The Practical Aspects of the Fight against Corruption

The fight against corruption is indeed a cardinal one for any society. Corruption at any level and by any other name is undeniably corrosive. It is the trademark of any retrogressive society. Every sane person knows it. That is why every leader, even those who seem to benefit from it, condemn it by day, even as they condone it by night. In 2015 then President Mugabe pronounced “zero tolerance to the scourge of corruption” even as Zimbabwe continued its descent on the global corruption scale. Today, similar declarations abound.

How do we tell the difference? How do we tell the real fight from the adulterated; reality from fake? Though the tune and the dance seem different from those of yesteryear, can the man in the street know for certain that now is the era of belling the cat? What’s the benchmark? After all, the picture for ages has been something like this:

Namely, the arrest of some political figure followed by a less dramatic acquittal, typically after a long time of an on-and-off-and-on-again appearance at this and that Court. This has had the regrettable result of the public having to question the bona fides of the allegations.

In practical terms, what is the fight against corruption? What does it entail? Talking about the establishment of special Corruption Courts, Justice, Legal and Parliamentary Affairs Minister Ziyambi Ziyambi said the courts would have no sacred cows. “We are going down to the roots of corruption,” he said. “No stone will be left unturned; even the so-called big fish who sometimes get away with corruption will be pursued. Further, these courts will ensure all corruption cases are dealt with expeditiously. There will be a united effort (my emphasis) among the NPA, JSC, Attorney-General’s Office, Zimbabwe Anti-Corruption Commission and police; and crack teams will be assembled where necessary.” (The Herald. 5 February 2018)

Needless to say, the fight against corruption is both proactive (preventative) and reactive. While the former is quiet and more effective, the latter is noisy, complex and costly. In the same Herald article, Zimbabwe Law Society president Mr Misheck Hogwe said that “It should be understood that corruption is one of the most complex crimes and needs a systematic approach” Indeed it should.

I did ask what the benchmark was. Let us have my take on that. To me it is the implementation of the last in the minister’s above sentences: a bona fide united front in this fashion:

While public debates of allegations, arrests, prosecutions and outcomes make all sorts of headlines and get official attention as well as funding, investigations only whimper in the background. Yet it goes without saying that successful outcomes are a result of resourceful investigations and astute prosecutorial work. On the same token, the allegation from which all this chain of events arises has to be well-founded. Let us look at each of these events in turn.

Allegation

What is the test criterion of a well-founded allegation? The long and short answer to this is that it should be free of malice. Whether the allegation is raised out of mere suspicion of wrongdoing, it should be well-founded, sound, logical and substantiated. This places the onus of evaluating a suspicion on the person raising the allegation. Many unsubstantiated allegations of corruption have found their way into the justice system, to the detriment of the integrity of the system.

Investigation

An investigation is an exercise to establish the truth. An investigation cannot create a case out of no case. Perpetrators of fraud and corruption will go to great length to conceal their crimes. It is the responsibility of the investigation to establish, not only the what, where, when, how and the who, but also ascertain the evidence thereof. Corruption is indeed a complex crime and it calls for an equally multifaceted investigative approach. This calls for directing attention to what is good and useful for uncovering the evidence and ignoring the rest.

The term “public-private partnership” has become quite popular in our political discourse. In this country, however, the practice has yet to find traction in the field of criminal investigations. In many countries the practice is a matter of cause. Modern fraud investigations will encompass a wide range of disciplines, including computer forensics, data/digital/ financial analytics, social mapping and so on. Experts in these investigative disciplines may not be found in the public sector. Many, if not most, are in private organisations and universities. Public-private partnership is therefore critical for successful outcomes.

Prosecution

In public discourse, prosecution is most often taken to be the low hanging fruit. It is where the most heat and noise come from. When the outcome is an acquittal it is the prosecution which often gets the rap. But, from what we have looked at above, the slap may not always be justified. When the case is politically sensitive talk of “persecution by prosecution” ensues. Just like an investigator, a prosecutor cannot create a case out of no case. Besides going to great length to conceal their crimes, perpetrators of fraud and corruption often create war chests to hire the best legal teams to defend them should they be caught. Public-private partnership in prosecution is therefore equally important for successful outcomes. Many “expert witnesses” may not be in the public sector.

Trial

An independent judiciary is of cause the icing on the cake. All players in the preceding stages are going to play their roles in good faith when they know that there is going to be a free and fair trial at the end of it all.

Conclusion

Finally, we have to keep in mind that the fight against fraud and corruption is an all embracing campaign, not merely uncoordinated battles. It should encompass both proactive and reactive measures. While the reactive actions of allegation, investigation, prosecution and trial generate heat and sound, the real test of a corrupt free society is in the proactive arena. How does society view corruption? Is a corrupt person ostracized reminiscent of a child molester? If not, why and what should be done? There may not be any easy answers. But one thing is certain: Corruption should be made to be abhorred through socialization and education.


Caleb Mutsumba
Forensic Audit Consultant
Mobile +263 712 620287 / WhatsApp:+263 772 466540
Skype: caleb.mutsumba
LinkedIn:- http://zw.linkedin.com/in/calebmutsumba
Blog: – https://5whaudit.wordpress.com/
Twitter:- @Caleb_Mutsumba

Advertisements

Blackmail Fraud: What is it?

Immunity from Termination

The one distressing development that we at 5wh are witnessing across many of our client organisations in Zimbabwe is what we have come to call “blackmail fraud”. In this situation, the fraudster – either amateur or professional and mostly in administrative or managerial position – commits acts of transactional or systematic non compliance as part of or adjacent to the fraud scheme.

When the fraud is detected, the fraudster calls attention to the non compliance issue. In many instances, because of the legal doctrine of vicarious liability, the non compliance issues tend to peril the employer more than the employee. In the end, employers are stopped from acting against the offender in a way they would have or what the Code of Conduct stipulates.

Though this is not a new phenomenon, we have seen that, with penalties getting so excessive (take tax penalties, for instance), it seems that even the smaller non-compliance issues give rise to this phenomenon of “non-terminability” or “immunity from termination”.

Where to Now?

Internal Control

An organization is a living entity which changes over time. As a result, the organization’s mission, goals and objectives must be regularly evaluated and periodically revised. Thus, internal control is an ongoing process known as the Internal Control Cycle. After an organization analyzes its goals and objectives to determine its risks, management must analyze these risks and evaluate the policies and procedures in the identified high-risk areas. Part of the management process includes monitoring the progress made toward meeting goals and objectives. Monitoring also helps to ensure the effectiveness of the organization’s internal controls and the effectiveness of the policies and procedures. Periodically, policies and procedures should be revised to mitigate risk and eliminate redundancy. They must also be communicated internally and externally, as necessary.

Everyone in an organization has responsibility for internal control.

Tone at the Top

Management’s attitude, actions, and values set the tone of an organization, influencing the control consciousness of its people. Internal controls are likely to function well if management believes that those controls are important and communicates that view to employees at all levels. If management views internal controls as unrelated to achieving its objectives, or even worse, as an obstacle, this attitude will also be communicated. Employees are aware of the practices followed by upper management including those that circumvent internal controls. Despite policies to the contrary, employees who note that their managers frequently override controls, will also view internal controls as “red tape” to be “cut through” to get the job done. Management can show a positive attitude toward internal control by such actions as complying with their own policies and procedures, discussing internal controls at management and staff meetings, and rewarding employees for following good internal control practices. Although it is important to establish and implement policies and procedures, it is equally important to follow them. In the “immunity from termination” scenario, the Code of Conduct is not only perceived to just another worthless document; it is in effect a hollow manuscript.

Management Ethics, Philosophy & Operating Style

An organization’s culture evolves from the values of its members and the culture, in turn, exerts a strong influence on the actions, decisions, and behaviors of all employees.

An ethical culture requires engaged employees and managers who understand why doing the right thing is important for the organization’s long-term viability; and they have the determination to see that in fact the right thing does get done.

What are some of the key attributes needed for an organization to be fully integrity-based?
• Employees feeling a sense of responsibility and accountability for their actions and for the actions of others.
• Employees freely raising issues and concerns without fear of retaliation.
• Managers modeling the behaviors they demand of others.
• Managers communicating the importance of integrity when making difficult decisions.
• Leadership understanding the pressure points that drive unethical behavior.
• Leadership developing processes to identify and remedy these areas where pressure points occur.
These attributes touch other aspects of the organization that go beyond the fundamental abilities of making a profit and maintaining high levels of quality and productivity: how well the organization adapts to change, or encourages employees to be engaged in decision making, how well the organization creates a collective sense of purpose around shared values. It is this broader set of skills and qualities that create the foundation needed to support an ethical culture. These higher-level behaviors are no longer “nice to haves.” These are the behaviors now demanded for survival in this economic environment of creative destruction.

Management’s philosophy and operating style affect the way the organization is managed. They determine, for example, whether the organization functions informally with verbal instructions or formally with written policies and procedures. They also define whether the organization is conservative or aggressive in its response to risks. In other words, they define the organization’s “risk appetite” or the level of risk that is acceptable to the organization. To be successful, the organization’s internal controls must be aligned with management’s philosophy.

Our summary advice is:

(a) Tone at the top.
(b) Making certain Internal Controls are operating as they should at all times. This calls for an independent monitoring function.

(c) Periodic Fraud Vulnerability Review (also known as Fraud Risk Assessment) which follow the pretence of “prevention is better than cure”. Here experts assist with the process of risk analysis that proceeds from threat assessment to threat evaluation to the selection of countermeasures designed to contain or prevent that risk.

(d) Effective, conclusive investigations where a fraud is suspected or detected.

About 5wh Audit

5wh is a relationship-oriented professional services company that provides the following solutions to business challenges:
Ø Internal Audits
Ø Forensic Audits
Ø Compliance Audits
Ø Due Diligence Investigations
Ø Business Systems Design, Development and Reviews

We work with business owners and leaders who are set on blowing away those constraints blocking their way to success. We also assist our clients isolate hidden economic assets in their business and determine specific projects to optimize and leverage those assets for greater profit and growth.
We know that the only way to turn your potential for success into actual success is to blow away the constraints that block your path.
________________________________________
© Caleb Mutsumba

Introduction to Fraud and Forensic Audit in Zimbabwe

Introduction to Fraud and Forensic Audit

1 Background

Fraud has always been a major business constraint in Zimbabwe. With the introduction of the multi-currency regime, the problem of fraud has gone beyond what was just a business challenge. Foreigners can now look into Zimbabwe for the much coveted US Dollar.

At 5wh we offer a series of services across the fraud control spectrum – from fraud prevention and detection, through to investigation, evidence collection and litigation support.

2 Definition

The Oxford Dictionary defines “Forensic” simply as, “Of or used in law courts.” Eagle

Forensic auditing is a blend of traditional accounting, auditing, and financial detective work. The emphasis is on the quality of work, as it has to satisfy the exacting demands of the law courts.

3 Investigate first – then act

This is the logical thing to do and in Zimbabwe this is what the law (Labour Relations Act [Chapter 28:01]) requires. If you suspect that your organisation is the target of financial crime you will need fast professional support to help you take action.

©Caleb Mutsumba

What is Fidelity Guarantee Insurance?

What is Fidelity Guarantee Insurance

A Fidelity Guarantee as issued by the insurers is a contract of insurance and also a contract of guarantee to which the general principles of insurance apply. It does not guarantee the employees honesty but it guarantees that if the employer suffers any direct financial loss arising out of the employees dishonesty the insurers share indemnify the said loss to the employer within the limitations prescribed by the contract.

Insurable Interest : The term “Fidelity Guarantee Insurance” embraces Policies indemnifying employers against pecuniary losses on account of forgery, defalcation (misappropriation of money), embezzlement (diversion of money to one’s use) and fraudulent conversion by employees. The object is to provide protection against losses arising out of the default of an individual acting in some capacity such as Cashier, Accountant and Store-keeper, etc.

Scope of Cover : The  Policy covers the loss sustained by the employer by reason of any act of forgery and/or fraud and/or dishonesty of monies and/or goods of the employer on the part of the employee Insured committed on or after the date of commencement of the Policy during uninterrupted service with the employer. The loss should be detected during the continuance of the Policy or within 12 calendar months of the expiry of the Policy and in the case of death, dismissal or retirement of the employee within 12 calendar months of such death or dismissal or retirement whichever is earlier.

The cover may be required in respect of a single employee or a group of employees. There are three types of Policies normally issued by the Insurer for this clause of business namely “Individual Policy”, “Collective Policy” and “Floating Policy”.

Main factors considered for issuance of Fidelity Guarantee policy

  • The extent of control over the work of the person to be guaranteed necessarily to form the relationship of master and servant.
  • The record, standing and reputation of the employee.
  • The “bonafides” of the employer.
  • The system of checking of the accounts and general supervision of the employee.

It is essential to obtain the Private Reference and/or Former employer’s Report forms in addition to completed Employer and Employees application form as appropriate.

It should be noted that –

  1. The cover granted is against a direct pecuniary loss and not a consequential one;
  2. The loss should be in respect of moneys or goods of the insured;
  3. The act should be committed in the course of the duties specified;
  4. If the employee guaranteed under the policy had left the services of the employer and was re-engaged by him, no liability attaches to the policy, unless the consent of the insurers was obtained.
  5. No loss that may have been caused by bad accountancy is payable: the loss must be supported by evidence of any of the specified acts of dishonesty.

Types of Fidelity Guarantees

  • Individual Policy : This Policy covers an individual for a stated amount.
  • Collective Policy : This Policy covers a group of employees. The Insured decides the amount of guarantee required for each individual according to his or her responsibility and position. A schedule is included in the Policy.
  • Floater Policy : A single amount is shown in the Policy which represents the Insurer’s liability in respect of any one individual and its total liabilities in respect of all the employees guaranteed who are individually named in the schedule. Such type of Policies is granted where the number of persons to be guaranteed is not less than 5.
  • Blanket Policy : The Insurer in certain selected cases, issues Blanket Policies without the names of the guaranteed persons being shown, in respect of all employees who are grouped according to categories, e.g. employees handling cash, other clerical staff etc. They are issued to large well established business houses conducting business with sound practices.

In case the Policy is required to be issued without mentioning the name of the employee/s i.e. on unnamed basis, then in such circumstances all the employees dealing with the cash/goods, whether permanently or temporarily or by rotation must be covered.

Further the limit can be fixed for each employee separately or for the group of the employees as the case may be and the liability of the Insurer in case of the loss will be restricted to the same limit irrespective of the sum insured. However, the wider limit in the line of the sum insured can be considered by the Insurer depending upon the requirement of the Insured after taking into account other relevant factors.


Fidelity Guarantee Insurance Claim Procedure

  • Insured should take immediate steps against the defaulting employee for the recovery of cash/goods as the case may be and also other disciplinary action required, depending on the case.
  • Insured must establish the “act of infidelity” committed by the particular employee covered under the Policy.
  • In many cases, the loss noticed at the time of stock taking in case of stock is not covered.
  • The Insurer shall not be liable, if at the time of any loss, any other Security Guarantee or insurance existing covering the same loss.
  • The policyholder must submit a “proof of loss” to the insurance company detailing the amount of its claim.

Take Home!

The requirements to establish the “act of infidelity” and submit a “proof of loss”  means a forensic audit is essential. Ordinarily the cover is extended to Forensic Auditors fees incurred in establishing and substantiating the amount of loss. Clients’ in-house expenses and overhead are not covered.

Most white collar crimes are complex, and unlike other forms of insurance, the burden of proof is squarely upon the policyholder, who also bears the burden of investigation, audit and accounting, as well as submission of conclusive documentation and evidence to the insurer in the form of a formal Proof of Loss.

The following services/skills are therefore imperative for a successful Fidelity Guarantee Insurance Claim:

  • Investigation
  • Interrogation
  • Documentation
  • Proof of Loss
  • Law Enforcement Liaison
  • Forensic Accounting
© 5wh Corporate Services (Pvt) Limited


A CONTINGENCY PLAN FOR RESPONDING TO WORKPLACE FRAUD

Below is an article which appeared in the July/August 2003 issue of Business Digest, a now defunct Harare publication.
_________________________________________________________________

A CONTINGENCY PLAN FOR RESPONDING TO FRAUD AT THE WORKPLACE

In the March/April issue of this journal, we carried an article by Caleb Mutsumba on ‘Fraud At Your Workplace’. This outlined the common problems of theft and false accounting and referred to the importance of developing a contingency plan to implement when fraud is detected.

In this article, Caleb Mutsumba gives specific guidance on developing such a plan.

In terms of our Companies Act (Chapter 24:03 of the Statute Law, Section 140), it is the responsibility of management to establish and maintain an adequate internal control structure and procedures for financial reporting.

In the new Sarbanes-Oxley Act of 2002, the USA goes one step further than this statement of the obvious when it stipulates that management should report on the company’s internal controls, and the auditor should give an opinion on the effectiveness of those controls.

The grave risks posed by occupational fraud – reflecting adversely on management – can be greatly mitigated by a well-thought-out company policy on fraud and an operational Fraud Response & Contingency Plan.

FRAUD POLICY
A ‘policy’ may be regarded as providing standing answers to recurring questions.

The two purposes of a Fraud Policy are to –
 provide an outline as to what may constitute fraud, and
 detail procedures to be followed where fraud is suspected or discovered.

A fraud policy also reduces the moral burden of one employee reporting on a fellow employee (‘dobbing’, in the slang term). Because it usually makes it clear that not informing management about possible fraudulent activities may lead to a drawing of negative inferences against the employee-in-the-know, such a policy makes it easier for employees to, to ‘blow the whistle’ on wrong-doing – from which is derived the term ‘whistle-blowing’.

Where an organisation has an ‘Ethics Policy’, the expected behaviour regarding reporting fraudulent activities may be incorporated therein. Alternatively, the obligation to report where fraud is suspected or discovered – and the procedures to be followed by various parties – may be crafted into a composite policy document known as a Fraud Response & Contingency Plan.

FRAUD RESPONSE & CONTINGENCY PLAN
When a fraud is discovered, there is a need for clear, prompt and appropriate action. Yet, if managers have not experienced the situation before, the existence of a Fraud Response & Contingency Plan increases the likelihood that the crisis will be managed effectively.

Individual Responsibilities
A Fraud Response & Contingency Plan should spell out officials’ responsibilities regarding various procedures, as follows.

  • The official from the management team who is responsible for the preliminary investigation.
  • Depending on the outcome of the preliminary investigation, there may be a need to involve independent investigators to perform a thorough investigation.
  • Other designated personnel in the organisation who should be informed immediately if a fraud is detected or suspected.
  • Who should decide when and which lawyers and/or forensic auditors should be instructed, and who should liaise with them.
  • Who should decide on the involvement of the police and/or regulators, and who should liaise with them.
  • What steps will be followed and actions taken after the investigation is referred to the police and/or regulatory agencies.

Dealing with employees suspected of fraud

The Contingency Plan should –

  • Specify that the suspected fraudster should have no rights of physical access to company buildings – or to clients (see Footnote 1  below).
  • Emphasise that the investigation team should not allow the suspect to have unsupervised access to company records or computer equipment during the investigation (see below – Where Computers are involved).
  • Specify that procedures followed will be fair – e.g. the employee will be provided with an opportunity to answer allegations (see Footnote 2)
  • Emphasise that management needs to be fully aware of legal termination procedures. Take legal advice as necessary.
  • • Mention the need to consider consultation with union/workers representatives, where appropriate.

Interviewing the suspect

The Contingency Plan should state that where lawyers and/or the police indicate that the company should interview the suspect –

  • The requirements of the disciplinary legal process have been considered and balanced.
  • The interview is held by a senior member of staff with a note-taker.
  • Detailed notes of all conversations and meetings held with the suspected fraudster are made, as these notes may be used for prosecution purposes (see Footnote 3).

Collecting and handling evidence

The Plan should outline steps to follow in collecting and handling evidence –

  • Collect all related original documents from the premises and from external sources (e.g. banks).
  • Record from whom, from where and when the document was collected (include date & time, so as to make a clear ‘audit trail’).
  • Take care not to ‘contaminate’ evidence, as it may be needed for evidence purposes. For example –

 Do not mark any of the original documents
 Limit the number of times the documents are handled.

Where Computers are involved

  • Obtain details of all the suspect’s passwords and computer rights.
  • Freeze the suspect’s IT network and remote access until the investigation has reached a conclusion.
  • Do not turn off the suspect’s computer, as important and vital information may be lost.
  • Contact an independent specialist for help, as necessary.

Communicating to staff

  • Keep as much information as possible confidential. In the early days of an investigation, it is often not possible to identify all those who may be involved.
  • Ensure that a consistent message in line with the press release (see below – Publicity) is issued to staff still at work.
  • Remind staff of the confidentiality clause within their employment contracts, to try and restrict additional details of the story being leaked outside the workplace.

Publicity

  • Inform the designated press officer of the suspected fraud at the earliest opportunity.
  • Agree on a statement that can be used when necessary.
  • Ensure that all calls received by employees about the suspected fraud are routed to the press officer.

Contact Numbers

The contingency plan should record contact details for those involved in operating the plan, such as appropriate board members  and  third parties who may have to be contacted, including:

  • Police
  • Lawyers
  • Forensic Auditors/Accountants
  • Auditors
  • Insurers
  • Regulators.

Professional Forensic Services

I hope this brief outline shows that it is vital to have a contingency plan laying down quick and effective steps to be taken when fraud is detected. Professional fraud examiners, such as 5wh Forensic Services, besides investigating fraud, assist businesses to outline strategies to minimise the risk of fraud. These include assistance with crafting and operationalising effective fraud policies and contingency plans.

© Caleb Mutsumba

 

Footnote 1

Preventing physical access to company premises necessitates suspending the employee from duty. New Termination of Employment Regulations contained in Statutory Instrument 130 of 2003 gazetted on 23rd May 2003 provide for ‘summary suspension without pay … where an employer has good cause to believe that an employee is guilty of any of the conduct mentioned in paragraph (b) of subsection (2) of section 12B of the Labour Act’. Section 12B(2)(iv) of the Labour Act refers to ‘theft or fraud’.

What constitutes ‘good cause’? You just need a reasonable basis for believing that the employee has a case to answer – you do not need to be able to prove him guilty before suspending him. His guilt or innocence – on a balance of probabilities – will have to be established at the Disciplinary Hearing that you need to carry out after the investigation. Note that in terms of labour law you will need to hold an internal hearing to regularise dismissal, even where the police prosecute successfully and the employee is found guilty in criminal court. Until you formally terminate his employment, and have a written record of evidence proving his guilt, he remains employed by you.

Footnote 2

Section 101 of the Labour Act deals with Codes of Conduct and 101(3)(e)& (f) spells out the rights of an accused employee to –
 Be notified that disciplinary proceedings are to be commenced against him in terms of a                specific breach of the Employment Code (or Section 12B(iv) of the Labour Act if there is no            company Code or National Employment Council Code in existence)
 Be given the opportunity to answer allegations at a hearing.

Footnote 3

When you hold your own internal Disciplinary Hearing –regardless of whether you call in the police – note that :–
 It is easier to prove ‘guilt’ in an internal administrative hearing than in a criminal court.
This is because the ‘burden of proof’ in a Disciplinary Hearing requires only that you prove            the employee to be guilty on a balance of probabilities, rather than on the more strenuous            basis of beyond reasonable doubt.
How do you do this? Labour consultant George Makings advises the Hearing Officer or Committee to –
 list in one column on a sheet of paper the strong evidence presented against the suspected            fraudster (and then the weak evidence).
 In the neighbouring column, then list the strong (and weak) defences the employee                           presented in denying the allegations.
 Appraise the columns – and decide ‘on the balance of probabilities’ whether the employee is        guilty of fraud.

 The Labour Act [Section 101(3)(g)] states ‘a written record or summary (must) be made of             any proceedings or decisions taken in terms of the employment code’. This would obviously         also apply if you proceed in terms of Section 12B, where there is no employment code of                 conduct. The reason for having a written record is that appeals against decisions are often             done on the written record of the hearing, not by means of a new hearing.

The above material is from George Makings’ 2003 Commentary on the New Labour Act.
_________________________________________________________