Developing an Integrated Anti-Fraud, Compliance, and ......Developing an Integrated Anti-Fraud,...

© 2020 Association of Certified Fraud Examiners, Inc.

Developing an Integrated

Anti-Fraud, Compliance, and

Ethics Program

Developing Anti-Fraud,

Compliance, and Ethics Policies


Discussion Questions

1. What policies are included as part of your

organization’s anti-fraud, compliance, and ethics

program?

2. Are your policies tied to your organization’s

mission statement and core values?

3. How do you ensure that employees understand

their responsibilities under these policies?


Developing Anti-Fraud,

Compliance, and Ethics Policies

▪ Formal policies:

• Clearly articulate management’s expectations.

• Provide supporting guidance to employees in making

ethical decisions.

▪ Organization’s mission statement and core

values should be the foundations for policies:

• Board resolution on program and policies can help

underscore commitment to ethics.


Policies to Include

Code of business ethics and conduct

Anti-fraud policy

Whistleblower policy

Incident response plan

Executive-specific policies

Charters for ethics- and compliance-focused positions


Code of Business Ethics and Conduct

▪ Provides an underlying framework for ethical

behavior in an organization

▪ Communicates what management expects of

the staff and what the staff can expect of

management

▪ Reinforces company core values

▪ Defines a standard of conduct to guide

employees in making decisions



▪ Addresses potential ethical challenges and

provides mechanisms to assist with them

▪ Emphasizes use of good judgment

▪ Provides examples of prohibited actions

▪ Explains how to report suspected ethical

violations

▪ Discusses penalties for ethical violations

▪ Serves as a gateway to other policies and

procedures



▪ Should include input from both management

and employees

▪ Should be communicated to all personnel in

clear, simple language

▪ Should be long enough to address ethical risks

but short enough to keep the attention of the

audience

▪ Should be easily accessible for quick reference



Competition and antitrust

considerations

Compliance with applicable laws and regulations

Appropriate accounting practices

Conflicts of interest

Improper payments

Gifts and entertainment

Confidential information and trade secrets

Communications with competitors

Privacy of employee

communications

Use of company assets and resources

Political contributions

Social media useEmails and voice mails

Desks and lockers

Surveillance

Proprietary information

Document retention

requirements

Credit reports and employee background

checks



▪ Require employees to:

• Explicitly affirm that they read, understand, and

comply with code.

• Self-report any potential or existing conflicts of

interest.

• Report known instances of misconduct.

▪ The code must comply with legal requirements

(e.g., stock exchanges, SOX).

▪ Ethics policy and code of conduct might be the

same or two separate documents.


Anti-Fraud Policy

▪ Separate policy in

addition to the code of

business ethics and

conduct


Anti-Fraud Policy Components

▪ Policy statement

▪ Scope

▪ Responsibility for

fraud prevention and

detection

▪ Actions constituting

fraud

▪ Non-fraud

irregularities

▪ Reporting

requirements and

procedures

▪ Investigation

responsibilities

▪ Authorization for

investigation

▪ Confidentiality

▪ Disciplinary action


Whistleblower Policy

▪ Provides expectation for treatment of

whistleblowers and consequences for

noncompliance with policy

▪ States that reporting unethical conduct is part

of all employees’ fiduciary duty

▪ Applies to all employees, as well as outside

parties


Whistleblower Policy

▪ Include information about:

• Specific actions to be taken if individual has

knowledge of noncompliance

• Reporting mechanisms

• Types of allegations that can be reported

• Incentives or rewards for reporting

• Anti-retaliation stance

• Confidentiality of reports

• Expectation that reports will be made in good faith


Incident Response Plan

▪ Identifies the framework that management will

use if there is a detection or suspicion of fraud

▪ Not usually communicated to the entire staff

▪ Considerations to include:

• Who should be informed of a suspected violation?

• Who should investigate the incident?

• Who will determine what action to take against the

violator, and how will such action be determined?

• Who will be responsible and accountable for improving

identified control weaknesses?


Other Policies

▪ Executive-specific

policies

▪ Charters for

compliance- and

ethics-focused

positions


Other Policies


Writing the Policies

▪ Anchor the policies in

organizational values and

operational realities.



▪ Keep it short.

▪ Use simple

vocabulary.

▪ Include definitions.

▪ Be concise.

▪ Use active voice.

▪ Provide examples.

▪ Consider the

audience.

▪ Solicit feedback.



▪ Integrally involve legal

counsel in drafting and

reviewing the policies.


Distributing and

Communicating the Policies▪ Methods:

• New-hire paperwork

• Annual training

• Management memo

• Written copies

• Pamphlets

• FAQs

• Posters

• Company website

• Company intranet

▪ Goals:

• Easily accessible

• Memorable


Implementing the Policies

▪ Signed statements of compliance:

• New hires

• Annual for all staff

• Employees who engaged in unethical conduct

▪ Management certification of the program

▪ Periodic assessment and updates of policies


Implementing the Policies

▪ Application of policies to third parties:

• Write policies with third parties in mind.

• Make policies accessible to outside parties.

• Consider enacting a separate vendor and supplier

code of conduct.

• Require statements of compliance as a condition for

business.

Developing an Integrated Anti-Fraud, Compliance, and ......Developing an Integrated Anti-Fraud,...

Documents

Transcript of Developing an Integrated Anti-Fraud, Compliance, and ......Developing an Integrated Anti-Fraud,...