The fraud response plan should include a formal commitment (policy) by the board on high legal, ethical and moral standards to be observed for purposes of ensuring that a proper ethical business culture is established within the organisation.
A fraud policy should demonstrate the determination of the organisation in fighting fraud (unethical behaviours) within an organisation. The fraud policy communicates the organisation’s tone at the top towards the risk of fraud. The policy may include the following among others;
- The responsibility for overall fraud management
- The communication channels
- The approach to follow in investing fraud
- Provision for staff training and awareness
The plan will include guidelines of how the staff will apply the fraud policy in responding to instances of fraud.
Aim of the Fraud Response plan
The aim of the plan is to give guidelines of the action to be to be taken by staff when the occurrence of a fraud is suspected. The plan should be devised with the aim of achieving the following;
- It should prevent further losses
- It should minimise loses and provides steps to recover some of the loses
- It should specify the communication system for suspected fraud
- It should assign responsibility for investigating frauds and including specifying mechanism for remedial action.
- It should give guidelines as to when to contact police and lines of communication to use.
Management of risk
The plan should fix the overall responsibility for the management of risk to the management team. The management team is therefore responsible for ensuring a strong internal control system is in place and is effectively operating. The controls should be established in areas where the possibility of fraud occurring is quite high and the controls should focus more on prevention and detection of frauds.
Role of internal auditor
The role of internal auditor is to ensure the internal control system is effectively working to prevent the occurrence of frauds. The internal auditor should also test the internal controls to ensure that they are strong enough to promptly detect the occurrence of frauds. The independence of the internal auditor in reporting to the board should be provided for.
Management should develop a booklet containing guidelines on the expected ethical behavior from staff. Staff are expected to live the core values of the organization and to comply with the regulatory framework. The guidelines will include advice on how decisions on ethical matters are made. The booklet will also guide staff on how they will report unethical behavior to responsible people. The consequences of ethical breaches should also be made clear to staff from the word go.
The plan should clearly spell out the responsibility for carrying out the fraud investigation. The reasons for the investigations including the following should be made clear from the outset;
- Determine the facts of the fraud
- Consider action against the involved staff
- Consider steps to recover the loss
- Enhance the internal control systems
It is important that the investigators are properly trained on how to investigate frauds including the collection and safe keeping of evidence. The evidence should be safely kept as it is the basis of taking disciplinary action against the affected staff.
John Muhaise Bikalemesa
Director: Big Drum Advisory Services Limited