“I wrote an article on this a few years ago and interviewed a few experts on fraud in non-profits and why it tends to go undetected for so long. One theory was that non-profits are too trusting and assume that people who work for them respect the spirit of charity that the organization is built on. Unfortunately this isn’t always the case and a lack of internal controls combined with the limited staffing typical of non-profits makes it easier for employees in accounts to steal. Accounts payable fraud seems to be among the most prevalent, possibly due to situations where due to staffing limitations, one employee is responsible for too many financial tasks without checks and balances. If you’re interested in reading the article, you can find it here: Fraud in Non-Profits”
Immunity from Termination
The one distressing development that we at 5wh are witnessing across many of our client organisations in Zimbabwe is what we have come to call “blackmail fraud”. In this situation, the fraudster – either amateur or professional and mostly in administrative or managerial position – commits acts of transactional or systematic non compliance as part of or adjacent to the fraud scheme.
When the fraud is detected, the fraudster calls attention to the non compliance issue. In many instances, because of the legal doctrine of vicarious liability, the non compliance issues tend to peril the employer more than the employee. In the end, employers are stopped from acting against the offender in a way they would have or what the Code of Conduct stipulates.
Though this is not a new phenomenon, we have seen that, with penalties getting so excessive (take tax penalties, for instance), it seems that even the smaller non-compliance issues give rise to this phenomenon of “non-terminability” or “immunity from termination”.
Where to Now?
An organization is a living entity which changes over time. As a result, the organization’s mission, goals and objectives must be regularly evaluated and periodically revised. Thus, internal control is an ongoing process known as the Internal Control Cycle. After an organization analyzes its goals and objectives to determine its risks, management must analyze these risks and evaluate the policies and procedures in the identified high-risk areas. Part of the management process includes monitoring the progress made toward meeting goals and objectives. Monitoring also helps to ensure the effectiveness of the organization’s internal controls and the effectiveness of the policies and procedures. Periodically, policies and procedures should be revised to mitigate risk and eliminate redundancy. They must also be communicated internally and externally, as necessary.
Everyone in an organization has responsibility for internal control.
Tone at the Top
Management’s attitude, actions, and values set the tone of an organization, influencing the control consciousness of its people. Internal controls are likely to function well if management believes that those controls are important and communicates that view to employees at all levels. If management views internal controls as unrelated to achieving its objectives, or even worse, as an obstacle, this attitude will also be communicated. Employees are aware of the practices followed by upper management including those that circumvent internal controls. Despite policies to the contrary, employees who note that their managers frequently override controls, will also view internal controls as “red tape” to be “cut through” to get the job done. Management can show a positive attitude toward internal control by such actions as complying with their own policies and procedures, discussing internal controls at management and staff meetings, and rewarding employees for following good internal control practices. Although it is important to establish and implement policies and procedures, it is equally important to follow them. In the “immunity from termination” scenario, the Code of Conduct is not only perceived to just another worthless document; it is in effect a hollow manuscript.
Management Ethics, Philosophy & Operating Style
An organization’s culture evolves from the values of its members and the culture, in turn, exerts a strong influence on the actions, decisions, and behaviors of all employees.
An ethical culture requires engaged employees and managers who understand why doing the right thing is important for the organization’s long-term viability; and they have the determination to see that in fact the right thing does get done.
What are some of the key attributes needed for an organization to be fully integrity-based?
• Employees feeling a sense of responsibility and accountability for their actions and for the actions of others.
• Employees freely raising issues and concerns without fear of retaliation.
• Managers modeling the behaviors they demand of others.
• Managers communicating the importance of integrity when making difficult decisions.
• Leadership understanding the pressure points that drive unethical behavior.
• Leadership developing processes to identify and remedy these areas where pressure points occur.
These attributes touch other aspects of the organization that go beyond the fundamental abilities of making a profit and maintaining high levels of quality and productivity: how well the organization adapts to change, or encourages employees to be engaged in decision making, how well the organization creates a collective sense of purpose around shared values. It is this broader set of skills and qualities that create the foundation needed to support an ethical culture. These higher-level behaviors are no longer “nice to haves.” These are the behaviors now demanded for survival in this economic environment of creative destruction.
Management’s philosophy and operating style affect the way the organization is managed. They determine, for example, whether the organization functions informally with verbal instructions or formally with written policies and procedures. They also define whether the organization is conservative or aggressive in its response to risks. In other words, they define the organization’s “risk appetite” or the level of risk that is acceptable to the organization. To be successful, the organization’s internal controls must be aligned with management’s philosophy.
Our summary advice is:
(a) Tone at the top.
(b) Making certain Internal Controls are operating as they should at all times. This calls for an independent monitoring function.
(c) Periodic Fraud Vulnerability Review (also known as Fraud Risk Assessment) which follow the pretence of “prevention is better than cure”. Here experts assist with the process of risk analysis that proceeds from threat assessment to threat evaluation to the selection of countermeasures designed to contain or prevent that risk.
(d) Effective, conclusive investigations where a fraud is suspected or detected.
About 5wh Audit
5wh is a relationship-oriented professional services company that provides the following solutions to business challenges:
Ø Internal Audits
Ø Forensic Audits
Ø Compliance Audits
Ø Due Diligence Investigations
Ø Business Systems Design, Development and Reviews
We work with business owners and leaders who are set on blowing away those constraints blocking their way to success. We also assist our clients isolate hidden economic assets in their business and determine specific projects to optimize and leverage those assets for greater profit and growth.
We know that the only way to turn your potential for success into actual success is to blow away the constraints that block your path.
© Caleb Mutsumba