Developing an Integrated Anti-Fraud, Compliance, and ......Developing an Integrated Anti-Fraud,...
Transcript of Developing an Integrated Anti-Fraud, Compliance, and ......Developing an Integrated Anti-Fraud,...
© 2020 Association of Certified Fraud Examiners, Inc.
Developing an Integrated
Anti-Fraud, Compliance, and
Ethics Program
Developing Anti-Fraud,
Compliance, and Ethics Policies
© 2020 Association of Certified Fraud Examiners, Inc.
Discussion Questions
1. What policies are included as part of your
organization’s anti-fraud, compliance, and ethics
program?
2. Are your policies tied to your organization’s
mission statement and core values?
3. How do you ensure that employees understand
their responsibilities under these policies?
© 2020 Association of Certified Fraud Examiners, Inc.
Developing Anti-Fraud,
Compliance, and Ethics Policies
▪ Formal policies:
• Clearly articulate management’s expectations.
• Provide supporting guidance to employees in making
ethical decisions.
▪ Organization’s mission statement and core
values should be the foundations for policies:
• Board resolution on program and policies can help
underscore commitment to ethics.
© 2020 Association of Certified Fraud Examiners, Inc.
Policies to Include
Code of business ethics and conduct
Anti-fraud policy
Whistleblower policy
Incident response plan
Executive-specific policies
Charters for ethics- and compliance-focused positions
© 2020 Association of Certified Fraud Examiners, Inc.
Code of Business Ethics and Conduct
▪ Provides an underlying framework for ethical
behavior in an organization
▪ Communicates what management expects of
the staff and what the staff can expect of
management
▪ Reinforces company core values
▪ Defines a standard of conduct to guide
employees in making decisions
© 2020 Association of Certified Fraud Examiners, Inc.
Code of Business Ethics and Conduct
▪ Addresses potential ethical challenges and
provides mechanisms to assist with them
▪ Emphasizes use of good judgment
▪ Provides examples of prohibited actions
▪ Explains how to report suspected ethical
violations
▪ Discusses penalties for ethical violations
▪ Serves as a gateway to other policies and
procedures
© 2020 Association of Certified Fraud Examiners, Inc.
Code of Business Ethics and Conduct
▪ Should include input from both management
and employees
▪ Should be communicated to all personnel in
clear, simple language
▪ Should be long enough to address ethical risks
but short enough to keep the attention of the
audience
▪ Should be easily accessible for quick reference
© 2020 Association of Certified Fraud Examiners, Inc.
Code of Business Ethics and Conduct
Competition and antitrust
considerations
Compliance with applicable laws and regulations
Appropriate accounting practices
Conflicts of interest
Improper payments
Gifts and entertainment
Confidential information and trade secrets
Communications with competitors
Privacy of employee
communications
Use of company assets and resources
Political contributions
Social media useEmails and voice mails
Desks and lockers
Surveillance
Proprietary information
Document retention
requirements
Credit reports and employee background
checks
© 2020 Association of Certified Fraud Examiners, Inc.
Code of Business Ethics and Conduct
▪ Require employees to:
• Explicitly affirm that they read, understand, and
comply with code.
• Self-report any potential or existing conflicts of
interest.
• Report known instances of misconduct.
▪ The code must comply with legal requirements
(e.g., stock exchanges, SOX).
▪ Ethics policy and code of conduct might be the
same or two separate documents.
© 2020 Association of Certified Fraud Examiners, Inc.
Anti-Fraud Policy
▪ Separate policy in
addition to the code of
business ethics and
conduct
© 2020 Association of Certified Fraud Examiners, Inc.
Anti-Fraud Policy Components
▪ Policy statement
▪ Scope
▪ Responsibility for
fraud prevention and
detection
▪ Actions constituting
fraud
▪ Non-fraud
irregularities
▪ Reporting
requirements and
procedures
▪ Investigation
responsibilities
▪ Authorization for
investigation
▪ Confidentiality
▪ Disciplinary action
© 2020 Association of Certified Fraud Examiners, Inc.
Whistleblower Policy
▪ Provides expectation for treatment of
whistleblowers and consequences for
noncompliance with policy
▪ States that reporting unethical conduct is part
of all employees’ fiduciary duty
▪ Applies to all employees, as well as outside
parties
© 2020 Association of Certified Fraud Examiners, Inc.
Whistleblower Policy
▪ Include information about:
• Specific actions to be taken if individual has
knowledge of noncompliance
• Reporting mechanisms
• Types of allegations that can be reported
• Incentives or rewards for reporting
• Anti-retaliation stance
• Confidentiality of reports
• Expectation that reports will be made in good faith
© 2020 Association of Certified Fraud Examiners, Inc.
Incident Response Plan
▪ Identifies the framework that management will
use if there is a detection or suspicion of fraud
▪ Not usually communicated to the entire staff
▪ Considerations to include:
• Who should be informed of a suspected violation?
• Who should investigate the incident?
• Who will determine what action to take against the
violator, and how will such action be determined?
• Who will be responsible and accountable for improving
identified control weaknesses?
© 2020 Association of Certified Fraud Examiners, Inc.
Other Policies
▪ Executive-specific
policies
▪ Charters for
compliance- and
ethics-focused
positions
© 2020 Association of Certified Fraud Examiners, Inc.
Other Policies
© 2020 Association of Certified Fraud Examiners, Inc.
Writing the Policies
▪ Anchor the policies in
organizational values and
operational realities.
© 2020 Association of Certified Fraud Examiners, Inc.
Writing the Policies
▪ Keep it short.
▪ Use simple
vocabulary.
▪ Include definitions.
▪ Be concise.
▪ Use active voice.
▪ Provide examples.
▪ Consider the
audience.
▪ Solicit feedback.
© 2020 Association of Certified Fraud Examiners, Inc.
Writing the Policies
▪ Integrally involve legal
counsel in drafting and
reviewing the policies.
© 2020 Association of Certified Fraud Examiners, Inc.
Distributing and
Communicating the Policies▪ Methods:
• New-hire paperwork
• Annual training
• Management memo
• Written copies
• Pamphlets
• FAQs
• Posters
• Company website
• Company intranet
▪ Goals:
• Easily accessible
• Memorable
© 2020 Association of Certified Fraud Examiners, Inc.
Implementing the Policies
▪ Signed statements of compliance:
• New hires
• Annual for all staff
• Employees who engaged in unethical conduct
▪ Management certification of the program
▪ Periodic assessment and updates of policies
© 2020 Association of Certified Fraud Examiners, Inc.
Implementing the Policies
▪ Application of policies to third parties:
• Write policies with third parties in mind.
• Make policies accessible to outside parties.
• Consider enacting a separate vendor and supplier
code of conduct.
• Require statements of compliance as a condition for
business.