Developing an Integrated Anti-Fraud, Compliance, and Ethics Program Developing Anti-Fraud, Compliance, and Ethics Policies 2018 Association of Certified Fraud Examiners, Inc.
Discussion Questions 1. What policies are included as part of your organization s anti-fraud, compliance, and ethics program? 2. Are your policies tied to your organization s mission statement and core values? 3. How do you ensure that employees understand their responsibilities under these policies? 2018 Association of Certified Fraud Examiners, Inc. 2 of 27
Developing Anti-Fraud, Compliance, and Ethics Policies Formal policies: Clearly articulate management s expectations. Provide supporting guidance to employees in making ethical decisions. Organization s mission statement and core values should be the foundations for policies: Board resolution on program and policies can help underscore commitment to ethics. 2018 Association of Certified Fraud Examiners, Inc. 3 of 27
Policies to Include Code of business ethics and conduct Anti-fraud policy Whistleblower policy Incident response plan Executive-specific policies Charters for ethics- and compliance-focused positions 2018 Association of Certified Fraud Examiners, Inc. 4 of 27
Code of Business Ethics and Conduct Provides an underlying framework for ethical behavior in an organization Communicates what management expects of the staff and what the staff can expect of management Reinforces company core values Defines a standard of conduct to guide employees in making decisions 2018 Association of Certified Fraud Examiners, Inc. 5 of 27
Code of Business Ethics and Conduct Addresses potential ethical challenges and provides mechanisms to assist with them Emphasizes use of good judgment Provides examples of prohibited actions Explains how to report suspected ethical violations Discusses penalties for ethical violations Serves as a gateway to other policies and procedures 2018 Association of Certified Fraud Examiners, Inc. 6 of 27
Code of Business Ethics and Conduct Should include input from both management and employees Should be communicated to all personnel in clear, simple language Should be long enough to address ethical risks but short enough to keep the attention of the audience Should be easily accessible for quick reference 2018 Association of Certified Fraud Examiners, Inc. 7 of 27
Code of Business Ethics and Conduct Competition and antitrust considerations Compliance with applicable laws and regulations Appropriate accounting practices Conflicts of interest Improper payments Gifts and entertainment Confidential information and trade secrets Communications with competitors Privacy of employee communications Use of company assets and resources Political contributions Social media use Emails and voicemails Desks and lockers Surveillance Proprietary information Document retention requirements Credit reports and employee background checks 2018 Association of Certified Fraud Examiners, Inc. 8 of 27
Code of Business Ethics and Conduct Require employees to: Explicitly affirm they read, understand, and comply with code Self-report any potential or existing conflicts of interest Report known instances of misconduct Code must comply with legal requirements (e.g., stock exchanges, SOX) Ethics policy versus code of conduct 2018 Association of Certified Fraud Examiners, Inc. 9 of 27
Anti-Fraud Policy Separate policy, in addition to the code of business ethics and conduct 2018 Association of Certified Fraud Examiners, Inc. 10 of 27
Anti-Fraud Policy Components Policy statement Scope Responsibility for fraud prevention and detection Actions constituting fraud Non-fraud irregularities Reporting requirements and procedures Investigation responsibilities Authorization for investigation Confidentiality Disciplinary action 2018 Association of Certified Fraud Examiners, Inc. 11 of 27
Whistleblower Policy Provides expectation for treatment of whistleblowers and consequences for noncompliance with policy States that reporting unethical conduct is part of all employees fiduciary duty Applies to all employees, as well as outside parties 2018 Association of Certified Fraud Examiners, Inc. 12 of 27
Whistleblower Policy Include information about: Specific actions to be taken if individual has knowledge of noncompliance Reporting mechanisms Types of allegations that can be reported Incentives or rewards for reporting Anti-retaliation stance Confidentiality of reports Expectation that reports will be made in good faith 2018 Association of Certified Fraud Examiners, Inc. 13 of 27
Incident Response Plan Identifies the framework that management will use if there is a detection or suspicion of fraud Not usually communicated to the entire staff Considerations to include: Who should be informed of a suspected violation? Who should investigate the incident? Who will determine what action to take against the violator, and how will such action be determined? Who will be responsible and accountable for improving identified control weaknesses? 2018 Association of Certified Fraud Examiners, Inc. 14 of 27
Executive-specific policies Charters for compliance- and ethics-focused positions Other Policies 2018 Association of Certified Fraud Examiners, Inc. 15 of 27
Other Policies 2018 Association of Certified Fraud Examiners, Inc. 16 of 27
Writing the Policies Anchor the policies in organizational values and operational realities. 2018 Association of Certified Fraud Examiners, Inc. 17 of 27
Writing the Policies Keep it short. Use simple vocabulary. Include definitions. Be concise. Use active voice. Provide examples. Consider the audience. Solicit feedback. 2018 Association of Certified Fraud Examiners, Inc. 18 of 27
Writing the Policies Integrally involve legal counsel in drafting and reviewing the policies. 2018 Association of Certified Fraud Examiners, Inc. 19 of 27
Distributing and Communicating the Policies Methods: New-hire paperwork Annual training Management memo Written copies Pamphlets FAQs Posters Company website Company intranet Goals: Easily accessible Memorable 2018 Association of Certified Fraud Examiners, Inc. 20 of 27
Implementing the Policies Signed statements of compliance: New hires Annual for all staff Employees who engaged in unethical conduct Management certification of the program Periodic assessment and updates of policies 2018 Association of Certified Fraud Examiners, Inc. 21 of 27
Implementing the Policies Application of policies to third parties: Write policies with third parties in mind. Make policies accessible to outside parties. Consider enacting a separate vendor and supplier code of conduct. Require statements of compliance as a condition for business. 2018 Association of Certified Fraud Examiners, Inc. 22 of 27