As the fraud environment becomes increasingly complex, especially with the COVID-19 pandemic, it is now more important than ever that businesses develop robust fraud prevention programs. One method of doing so is ensuring effective corporate governance.
Corporate governance is the framework of rules, relationships, systems and processes within and by which authority is exercised and controlled in corporations. The key players involved in corporate governance include the board of directors, audit committee, firm management, internal auditors, and fraud risk assessment.
While it may be impossible to stop all cases of fraud within a business, fraud can be more easily identified, reported, and its outcomes minimised with strong internal systems and a management culture that encourages employees to speak out about their concerns.
The Role of the Board
The board of directors of a company is an elected group of individuals that represent the company’s shareholders. They have many roles within the company, but overall the board will “oversee” rather than “do”. In contrast, management is the group responsible for the actual running of the business.
Some responsibilities of the board of directors include:
- Maintaining oversight of fraud risk assessment
- Monitoring management fraud and control-related activities
- Implementing an effective business ethics program
- Hiring management, setting their compensation and evaluating their performance
- Setting the appropriate tone at the top
In Australia, directors are subject to 2 different sources of law. The Corporations Act 2001 (Cth) is the primary piece of legislation that governs the board of directors. Some of the key duties this Act imposes are:
- Act with care and diligence: There is an obligation to ensure a basic understanding of the company’s activities, size, distribution of functions and financial position.
- Act in good faith in the interests of the company and for a proper purpose.
- Not use their position to gain advantage for themself or another or to cause detriment to the company.
- Not use information to gain advantage for themselves or another to cause detriment to the company
Failure to comply with these regulations will result in significant financial penalties for the director involved.
Besides the duties under legislation, the board of directors must also act as fiduciaries under general law. A fiduciary is a person that acts on behalf of another person or persons, putting their clients’ interests before their own. Their duties are similar to those under the Corporations Act, and include duties to:
- Act in good faith and in the best interests of the company
- Exercise their powers for a proper purpose
- Not fetter their future discretion – i.e. not bind themselves to a particular future decision
- Avoid conflicts of interest and duty
Remedies exist in the event of a fiduciary breach, such as injunctions, claims for damages or compensation, and recissions of any contracts improperly entered into by the director.
The board of directors owe a duty towards the shareholders of their company, with serious penalties in place if they breach this duty. Not only does this prevent the board from engaging in fraudulent activities themselves, it also encourages them to look out for and prevent instances of fraud within their company.
What Can the Board Do About Fraud?
The board should engage in corporate governance via an effective whistleblower hotline in place so that employees can easily report any suspicious activity they see. This will lead to more positive outcomes for the company, since companies will be better off relying on their employees for internal information rather than facing the uncertainty associated with inquiries from government agencies like ASIC.
Some of the most important features for a whistleblower hotline include:
- Have a variety of communication channels
- Implement different metrics
- Complaints should have a means of follow up by investigators
- Employees should remain anonymous unless otherwise stated
- Its existence should be made known to all employees, vendors, and other stakeholders
Aside from the fact that whistleblower hotlines will effectively collect valuable information from employees, it will also deter potential perpetrators from engaging in fraud, and promote a culture of compliance.
Without a strong ethical culture within an organisation, fraud is almost an inevitability. The guiding principles of a company are what all employees will be led by.
If employees see that the company has taken a strong stance against all forms of fraud, they will be less likely to engage in this kind of behaviour. A company’s core principles will be set by the board of directors and be a strong indicator of the company’s strategic direction.
The board should therefore implement a code of ethics or conduct as a form of corporate governance. This will deter any wrongdoing and promote honest and ethical conduct by their employees.
Additionally, such a code will clearly outline the activities that the company deems as appropriate and inappropriate, and the consequences for violation.
Directors, trustees, and staff should all be familiar with the code, and regularly be educated as to the importance of compliance. Written acknowledgement of adherence to the code should also be obtained on an annual basis.
As mentioned above, one of the roles of the board is to oversee the management of risk, which includes the risk of fraud. Fraudsters are constantly looking for new ways to exploit companies, so the board must be agile in their fraud risk management.
Corporate governance can take place through the implementation of a board committee, such as the audit committee, to focus on the oversight of risk management. This is particularly useful if the committee currently lacks capacity or does not consist of the optimal board members for risk oversight. The board will also have the opportunity to periodically review the committee’s effectiveness of fraud risk management processes and controls.
Next, the board can conduct a comprehensive fraud assessment. This involves creating an exhaustive list of potential risks that the company is exposed to. There are a number of methods of identifying such risks, which include:
- Employee fraud awareness surveys
- Hiring a cyber security firm to detect hacking vulnerabilities
- Monitoring social media
- Conducting exit interviews
The board should also include any measures that are currently in place to manage each risk, such as metrics, reports, insurance and contingencies.
Once the risk areas have been recognised, they should each be reviewed to determine whether they involve a vulnerability to fraud. These may include the movement or retention of funds, company records or confidential information, or system interfaces with vendors and customers. Providing a risk rating for each area will be an effective way to periodically assess the strength of anti-fraud control measures.
Polonious’ risk management software may be the perfect solution for you. Not only is it ISO compliant, this software is easy to navigate, reduces administration time, and can easily export reports. You can find out more here.
What should the board do if a fraud has occurred? For lower level fraud in a large company, it may be sufficient to let it be handled by a manager or human resources.
However, for a significant fraud or a small company, the board must investigate how the fraud occurred and if/how it might have been prevented, or at least oversee and review a report on the investigation. Key considerations when conducting an investigation include:
- Categorising issues
- Confirming the validity of the allegation
- Defining the severity of the allegation
- Escalating the issue or investigation when appropriate
- Conducting the investigation and fact-finding
- Resolving or closing the investigation
- Managing and retaining documents and information
Finally, the board should consider using outside resources, since internal resources may already be compromised.
Polonious’ investigation case management software can do all this work for you. The system is incredibly flexible and adaptable to your needs. It allows you to access everything you need in one convenient place, and can be easily implemented into your current IT resources. More information can be found here.
Governance systems are an important preventative measure of corporate governance because they ensure oversight and minimise the ways fraud can occur.
For example, effective policies and procedures around procurement and tender processes help to ensure that choice of suppliers are not influenced by bribery or corruption. These policies may include:
- Introducing additional approval processes for orders over a certain amount
- Assigning someone to identify and regulate vulnerabilities in your processes
- Conducting background checks on potential employees including reviewing expenditure habits
Additionally, while they may be implemented by the board, effective governance systems operate independently and can help to prevent fraud at the board level. These systems will provide the overall framework that the organisation is expected to operate within, so the board must appoint the right managers to oversee them.
Additionally, independent, third party auditing, as part of the governance system, also helps to prevent fraud that may occur within the board itself.
Corporate governance plays an invaluable role in identifying and putting a stop to all kinds of fraud within their organisation. Some activities that the board of directors should engage in include implementing a whistleblower program, developing a code of ethics, engaging in risk management, and investing in governance systems. By doing so, the board will send a clear message to potential perpetrators of fraud that they will not tolerate this sort of behavior in their company.
Book a Demo Now
Learn more about how Polonious can help you investigate and respond to fraud.