ISSUE 53 Expert Witness Journal - Journal - Page 47
l compliance/financial crime – what lessons are there
from the broader compliance/financial crime programme? What is their assessment of the business
culture? Where do they perceive the risks to be?
l service providers/contractor risks – are there
specific categories of service providers who pose a
higher risk, for example intermediaries, brokers, and
advisors in higher risk countries?
l legal – what allegations of fraud and other economic
crimes have they seen from past civil disputes? Has
civil fraud ever been alleged against the company? Are
they aware of any past criminal allegations against the
company or any individuals? Are there any risks of
potential compliance with contractual pricing terms?
l site/location risk – are there any sites/locations which
may be a higher risk for the misuse of equipment or
utilities?
l country risk – are there higher risks of fraud/
economic crimes associated with operations outside of
the UK? For example, any increased risk of false statements around obtaining visas, duty declarations,
licences to operate, currency controls?
l HR – have fraud allegations been raised in past
disciplinary or whistleblowing reports? Are bonus and
incentive schemes at risk of encouraging fraudulent
or dishonest practices? Are there any risks around the
accuracy of statements in applications/paperwork for
visas and other work approvals?
l M&A risk – does financial crime due diligence need
to be expanded in a deal context to reduce the risk of
the company inheriting a risk via an acquisition?
l sales risk – is there a higher risk associated with any
of the products, goods or services offered by the business? For example, where sales and marketing materials may be called into question? Are false statements
in tenders a risk area?
l internal audit – have any risks concerning fraud,
theft, financial statements, allocation of costs between
contracts, or governance been identified in past internal audit exercises? What control weaknesses have
they identified that would benefit from being looked
at again?
l contracting risk – is there any risk that the terms on
which the business is contracting with customers cannot be adhered to? Is the business engaging in public
sector contracts with open book provisions? Is there a
risk of non-adherence with those terms? Are there any
risks with discounts or rebate structures?
l finance – are there any risks around the preparation
of management accounts and statutory accounts
which would benefit from being reviewed? Are there
any invoicing practices that need to be looked at? How
confident are they in the company’s revenue recognition practices? Are they aware of any questionable cost
allocation practices? What controls are there around
the accuracy of audit representations?
l higher risk communications – are there any risks
concerning the accuracy of statements to regulators,
auditors, insurers, banks and investors?
l fraudulent trading risk – could any business practices be viewed as dishonest by creditors or customers?
l sales functions – what controls are there around the
accuracy of statements in sales materials, proposals
and tender documents? Hypothetically, if a salesperson wanted to secure a contract or bid, is there a way
they could do so fraudulently, for example, by putting
false information in a bid? What controls are there to
prevent that from occurring?
l controls – what controls currently exist within the
business to reduce the inherent fraud risks that have
been identified – for example, tender rules; dual sign
off arrangements; divisions of responsibilities; other
governance and oversight approvals; on-boarding systems/controls/due diligence for service providers; contractual controls; financial controls; whistleblowing
procedures; training; and internal compliance reviews
and audits.
l team/site/office project leaders – hypothetically, if
there was a team leader who was under pressure or
wanted to increase revenues and profits or to hit certain metrics, how would they achieve it by means of a
fraudulent practice? Are there any risks of such things
as inflated timesheets, double counting services or
products when invoicing, or movement of costs between contracts? Is there any risk of not adhering to
“open book” provisions or contractual terms on “cost
plus” contracts? Are there any risks of theft/misuse of
materials allocated to a project or which a customer
has paid for? Are there any risks of diversion or misuse of utility supplies – water, electricity, gas – at office,
site, or project level?
Stage 3: developing reasonable procedures
The risk assessment will inform the procedures that
are reasonable for the business to put in place. Many
organisations will already have procedures in place for
risk areas which are likely to be capable of being
extended to address wider economic crime risks.
A reasonable procedures framework should be
developed, proportionate to perceived risk. It might
include:
l documented risk assessment which is reviewed and
updated;
l costs/billing teams – if a project or team wishes to
engage in over-charging is there any means to do it?
What controls would prevent that from arising?
l code of ethics/conduct to cover the new failure to
prevent economic crime offence and/or a group-wide
financial crime policy statement and guidance;
l compliance procedures covering economic crimes;
When planning the risk assessment workshops, key
risk areas to consider are:
l employee risks – where are the key areas where an
employee might engage in fraudulent practices to
benefit the business? Which employees may have an
incentive or the means to commit fraud to benefit the
company?
EXPERT WITNESS JOURNAL
l delegations of authority; divisions of responsibility;
and dual authorisations;
l tender and bid content assurance;
45
F E B R UA RY 2 0 2 4