Policy on Fraud Prevention and Detection

Transcription

1 Status: Approved Custodian: Director: Finance and Administration Date approved: Decision number: SAQA 0893/11 Implementation date: Due for review: File Number: 1

2 Table of Content 1. BACKGROUND PURPOSE OWNERSHIP SCOPE OF PRACTICE RELATED PROCEDURE TYPE OF POLICY DEFINITION INTRODUCTION PRINCIPLES SCOPE OF APPLICATION... 6 System of Internal Control... 7 Line Managers... 7 Internal Audit... 8 Staff responsibilities... 8 Personal conduct LEGISLATION AND ORGANISATION POLICIES AND PROCEDURES FRAUD PREVENTION COMMITTEE STRATEGIC CONSIDERATION FRAUD REPORTING POLICY AND PROCEDURE FAILURE TO REPORT OR DISCLOSE ADMINISTRATION

3 1. BACKGROUND 1.1 No organisation or administrative process is free of risk. It is management s responsibility to identify and control the risks that the organisation faces. Risk may be defined as the chance of an unwelcome outcome and may cover a wide range depending upon the nature of the organisation s business. 1.2 Risk, in the context of managing fraud, is the vulnerability or exposure an organisation has towards fraud and irregularity. It combines the probability of fraud occurring and the corresponding impact measured in monetary terms. It is desirable to minimise risk both by reducing the probability of fraud occurring and by reducing the size of any consequential losses. Preventive controls and the creation of the right type of corporate culture will tend to reduce the likelihood of fraud occurring while detective controls and effective contingency planning can reduce the size of any losses. 1.3 An organisation can be exposed to risk in a number of ways: Internal Fraud This is fraud perpetrated by individuals inside the organisation and is most often carried out by staff that have access to moveable or liquid assets, such as cash or inventories. It is likely that the risk of fraud and its scale will increase if the member of staff is able to conceal the irregularities by having access to accounting records. It may be opportunistic, although it may also be planned and committed over a long period. Many organisations experience internal fraud that is committed by the Chairperson or Executive Officer. Authoritarian behaviour on the part of the Chairperson or Executive Officer coupled with attempts to override internal control procedures is usually an indication that this type of fraud is taking place. SAQA has an internal control procedure to assist employees in the event of this type of behaviour External Fraud This is fraud that is perpetrated by individuals outside the organisation and covers activities such as burglary, theft, deception and computer hacking. It is very often systematic and continuous, stemming from the inherent problem of safeguarding some types of systems against attack Collusion This type of fraud involves two or more parties, either internal only or internal and external working together. This type of fraud can be difficult to detect, as controls may at first appear to be working satisfactorily. 3

4 2. PURPOSE 2.1 The objective of this policy, together with the charter of ethics and values, is to engender and promote an ethos of honesty and integrity in SAQA. 2.2 While the purpose of this policy is to guide and assist the members, management and employees of SAQA, to limit exposure to, and thus to prevent fraud being perpetrated, it recognises that the best preventive measures may not be sufficient to prevent determined fraudsters from defrauding SAQA and the policy is therefore supported by a Fraud Reporting Policy and a Fraud Reporting Procedure. 2.3 SAQA commits itself to total combat of fraud and other acts of dishonesty. No fraud against the organisation will be tolerated. All alleged fraud will be investigated and all transgressors will be brought to account through both the disciplinary and legal channels, to the fullest extent possible. 2.4 All employees are required to report known or suspected fraud or other improprieties using the Fraud Reporting Procedure. 3 OWNERSHIP The Finance and Administration Directorate is the custodian of this policy. 4 SCOPE OF PRACTICE This policy applies to all custodians of existing policies and procedures and appointed custodians of new policies and procedures. 5 RELATED PROCEDURE There is no Procedure that relates to this Policy. 6 TYPE OF POLICY This Policy is of a strategic nature. 7 DEFINITION 7.1 According to LAWSA (Law of South Africa) Fraud is defined as the unlawful and intentional making of a misrepresentation which causes actual prejudice or which is potentially prejudicial to another. The traditional definition of fraud described the crime as a wilful perversion of the truth made with intent to deceive and resulting in actual or potential prejudice to another : Gardiner and Lansdown, Criminal Law and Procedure. 4

5 7.2 For practical purposes, fraud may be defined as the use of deception for the purpose of obtaining an advantage, avoiding an obligation or causing loss to another party. The International Federation of Accountant s International Standard on Auditing (ISA) 240 Fraud and Error gives more background information on the meaning of fraud and distinguishes between fraud (deliberate falsification) and errors (unintentional mistakes). Fraud therefore does not include mal-administration, incapacity or inefficiency, which must be prevented and managed through performance management and other methods. 7.3 The term Fraud is commonly used to describe such acts as deception, bribery, forgery, extortion, corruption, theft, conspiracy, embezzlement, misappropriation, false representation, concealment of material facts and collusion and includes, but is not limited to the matters set out in Appendix A. 8. INTRODUCTION 8.1 The Treasury Regulations that took effect from 15 March 2005 in terms of the Public Finance Management Act, 1999 requires the following in terms of Section : The corporate plan must cover a period of three years and must include (e) a fraud prevention plan. Although Section 29 does not apply to SAQA, the Authority has decided to comply with it. 8.2 The fraud prevention policy of SAQA is therefore founded to meet the requirements of the PFMA and in so doing, limit the exposure of the organisation to fraud and corruption. 8.3 The Chief Executive Officer together with the Chief Financial Officer is responsible for establishing the internal control system designed to counter the risks that the organisation faces. Together they are accountable for the adequacy and effectiveness of these arrangements. Managing fraud risk should be seen in the context of the management of this wider range of risks. 9. PRINCIPLES 9.1 In support of its efforts to promote an ethos of honesty and integrity, SAQA subscribes to and endorses the Seven Principles of Public Service. 9.2 Persons involved in service to the public should: Selflessness take decisions solely in terms of the public interest. They do not do so in order to gain financial or other material benefits for themselves, their families, or their friends. Integrity not place themselves under any financial or other obligation to outside individuals or organisations that might influence 5

6 them in the performance of their official duties. Objectivity Accountability Openness Honesty Leadership in carrying out public business, including making public appointments, awarding contracts, or recommending individuals for rewards and benefits, make choices on merit. submit themselves to whatever scrutiny is appropriate to their office as they are accountable for their decisions and actions to the public. be as open as possible about all the decisions and actions they take. They should give reasons for their decisions and restrict information only when the wider public interest clearly demands. declare any private interest relating to their public duties and take steps to resolve any conflicts arising in a way that protects the public interest, such as removing themselves from any involvement in any way whatsoever in the matter. promote and support these principles by leadership and example. 9.3 SAQA has adopted a holistic and integrated approach to fraud, which includes prevention, investigation, prosecution and transparency as the platform for its Fraud Prevention Policy. 9.4 SAQA views fraud of whatever nature, and irrespective of the size of the fraudulent acts, as extremely serious and has adopted a zero tolerance attitude to fraud. The sanction in the case of any disciplinary actions taken with respect to proven fraudulent acts by SAQA staff will, in most cases, be dismissal. 9.5 SAQA seeks and employs good national and international practices and conventions in its policy to prevent fraud. 9.6 The fraud prevention policy is supported by regular risk assessment and comprehensive education, training and awareness. 9.7 The fraud prevention policy is expressed in terms of measurable and time-bound implementation targets. 10. SCOPE OF APPLICATION 10.1 The policy applies to all employees, Authority members and suppliers to SAQA and shall be used to manage fraud, corruption and any other acts of dishonesty against the organisation. 6

7 10.2 SAQA requires all members of the Authority and staff at all times to act honestly and with integrity and to safeguard the public resources for which they are responsible. Fraud is an ever-present threat to these resources and hence must be a concern to members of the Authority and staff. The purpose of this statement is to set out the policies regarding both the prevention of fraud and the action to be taken where a fraud is detected or suspected. System of Internal Control 10.3 The Authority is responsible for ensuring that adequate accounting records and an effective system of internal control are maintained. To enable the Authority to meet its responsibilities, management maintains a system of internal control designed to provide reasonable assurance, in a cost-effective manner, that assets are safeguarded and transactions are performed and recorded according to SAQA policies and procedures. The Audit Committee is charged with ensuring that the system of internal control is adequate The Authority, through the Audit Committee and internal auditors, ensures that there is an ongoing process for identifying, evaluating and managing the significant risks faced by SAQA The system of internal control is designed to counter the risks that SAQA faces. Managing fraud risks must be seen in the context of the management of this wider range of risks Where a fraud has occurred management must make any necessary changes to systems and procedures to ensure as far as possible that similar frauds will not recur. The investigation may have pointed out where there has been failure of supervision, breakdown or an absence of control. Internal Audit must be available to offer advice and assistance on matters relating to internal control, if appropriate. The Executive Officer will disseminate the lessons learned from the experience in cases where there may be implications for the organisation as a whole. Line Managers 10.7 Line Managers are responsible for ensuring that an adequate system of control exists within their areas of responsibility and that controls operate effectively. The responsibility for the prevention and detection of fraud, therefore, rests primarily with managers. There is a need for all managers to assess the types of risk involved in the operations for which they are responsible; to review and test the control systems for which they are responsible regularly; to ensure that controls are being complied with and to satisfy themselves that their systems continue to operate effectively. 7

8 Internal Audit 10.8 Internal Audit is available to offer advice and assistance on control issues as necessary. In terms of establishing and maintaining effective controls it is generally desirable that: there is a regular rotation of staff in key posts; wherever possible, there is a separation of duties so that control of a key function is not vested in one individual; backlogs are not allowed to accumulate; and in designing any new system, consideration is given to building in safeguards against internal and external fraud. Staff responsibilities 10.9 Every Authority member and member of staff has a duty to ensure that public funds are safeguarded, whether they are involved with cash or payments systems, receipts, inventories or dealings with contractors or suppliers. Staff must alert their line manager where they believe the opportunity for fraud exists because of poor procedures or lack of effective oversight. In addition, it is the responsibility of every member of staff to report details immediately to their line manager or next most senior person or to the Chairperson of the Fraud Prevention Committee if they suspect that a fraud has been committed or see any suspicious acts or events. Staff must also assist in any investigations by making available all relevant information and by co-operating in interviews. Personal conduct As stewards of public funds Authority members and SAQA staff must have and be seen to have, high standards of personal integrity. Members and staff should not accept gifts, hospitality or benefits of any kind from a third party, which might be seen to compromise their integrity. SAQA subscribes to the seven principles of public service. 11. LEGISLATION AND ORGANISATION POLICIES AND PROCEDURES 11.1 This policy will not contravene or replace, but work hand in hand with, the PFMA, National Treasury Regulations and SAQA s other existing policies and procedures. 8

9 12. FRAUD PREVENTION COMMITTEE 12.1 SAQA has a Fraud Prevention Committee consisting of the Chief Executive Officer (Chairperson), the Deputy Executive Officer, the Chief Financial Officer and one other Director appointed by the Chief Executive Officer Should the Committee be dealing with an investigation involving the conduct of a member of the Committee, such person is precluded from serving on the Committee while it deals with such investigation The Chief Executive Officer shall appoint a Director to replace the person precluded. Should the Chief Executive Officer be the person precluded, the committee will be chaired by the Chair of the Authority or his or her delegate The remaining members of the Committee must co-opt a person to replace the person precluded for the purposes of dealing with the investigation. The co-opted person must be a member of the Authority if the ineligible person is a member of the Authority, or another director if the ineligible person is one of the two Directors The Committee will only meet at the request of the Chair of the Committee, the Chief Executive Officer, the Audit Committee or the Board or to consider reports by investigators. 13. STRATEGIC CONSIDERATION 13.1 Besides being a requirement of the PFMA, risk assessments, both formal and informal, are essential elements of any fraud prevention policy. The evaluation of the risks involved in all operations and situations must become a habit and second nature to all staff and management and to this end it forms part of the performance contracts of management and the relevant employees While a formal fraud prevention policy is essential, the prevention of fraud must become an integral part of all operational plans Employees and others who are involved in fraud must be prosecuted to the full extent of the law. SAQA reserves the right to have employees, Authority members, people and organisations that have dealings with SAQA, checked for criminal records before they are officially involved with SAQA The concept and practice of ethics management is promoted. In order to establish such an ethical culture, Authority members, management and employees together must believe: that SAQA is honest and ethical in its business dealings, including dealings with stakeholders, customers, suppliers and employees; that SAQA treats them with respect, rewards them fairly, imposes discipline fairly, and where, regrettably, redundancy becomes necessary, exits them fairly; 9

10 that fraud prevention is a common objective throughout the organisation at all levels, that they have been trained to play their part in the fight and that their efforts are acknowledged; that if fraud is suspected, the perpetrator can expect the most rigorous investigation and if found guilty, a severe sentence Where professional and other bodies require ethical behaviour from their members, staff who are eligible for membership of such bodies are encouraged to become members of such bodies SAQA is involved in and with anti-fraud and anti- corruption organisations A comprehensive awareness campaign supported by education and training is part of the overall policy to prevent fraud. 14. FRAUD REPORTING POLICY AND PROCEDURE 14.1 It is important that managers know what to do in the event of a fraud so that they can act without delay The objective of fraud reporting policy and procedure is to ensure that timely and effective action can be taken: to prevent losses of funds or other assets and to maximise recovery of losses where fraud has occurred; to minimise the occurrence of fraud by taking rapid action at the first signs of a problem; to identify the fraudsters and maximise the success of any disciplinary or legal action taken; to minimise any adverse publicity for the organisation, suffered as a result of fraud; to identify any lessons learnt and use these to prevent fraud in the future; and to reduce adverse impacts on the business of the organisation The existence of a fraud reporting policy and procedure may, in itself, help to act as a deterrent as it shows that SAQA is prepared to defend itself against the risk of fraud. 15. FAILURE TO REPORT OR DISCLOSE 15.1 An employee who becomes aware of fraud, corruption, or any other dishonest act(s) perpetrated by an employee, Authority member or supplier, but fails to report it, or refuses to cooperate with the investigation of a reported incident, can be held accountable and subject to disciplinary procedures. 10

11 16. ADMINISTRATION 16.1 The Fraud Prevention Committee is responsible for the administration, interpretation and application of the Fraud Prevention, Detection and Reporting Policies. It is also responsible for reviewing the above policies and making proposals to the Audit Committee in connection therewith. The policy will be reviewed at least every three years and revised as needed. 11

12 APPENDIX A EXAMPLES OF FRAUDULENT ACTS: Impropriety in the handling or reporting of money or financial transactions; Profiteering as a result of abuse of privileged information; Bribery that involves the promise, offering of giving of a benefit that improperly affects the actions or decisions of a person/organisation in its relations with SAQA; Extortion where a person or entity is coerced into providing benefit in exchange for acting (or failing to act) in a particular manner; Abuse of positions of power to benefit oneself or another party, or to improperly discriminate against another party; Breach of trust to benefit oneself or another party, or to improperly discriminate against another party; Failure by a person to declare and/or remove him or herself from a situation where there is a conflict of interest between them, their family or organisation that stands in a relationship with SAQA; Accepting of material value from contractors, vendors or persons providing services/materials to the organisation, unless this is done in terms of the SAQA Policy on the receipt of gifts by SAQA staff; Seeking anything of material value from contractors, vendors or persons providing services/materials to the organisation; Embezzlement involving the theft of resources by persons entrusted with the authority and control of such resources; and Wilful destruction, removal or inappropriate use of records, furniture, fixtures and equipment. Any similar or related inappropriate conduct which results in lost revenue, material loss or cost to the organization, loss of trust or confidence in dealing with the organization and which distorts the formulation of public policy and provision of services. For a more detailed list of examples of the types of fraud to which SAQA may be exposed, see Appendix B. 12

13 APPENDIX B EXAMPLES OF FRAUD: The term Fraud is used in its widest possible meaning, and is intended to include all aspects of economic crime, corruption and acts of dishonesty. The following are examples of the types of fraud that SAQA may be exposed to and which will expose the employee to disciplinary or legal action. This list is not intended to be exhaustive. Payroll Fraud Ghost employees Paying for employees who do not exist; Resigned, retired or dismissed employees or removed from the payroll timeously; Paying employees who did not work for that particular period; Employees receiving two salaries. Overtime Claiming overtime that was not worked; Crediting employees for unauthorised overtime; Overtime manipulated Crediting for overtime that was not worked (false claim). Claims/Advances Employees claiming but not having attended the courses or meetings; False claims No vouchers/supporting documentation; Inflated mileage and meals costs Leave Forms not submitted or processed; No supporting documentation; Records manipulated Unauthorised Master File Amendments Unauthorised promotion or salary increase; Unauthorised merit awards; Eliminate Debt (wipe-out or reduce). False payslips issued. 13

14 False qualifications or certificates by employees. Procurement Fraud False/duplicate invoices Paying for goods that were not supplied. (Collusion with suppliers). Duplicate submission of invoices Change invoice amount or resubmit invoice for duplicate payment. VAT Fraud Paying vat to vendors that are not registered; Claiming VAT where not paid Cancelled invoices; Wrong VAT % or amounts. Forging alternative quotes or asking the same vendor to supply more than one quote. Supplying the vendor with information to ensure that they provide the lowest quote. Receiving bribes or courtesies from vendors. Splitting orders or inflating orders. Channelling SAQA business to own company or one in which the staff member has a financial interest. Nepotism or favouritism. Unnecessary purchases or fruitless expenditure. Purchasing personal items on SAQA s account. Price adjustments. False Specifications. Kickbacks or Corruption. Order Book Manipulation and unauthorised orders. Inferior Goods or Inflated Prices. Tender - manipulated tender process - selective advertising - passing on confidential information to bidders - eliminating better tenders - not going to tender as specified in the procurement policy of SAQA - falsifying documents 14

15 Motor Vehicles Fraud - falsifying recommendations to the procurement committee Petrol account abuse Repairs or panel beating - using SAQA account for own fuel purchases or vehicle - siphoning out petrol from SAQA vehicles - using false number plates - cashier scams - unjustified repairs - inflating repair costs - requesting payment for parts not fitted in the vehicle - using parts paid for by the organisation for own vehicle - falsifying transactions for cash False theft or Hi-jacking of SAQA vehicles Commercial abuse Vehicle - unnecessary or unauthorised taxi, car or vehicle hire - unauthorised use of vehicle for private purposes Accounts receivable / bookkeeper / cashier schemes Rolling debtors stealing cash and misappropriating receipts. Unauthorised account write-offs. Account manipulation. Using suspense accounts for clearing debtor s accounts Unauthorised discount schemes Unauthorised Credit notes Falsifying returns Abuse of SAQA s assets False scrapping of SAQA Vehicles Abuse of Telephone Abuse of Cell phone Abuse of Computer 15

16 Abuse of or Internet Theft - cash - stores - office supplies (e.g. tea, coffee, stationery) Abuse of Office Corruption Selling SAQA s confidential information Use of SAQA information for own benefit Use of position in SAQA to obtain personal favours from third parties Use of position in SAQA to coerce other employees into committing fraud Cheque Fraud Counterfeit cheque - duplication Altered cheques - payee (washing) - amount - date. Forged signatures False endorsements RD/payment stopped/no funds/account closed Computer Fraud Unauthorised access Hacking Unauthorised - change of data - change of programmes - master file - deletion of records Theft of Information Virus 16

17 Corruption Corruption Extortion 17