Part 2: Detailed results for State-owned enterprises

Summary of our fraud survey results for State-owned enterprises.

Preventing fraud

Having the right framework to prevent fraud means having a code of conduct and policies about fraud, protected disclosures, receiving gifts, and using credit cards. It means making it safe and easy for staff to talk about fraud and raise any concerns or suspicions. It also means having fraud controls that are reviewed regularly, carrying out due diligence checks of suppliers, doing pre-employment screening, and providing staff with fraud awareness training.

Code of conduct and policies

Graph of Got a fraud policy. Most respondents said that their SOE had a fraud policy (82%) and a code of conduct (92%). The percentages dropped when respondents were asked whether these were regularly communicated – only 64% said they received regular communication about their fraud policy, and only 68% were regularly reminded about their code of conduct.

A similar number of respondents (85%) said that their SOE had a protected disclosures policy. Although this is a comparatively high percentage (the percentages for the wider central government sector and all public entities were 75% and 71% respectively), every public entity is legally required to have a protected disclosures policy.

Most respondents (92%) said that their SOE had a clear policy on accepting gifts or services. This percentage was similar to that of other central government respondents (90%), but considerably higher than the percentage for all public sector respondents (71%). We note that this question in the survey generated significantly more "free text" responses than any other question. It was clear to us that many respondents had unanswered questions, regardless of the clarity of their policy.

In our view, the most important matter is the conflict of interest risk – SOE staff should always decline a gift if accepting it could influence, or be seen as influencing, their decision-making. And gifts need to be recorded in a gifts register.

Clear and consistent policies, and messages about those policies, can prevent inappropriate behaviour, provide guidance to all staff, and ensure that everyone understands their role in, and responsibility for, preventing fraud.

Graph of Manager understands fraud responsibilities?

Clear roles and responsibilities

Although the culture modelled by the leaders of an entity is critical, preventing fraud is not the responsibility of any one person. Most SOE respondents (92%) were confident that managers understood their responsibilities for preventing and detecting fraud. This percentage was slightly higher that that of other central government respondents (88%) and all public sector (89%) respondents. However, as with respondents in other types of public entities, fewer SOE respondents (71%) said that all staff understood their responsibilities for preventing and detecting fraud.

In our view, all employees need to understand their roles and responsibilities so that a culture receptive to discussing fraud can be supported and maintained.

Graph of Willing to raise concerns and taken seriously.

Environment receptive to conversations about fraud

Most respondents (83%) worked in an environment where staff were encouraged to come forward if they saw or suspected fraud. Most (94%) said that they could do so knowing that their concerns would be taken seriously and without fear of retaliation. The percentage answering "Yes" to this question was almost the same as it was in the wider central government sector and the public sector overall (95%).

Fraud controls

Fraud most commonly occurs when controls are inadequate and when staff do not comply with policies and procedures. Although entities should be able to trust their employees to do the right thing, having trusted employees is not a fraud control. The likelihood of being discovered is often a strong deterrent for those contemplating wrongdoing, so internal controls and culture play a critical role in preventing and detecting fraud.

The pace of change in many work environments means that the process of ensuring that fraud controls align with the business should be an ongoing exercise.

Only 79% of respondents said that their SOE regularly reviews its fraud controls, but this percentage was higher than that for the central government sector (70%) and for the public sector as a whole (67%). If an entity does not regularly review its fraud controls, it could mean that some of the fraud controls are no longer effective, because systems and processes change over time. To work effectively, fraud controls need to be reviewed annually or every two years.

Graph of Due diligence checks.

Due diligence checks and pre-employment screening

Many frauds occur through the use of fake suppliers and suppliers with a close personal relationship with an employee. Carrying out due diligence checks can help to mitigate the risk that suppliers can pose. Some examples of due diligence checks are:

  • removing unused suppliers from the system;
  • requesting references or credit checks; and
  • regularly monitoring the changes to supplier details.

The percentage (60%) of SOE respondents who said that due diligence checks were carried out was higher than the result for the wider central government sector (51%) and the whole public sector (48%). In our view, all public entities should be carrying out due diligence checks on new suppliers.

Graph of Pre-employment screen with criminal history checks.

Most often, it is trusted employees who commit fraud. Trusting employees is important, but to trust without first ensuring that it is appropriate to do so exposes SOEs to unnecessary risk.

SOEs appear to be more prudent than public entities in the central government sector, with a greater percentage of respondents (66%) saying that new employees undergo pre-employment screening that includes a criminal history check.

Fraud awareness training

Even the most diligent employees might not identify a fraud if they have not had training. Knowing where to look and what to look for can be difficult. Only 30% of SOE respondents had received fraud awareness training at their current workplace. For more than a quarter of those who had been trained (26.7%), the training occurred more than two years ago.

By combining due diligence checks with awareness training and internal controls, any entity can foster a strong anti-fraud culture. Raising awareness of fraud helps build a culture that is receptive to fraud conversations and encourages employees to come forward if they suspect anything.

Greater risk during tougher economic times

We note that 69% of all respondents did not feel that their entity had a change in risk because of the current economic climate. Experience internationally generally confirms that recessionary economic climates – when staff feel less secure in their employment and increasingly under pressure – present a greater fraud risk. Fraud increases because of "need" rather than "greed".

At the time of our survey, respondents in SOEs (96%) felt more secure in their employment than workers elsewhere in the public sector, and also reported lesser rates of feeling under pressure to "do more with less" (60%).

Questions 1 to 15 in Appendix 1 set out the survey response data about fraud prevention.

Graph of proactive steps to reduce identified fraud risks?

Detecting fraud

Responding to risks

Survey participants were asked whether their entity takes proactive steps to reduce any risks when fraud or corruption risks are raised. The percentage of "Yes" responses was higher among SOE respondents (98%) than central government respondents (94%) and all public sector respondents (87%).

Monitoring credit card spending

SOE respondents said that their organisation was closely monitoring credit card spending, and the rate of "Yes" responses (98%) was higher than it was for other central government respondents (94%) and all public sector respondents (90%).

Monitoring staff expenses

All SOE respondents were certain their organisation closely monitored staff expenses. The rate of "Yes" responses (100%) was higher than the rate of 97% for other central government respondents and for all public sector respondents.

Questions 16 to 22 in Appendix 1 set out the survey response data about fraud detection.

Responding to fraud

Graph of Told when fraud discovered?

Telling staff about incidents of fraud

Less than a third of the SOE respondents said that their senior managers told all staff about incidents of fraud. Half of the respondents said that their senior managers did not do this.

Communicating with staff is vital in raising awareness about fraud. Greater awareness makes it easier for staff to be vigilant, can confirm the organisation's "zero tolerance" approach to fraud, and helps to maintain an environment where it is easy for staff to speak up about risks and raise any concerns.

Referring suspected fraud to the appropriate authorities

Most respondents (72%) expected that suspected fraud would be reported to the appropriate authorities. This expectation was slightly lower compared with other central government respondents (76%) and all public sector respondents (78%).

Only 22% of the most recent incidents of fraud were reported to the appropriate authorities.

We know that many entities are reluctant to bring criminal charges against their employees, because of materiality – but also because of the time and costs of preparing a case, resolving matters in the courts, and a perception that fraud is a low priority for the Police.

Graph of Inappropriate credit card spending is taken seriously.

However, all public sector entities are expected to consider reporting fraud to the appropriate authorities. We encourage all SOEs to do this.

Any decision made not to respond to fraud can erode staff confidence in the senior management team. It can create a perception that managers are not committed enough to preventing fraud and discourage staff from reporting their concerns. Taking no action when fraudulent behaviour occurs also increases the risk that an employee suspected of committing fraud could move to another public entity and continue their dishonest behaviour.

Graph of inappropriate staff spending is taken seriously.

Credit card and expense claim fraud

Respondents were confident that their SOE would take inappropriate credit card spending seriously and discipline the person involved (94%). This affirmative response rate was higher than that of respondents in the wider central government sector (86%) and the public sector overall (83%).

There was a similar response when SOE staff were asked whether inappropriate expense claims were taken seriously and resulted in disciplinary action. The affirmative response rate of 94% was also higher than the 86% response rate of those in the wider central government sector and the public sector overall.

Graph of Will take appropriate action to recover money lost through fraud.

SOE respondents were confident (94%) that action would be taken to recover any misappropriated funds. This finding was similar to that within central government (91%) and of all of the public sector (93%). A clear process to recover funds shows the seriousness with which fraud is taken.

Questions 23 to 31 in Appendix 1 set out the survey response data about fraud responses.

page top