out if your concerns are valid, and if so, ensure those involved are brought to justice.
Our 2012 survey results showed only 39 percent of fraud incidents were reported to law enforcement agencies. All that work to build the right controls and culture will be undone if fraud is swept under the carpet.
Bringing fraud into the open sends a message to other potential offenders: Fraud will not be tolerated in any way in your organisation. Bad news for fraudsters; great news for you and your communities.
This article was first published in the April 2017 issue of NZ Local Government Magazine.