Investigating and Preventing Public Sector Fraud 4 April 2012

1. Investigating and Preventing Public Sector Fraud4 April 2012 Lewis Rangott

2. Case study: Close relationships with vendors • Senior manager with a significant budget and complex projects requiring the appointment of multiple vendors • The senior manager had significant technical expertise and a private sector background • Email / CCR analysis showed extensive receipt of gifts, hospitality and friendships with vendors • Exposed agency to watchdog scrutiny and jeopardised project delivery • Lessons: • “Key person risk” is rarely managed properly • Arm’s length procurement staff or probity advisors should be used on complex tenders

3. Case study: Secondary employment risk • Mid-ranking officer in a government department • Had an outside business that overlapped with his public duties • Poor departmental controls around valuable equipment and resources • Lead to misappropriation of tens of thousands of dollars worth of equipment • Lessons: • Approximately 620,000 Australians are multiple job holders (source: ABS Cat. 6105) • Secondary employment risks trigger all points of the Fraud Triangle • Control of equipment and resources is often poor in the public sector

4. The Fraud Triangle Opportunity Pressure Rationalisation

5. Case study: Résumé fraud • Contract manager with procurement duties • History of detectable fraudulent behaviour • Changed his name and falsified his résumé • Detected by chance • Lessons: • 20%-30% of résumés contain serious falsehoods (source: ICAC, ‘Operation Avoca’ report, August 2010) • Agencies with poor employment screening are targeted • Similarly, inadequate vendor screening is a risk

7. Effects of implementing fraud mitigation strategies • This is a comparison of the median losses at organisations that had implemented each specified fraud control with the median losses for those organisations that did not have that control. Source: Association of Certified Fraud Examiners – 2010 Report to the Nations on Occupational Fraud & Abuse – p.43

8. Proactive Reactive Setting the Proper Tone Anti Fraud Program Policies Communications andTraining FraudRisk Assessment Fraud Controls Monitoring Fraud Response Plan Code of Ethics Ernst & Young’s Anti-Fraud Framework Practical steps that can enhance an organisation’s ability to mitigate fraud risk and strengthen its corporate governance framework Exampleactions • Tone communication program • Code compliance confirmations • Whistleblower channels • Fraud awareness training • Induction and training processes • ASX 7 sign off • Escalation and investigation protocols • Discipline and compliance enforcement • Control remediation for known issues • Financial recovery • Fraud Policy and Procedures • Disciplinary code • Delegation of authority • Ethical guidance • Fraud risk policy • Insurance programs • Employment contracts • Annual Business Ethics surveys • Fraud vulnerability assessments and scenario analysis • Deep dive reviews by internal audit • Incident reporting • Annual and half yearly self assessment • Process Data Analytics

9. Brenton Steenkamp, Partner, Fraud Investigation and Dispute Services, Ernst & Young Email: brenton.steenkamp@au.ey.com Lewis Rangott, Manager, Fraud Investigation and Dispute Services, Ernst & Young Email: lewis.rangott@au.ey.com Contact details 9