Corruption Prevention Network - Discussion Groups

Note to Members

The Corruption Prevention Network (CPN) is a network of individuals who are willing to learn from one another, and to share knowledge in fraud and corruption prevention areas.

CPN’s primary objective is to educate subscribers through:

  • the lunch time seminars;
  • the monthly discussion groups; and
  • the annual forum.

Lunch time seminars are very popular and well attended.

The hour-long discussion groups provide an opportunity to raise awareness of issues associated with corruption prevention e.g whistle blowing, workplace culture and cyber security ethics. They are an excellent forum to share strategies in addressing these issues. Each panel is restricted up to (to a maximum of) twelve participants to ensure effective contribution. Discussions are structured around scenarios. Please find below some scenarios which have been discussed.

Scenario –  May 2024

Eric works in the audit department of a large department. He hears rumours that a large contract has been awarded to a company owned by one of the Executive’s family and that the Executive had involvement in the procurement process.

  1. What are the control measures that should be in place to ensure transparency in selection?

There should be a clearly defined procurement policy and procedures that set out how procurement is to be carried out through the planning, sourcing and management phases. The planning phase should include a proper assessment of the need, what the market can offer, the market value of what is to be procured so that appropriate selection criteria can be established. An appropriate strategy for approaching the market should be developed and a robust, fair and impartial process for assessing responses should be in place. This should all include documentation of decisions along the way so that any part of the process can be reviewed. Staff involved in the process should be made aware of their obligations and have the skills needed to carry out the procurement.

There should be a Code of Conduct & Ethics, a Conflicts of Interest Policy and a Conflicts of Interest Register. Participants in the procurement process should be asked to disclose any interests they have in the process, particularly, relationships they have with potential vendors. They should also be asked to certify that they have no interests in the matter if that is the case.

Very importantly there should be sufficient documentation of the process and rationale for the decisions or recommendations made to ensure that these can be reviewed and approved in accordance with the procurement policy. Depending on the scope of the procurement, some sort of independent oversight or review of procurement decisions may be necessary. For example, this could be in the form of an internal review by an independent procurement, technical or probity advisor or by a more senior officer. Independent selection of technical and/or commercial evaluation committee members can be helpful to ensure that a corrupt convenor is unable to improperly influence panel members.

Segregation of duties should be one of the guiding principles. It is generally not appropriate for one person to have end-to-end control of the entire process.

Regular audits and reviews of procurement activities.

There should be a business wide training and awareness programs for employees on ethical conduct and conflicts of interest. Those engaging in procurement activities may require skills development to do that competently and will also need to be made aware of the procurement process and what their obligations are within it.

  1. What should Eric do in the first Instance?

While Eric is an auditor, he is not an investigator. He should remain within the scope of the audit he is conducting. Unless he is directed to do so, he should not investigate the matter. Eric’s first steps should be to compile the information he has. In reviewing the information, he has, he should consider the relevant policies and procedures related to procurement and conflicts of interest to see if there are any compliance issues that could indicate some sort of wrongdoing.

If the information he has seems to support the rumours, he should immediately escalate the matter in accordance with the organisation’s policy and seek advice on how to proceed. If the information he has doesn’t seem to support the rumours, the rumours should still be documented and advice sort on how to proceed. It is possible that someone else knows more and is already investigating. Eric could compromise the investigation if he proceeds with the audit or starts to examine non-compliance issues. Often matters are escalated to the manager, but depending on the circumstances it may be better to raise the issue with the organisation’s governance unit, procurement unit or as otherwise indicated in the internal reporting policy. Reporting to an outside agency such as the NSW Independent Commission Against Corruption or using the organisations whistle-blower hotline are also options.

Eric should avoid discussing the matter with colleagues to maintain confidentiality and to avoid spreading unverified information. He should simply make a report as indicated above.

  1. On speaking with his superior Eric is told it was all in order, and that the potential conflict was declared, and to tell people to stop spreading false rumours.
  2. What is he to do?

If Eric is not convinced that the conflict of interest has been adequately managed, he can raise this concern with his manager and recommend further investigation.

If his superior insists that everything is in order despite Eric’s concerns, if he has a good faith belief based on reasonable grounds that what he has been told is untrue, he may need to escalate the issue to higher management, the organisation’s governance team or make a report to an external body such as the NSW Independent Commission Against Corruption. If he wants to draw on the protection from whistle-blower laws, he should ensure that he makes his report in accordance with the relevant laws in his State or Territory.

  1. What would be going through Eric’s mind?

In principle, integrity and acting ethically is always doing the right thing not because someone is watching but because it is the right thing to do. However

One can understand the challenges of going up against senior management, placing your own job in jeopardy but if one is honest and there is truth in the rumours then the potential conflict of interest involving a senior executive should be reported.

  1. A bit later after having made a decision not to do anything, a person in the procurement area complained to him that the Executive in question was asking questions about the procurement’s progress. 
  2. What are the red flags during the tendering, evaluation and selection process that Eric may have identified from the information provided?

Lack of transparency in the selection process.

Potential conflict of interest involving a senior executive.

Executive involvement in the procurement process, which could compromise objectivity.

Indications of undue influence or pressure on the procurement team.

  1. What should Eric do now?

Document the colleague’s complaints accurately.

Eric should continue to gather information and monitor the situation for further red flags or indications of impropriety.

Having taken that first step, he should then escalate the issue to his manager or another appropriate authority, highlighting the potential interference in the procurement process. Seek guidance from ethics or compliance advisors.

  1. What dilemmas is Eric facing?

Balancing ethical obligation with concerns about personal and professional repercussions. Fear of retaliation on his position and negative consequences for speaking up.

Concerns about the impact on his professional relationship and reputation.

Trusting provided information while considering associated risks.

Navigating organizational politics and power dynamics.

  1. You are a colleague of Eric and he has come to you for advice. How can you help?

Encouraging him to follow his conscience and ethical principles.

Advising him on available channels for reporting concerns, such as HR, an ethics hotline or an external investigative body such as the NSW Independent Commission Against Corruption.

Offering to accompany him when he raises the issue with higher management, providing moral support.

Reminding him of the potential consequences of inaction and the importance of upholding integrity in the workplace. In principle, integrity and acting ethically is always doing the right thing not because someone is watching but because it is the right thing to do.

Providing a listening ear and offering encouragement.

 

GENERAL POINTERS

What are the procurement and tendering procedures?

Who has authority to approve a procurement and what are the delegated financial limits? Does Eric have authority to review all purchasing processes?

Does the department have a Public Internal Disclosures or a conflict of interest policy? If so, how often is this communicated to staff?

Is there a complaints procedure that he could follow ie, raise the matter with his superior’s supervisor?

Did Eric make a file note of what transpired with the superior?

Were there any declarations noted as part of the tendering process?  

What whistleblower protections does the department have in place?

Who was involved in the tendering processes and what was the interrelation between those participants ie, known relationships/friendships/associations?

Some references:

 These include publications by ICAC:

 

Another one of the scenarios was about Bill an audit manager in a department with limited resources. He is asked by his boss how he is determining the amount of resources for prevention and in detection of fraud, and how he is prioritising the use of these resources?

·            What should Bill be considering when allocating resources to prevention or detection?

1.    Findings/Recommendations of previous audit reports

2.    Risk register, Complaints register, conflict of interest disclosure register, gift register, flow charts of high business processes such as those relating to procurement or outsourcing.

3.    Ethics and corruption control -related policies & procedures & internal reporting processes– when last    reviewed for currency

          4. Look at trends even in low risk areas eg sick leave

          5. How frequently is the whistleblower hotline (if there is one) being used and were the reports investigated?

·            How should he determine what types of detection and prevention mechanisms will be used?

1.    Guided by above, look at segregation of duties (SOD) – are the controls appropriate, sufficient, monitored to highlight deficiencies

2.    Training effectiveness & frequency

3.    Audit of input controls (routinely, how often checked) – valid, complete & accurate – intentional manipulation of financial records

4.    How long employees remain in jobs, do they take annual leave, staff profile

5.    Tendering process – is there any record of cost-benefit analysis being conducted where applicable?

·         How should he determine which sections to target with these mechanisms?

See above + past incidences history

·         How can he demonstrate the effectiveness of these mechanisms?

Review the fraud risk management program. All levels of staff should have:

1.     A basic understanding of fraud and be aware of red flags

2.     Understand role within the internal control framework (refer to ICAC Publications see below).

3.     Read and understand relevant policies, procedures, manuals

4.     Opportunity to discuss scenarios at team meetings

5.     Access to systems that allow people to share opinions, facts anonymously and safely

          6.  Conduct culture survey, interview staff to surface shadow values
 
Note all of the above need to be considered to understand the current situation, but they need to be compared over time to show that the adoptive mechanisms are effective.
 
·         How can he obtain assurance that he is actually understanding the real situation?
    Refer to ICAC publications :
“Assessing corruption control maturity (20 Feb 2023)” and “Mature corruption control: the key outcome of better practice (13 March 2023)”  to guide audit priorities

Senior managers sharing risks and mistakes re frame mistakes as learning opportunities – make them real.

Time taken for issues to surface – sometimes involve large amounts – red flags – show that controls are not working.

It should be noted, however, that even well-written policies and audit systems can fail when faced with organization-wide corruption. Complicit behaviour by keeping silent, aids and abets the main wrongdoer.

Another scenario is about Tim and his workmate Harry who recently joined the organisation. They both work in the same area of procurement in the organisation. Tim is a matter-of-fact person, whilst Harry is more sociable. Tim has noticed that Harry is very “matey” with his clients and Tim has a funny feeling that something is not right.

Tim is unsure what to do. If he asks Harry outright, it may spoil their working relationship. Alternatively, if he looks too closely at what Harry is doing, Harry may become suspicious and feel that something is wrong.

Tim finally goes to see his supervisor and tells him of his worries. The supervisor is not really interested in what Tim is saying and tells him he is worrying about nothing. This response does not surprise Tim, as he knows that the supervisor is not really interested as long as things are running okay, and will not want to rock the boat or draw attention to his section.

Interesting discussions took place around:

  • What should Tim do?
  • What should the company do?
  • Where do responsibilities lay?
  • What role does leadership & culture play?
  • What mechanism/systems/structures should be place at the company to help people in situations similar to Tim?

Key learnings were:

  • The importance of “tone at the top”
  • Situations are often “grey” because they may present ethical dilemmas.
  • Organisational sub-cultures may develop their own interpretation of the organisation’s values: these become “shadow values”
  • Encourage discussions of grey areas at team meetings to uncover shadow values and query whether these shadow values align with the organisation values.
  • The need to have robust internal channels that lie outside the usual chain of command.
  • The value in having sources of advice to deal with situations that lie outside the usual chain of command.

If you are interested in becoming part of a new group or joining an existing group depending on your interests, as a way forward we may just hold the discussion group on a specific topic so that those interested only in that topic would attend. If so, please forward to the secretary@corruptionprevention.net the following details:

  • Your contact details (name, and area you are working in)
  • Your ‘interest’ topics; and
  • Whether Wed or Fridays (it will be 12:30 pm -13:30 pm), and you will be placed on the waiting list.

Note the meetings are not every week but dependent on interest, on a monthly or bimonthly basis.

Join Our Network – Subscribe Below