FRAUD PREVENTION PLAN

for the financial year 2001/2002

 Fraud Prevention Plan
Table of Contents

- Preamble

- Fraud Policy Statement

- Anti-Fraud Charter

Section

1 Fraud Prevention Key Initiatives

2 Current Key Fraud Risks

Motivation for the Key Initiatives:

3 Anti-fraud environment within the Department

4 Understand and manage our fraud risks

5 Proactive defence of the assets of the Department

6 React swiftly when a fraud is discovered

 Fraud Prevention Plan
Table of Contents (continued)

Annexures

1 Fraud risk matrix

2 Results of the FraudSCAPE™ fraud risk identification process
P1 Ranking of Pretoria relative to its 10 nearest matches
P2 Average answers for each characteristic set
P3 Dispersion of answers for each characteristic set
P4 Does Pretoria follow clear patterns of fraud
C1 Ranking of Cape Town relative to its 10 nearest matches
C2 Average answers for each characteristic set
C3 Dispersion of answers for each characteristic set
C4 Does Cape Town follow clear patterns of fraud
A1 Ranking of the Department relative to its 10 nearest matches
A2 Average answers for each characteristic set
A3 Dispersion of answers for each characteristic set
A4 Does the Department follow clear patterns of fraud
 Preamble
The “new age” philosophy of fighting fraud

Ironically, as business and economic practices around the world have become more
high-tech, more sophisticated and less labour-intensive, the opportunities for fraud, theft,
collusion and corruption have been seen to be increasing. The global business, social
and economic environments have changed. So too must our approach to tackling one of
the rampant offspring of this new age – commercial crime.

Prevention in the 21st century is about understanding your risks, external and internal,
and in recognising that the working environment created by an organisation is the most
significant factor that determines how much of a target for fraud that organisation will be.

Employees bring to the workplace their fears, concerns and motivational drivers; the
organisation creates the opportunity for fraudsters to act on their motivators.

The daily working environment is, therefore, the main battlefield in fighting and reducing
commercial crime.

Being prepared

Given the requirement in every public sector organisation to protect assets and the
requirement for any management team to ensure that internal controls are operating
effectively, it behooves all such entities to take the necessary steps to identify and
manage their exposure to commercial crime. The well worn adage “prevention is better
than cure” therefore holds very true.

A committed and proactive strategic approach is required.

The essential focus of the strategy is to create in an organisation a culture of zero

tolerance, a high level of awareness and a management and control environment that
makes it as difficult as reasonably possible to misappropriate assets.

Many managers regard commercial crime-fighting as an impossible task and a waste of

effort and money. However, such an attitude is exactly what the syndicates ‘out there’
relish, as it makes stealing so much easier.

i
 Preamble (continued)
“The only thing necessary for the triumph of
evil is for good men to do nothing”
Edmund Burke (1729-1797)
English statesman and philosopher

Managers of economic entities should accept that their organisations are likely to be
targeted at one time or another. Why? Because we have what the criminals want – cash
and other assets. The extent of the desirability of our product or service contributes to
our risk. The organisation that is least protected is likely to suffer the highest losses or
most frequent attempts.

There are essentially four pillars to a world-class fraud prevention strategy:

 Create an anti-fraud environment

 Understand and manage the risks
 Be proactive in defence
 React swiftly to a known crime.

These pillars provide the basic outline for the fraud prevention plan that we as the
Department are implementing.

ii
 Fraud Policy Statement

The Department of Environmental Affairs & Tourism is

committed to protecting its revenue, expenditure, assets, and
national assets of which the Department is custodian, from any
attempt by any person to gain financial or other benefit in an
unlawful, dishonest or unethical manner

iii
 Anti-Fraud Charter
To implement the Fraud Policy of the Department:

We will create an anti-fraud environment throughout the Department

 We will implement our prevention plan in all structures of the Department

 We will make fraud reduction a priority in all independent structures (e.g.
Internal Audit)
 We will embrace and acknowledge the contribution of all employees and
members of the community who assist in the combating and prosecution
of fraudsters.

We will understand and manage our risks

 We will review and understand our fraud risks on a regular basis

 We will give cognisance to fraud risk in all procedure changes
 We will monitor direct and indirect losses incurred via fraud, through
effective information and communication.

We will be proactive in defending the assets of the Department

 We will form strategic alliances in combating fraud

 We will establish a profile on potential fraudsters
 We will monitor direct and indirect losses incurred via fraud, through
effective information and communication.

We will react swiftly when a crime is uncovered

 We will react swiftly, and with vengeance.

iv
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

Section 1: Fraud Prevention Key Initiatives

The Department intends to:

1.1 Appoint the Chief Financial Officer as the person responsible for implementing
the Fraud Prevention Plan and for maintaining it on an ongoing basis.

1.2 Appoint a Fraud Risk Committee, chaired by the Chief Financial Officer, to
develop the policy and procedural guidelines necessary for the implementation of
the Key Initiatives and for monitoring the fraud risk profile of the Department.

1.3 Implement a culture of ZERO TOLERANCE of crime throughout the organisation,

by:

 Implementing the Fraud Policy and Anti-Fraud Charter.

 Re-establishing the commitment of all employees to the Public Service
Code of Conduct within the Department and enhancing this code with
policies relevant to our unique business and operating activities.
 Insisting and ensuring that the Political Office bearers, all managers and
supervisors demonstrate their commitment to zero tolerance through their
overt behaviour and support.
 Implementing the principles of good corporate governance in order to
conform to the requirements of the Public Finance Management Act, in so
far as these are relevant to the Department.
 Ensuring that our systems of internal controls are in place and are
effective.
 Employing people on merit, with the right skills and levels of integrity, and
in accordance with the requirements of the Employment Equity Act.
 Employing the complement of people necessary for the Department to
carry out its responsibilities appropriately and effectively.
 Understanding better the stakeholders and suppliers with whom we do
business.

1.4 Understand and manage our fraud risks by identifying, evaluating and
benchmarking these on an ongoing basis; and to react to the changes in our risk
profile in order to reduce the threat of loss.

Page 1
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

1.5 Protect the assets, revenue stream, expenditure of the Department and national
assets for which it is responsible in the face of external influencing factors that
we cannot easily overcome or cannot influence at all. We will do this by
implementing the following:

 Interrogation of our databases of information on a regular basis in order to

identify potentially fraudulent patterns.
 A fraud and corruption awareness training programme for all personnel.
 An independent fraud ‘tip-off’ reporting hotline, which is particularly
relevant for Marine Coastal Management.
 Forensic controls specific to the critical risks that we have identified.
 A fraud database designed to record and track actual and potential
dishonest behaviour.

1.6 Act swiftly and decisively once a fraud has been discovered, in order to minimise
loss, prosecute criminals, avoid public embarrassment and recover
misappropriated assets.

Although all of these initiatives should be implemented in order to combat fraud risk, as a
priority, the following eight issues should be addressed first:

Priority Activity Reference to

Section
1 Implement the Fraud Policy and Anti-Fraud Charter and 3.1
publish these
2 Implement an independent fraud ‘tip-off’ reporting hotline, 5.3
particularly within Marine Coastal Management
3 Implement a fraud and corruption awareness programme 5.2
throughout the Department, which should include training
and visibility
4 Re-establish the commitment of all employees to the 3.2
Public Service Code of Conduct within the Department
and enhance this code with policies relevant to our unique
business and operating activities
5 Evaluate and ensure that our systems of internal controls 3.5
are in place and are effective, especially within the Poverty
Management Unit, the Weather Bureau and Marine
Coastal Management
6 Review risk on a regular basis, particularly within Marine 4
Coastal Management and the Weather Bureau
7 Build capacity within Marine Coastal Management to 3.6
ensure that mandated objectives can be achieved
8 Implement background and integrity assessment 3.6
procedures to the maximum extent allowed by law
throughout the Department

The remainder of this Plan sets out the background and motivation for each of the
above-mentioned initiatives.

Page 2
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

Section 2: Current Key Fraud Risks

We have identified the key risks associated with the business and economic activities of
the Department. This exercise was carried out as follows:

 Interviews by the consultants from Deloitte & Touche and Sithole AB&T with key
managers and personnel.

 Review of various documentation and reports pertaining to fraud and business

risks in the Department.

 Application by Deloitte & Touche of their FraudSCAPE™ fraud risk identification,

assessment and benchmarking methodology.

The remedial actions to address the risks identified during this process have been
classified according to the four pillars of Fraud Prevention, as set out in the Anti-Fraud
Charter.

The full results of the risk identification process are set out in the annexures to this
document.

Annexure 1 is a Matrix listing all the key fraud risks identified during this process. In this
matrix we have identified which of our suggested initiatives will assist in reducing and
managing each identified risk.

In addition we have, where applicable, indicated any initiatives the Department is

currently implementing to combat each risk, and any specific solutions that have arisen
as a result of our work within the Department.

Annexure 2 is a report detailing the findings of the FraudSCAPE™ risk identification

process. This report is set out in three sections, dealing respectively with Pretoria, Cape
Town and the Department as a whole. Annexures P, C and A, support this report and
are graphical representations of the FraudSCAPE™ findings.

Page 3
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

Section 3: Motivation for the Key Initiatives: Anti-fraud

Environment

The establishment of a culture of “zero tolerance” depends on the successful

implementation of the following:

3.1 An anti-fraud policy

3.2 A code of business ethics
3.3 Behaviour modelling
3.4 Corporate governance
3.5 Internal controls
3.6 Employ the right people
3.7 Know with whom you do business

3.1 An anti-fraud policy

The anti-fraud policy is essentially a statement of intent by the Department that we will
not tolerate crime and that we will investigate and prosecute any incident discovered. All
other activities aimed at reducing the risk of commercial crime support this philosophy
and intention.

Our policy is:

 A simple statement of intent

 Unequivocable in its message
 To be well publicised throughout the organisation
 To be publicly and often endorsed by the Political Office Bearers and all
managers and supervisors, in order to demonstrate commitment.

All fraud prevention initiatives undertaken by the Department are intended to support the
over-arching policy.

3.2 Our code of ethics

A code of business ethics is essential as part of the establishment of a culture of “zero

tolerance”. A code of ethics codifies what is acceptable and unacceptable behaviour in
the Department and is intended to cover the entire spectrum of corporate activities, and
in particular relationships with third parties.

Although the Public Service Code of Conduct governs our general activities, we have to
define issues and concerns specific to the Department, develop policies in respect of
acceptable and unacceptable practices, and add these to the Public Service Code in
respect of the Department.

Page 4
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

Our code of corporate practices and conduct should:

 Commit the Department to the highest standards of behaviour

 Be developed in such a way as to involve all of the Department’s stakeholders in
order to infuse its culture
 Receive total commitment from the Political Office Bearers and all managers and
supervisors
 Be sufficiently detailed to give a clear guide to the behaviour expected from all
employees.

In addition to this the code of ethics should receive active endorsement by senior
management by means of regular and concerted communications which re-inforce
acceptable behaviour.

A world-class code of ethics:

 Demonstrates Departmental intent

 Codifies unacceptable actions
 Sets out the consequences of non-compliance
 Is attested to in writing by employees, thereby removing ignorance as a defence
 Must be well publicised.

3.3 Behaviour modelling

The Political Office Bearers and the senior managers are the persons that provide the
Department with leadership and direction. Without clear vision an entity begins to
flounder and value ceases to be created for stakeholders. Commitment and leadership
come from the top. An organisation with a passion for excellence and high ethical
standards is most likely to succeed.

The Political Office Bearers and the senior managers create or influence the
Departmental culture and the working environment. These senior people need to show
their commitment to high ethical standards by active participation in the drafting of the
Departmental charter of ethics and by living out the ethical standards so defined.
Maintaining a higher set of ethics and standards than are expected from staff is an
important aspect in creating an environment where fraud is frowned upon by all.

The implementation of a culture of ‘zero tolerance’ is a top-down process and will fail
unless the Political Office Bearer and senior managers buy in and demonstrate
commitment through their actions.

Page 5
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

3.4 Corporate governance

Corporate Governance is simply the system by which organisations are directed and
controlled. Government departments function in environments where “ownership” (i.e.
the Public) is divorced from management and the maintenance of accountability of
managers to the Cabinet and the Public is becoming increasingly important.

Important principles

From a fraud prevention point of view it is important that:

 When the senior managers consider the strategy and direction that the
Department will be taking, they take into account the environmental factors
relating to fraud and that they insist that a suitably comprehensive fraud
prevention strategy be put in place to address such risks.

 Each senior manager brings his or her specialised industry knowledge or

technical background to bear when considering how fraud risks are to be
avoided.

 Regular monitoring of performance against pre-set objectives should take place.

 Individual operational units be held accountable for their actions.

 Constant pressure for improvement be exercised as this has a powerful impact

on reducing fraudulent activity.

 The management team’s awareness of the possibility of fraud be monitored, as

this is also an active manner in which the senior managers can encourage
defensive strategies.

 Regular monitoring of the internal control environment takes place to ensure that
it remains of sufficiently high standard.

Sound corporate governance is essential

Corporate governance can never entirely eliminate the possibility of fraud. The adoption
of sound corporate governance principles will, however, have a major influence on any
organisation’s vulnerability to fraud. Thus corporate governance should include the
following:

 Strong leadership and direction provided by individuals with a high level of

integrity.

 The implementation of a sound control environment including:

o A culture of sound ethics
o Accountability for results
o Transparency.

Page 6
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

 A proper understanding by the senior managers of the corporate governance

structures and a willingness to use them.

3.5 Internal controls

Already an integral part of the Department’s defence system, internal controls, when
properly implemented, not only support good accounting and control, but make it more
difficult for a fraudster to succeed with a criminal act within the organisation.

Thus a system already in place can contribute to lowering the risk of fraud, at no
additional cost to the Department.

Senior management need to take active responsibility to ensure that controls are
adequate for the Department’s needs. The managers, therefore, need to carry out a
review of their system of internal financial control to ensure that it is sound. This review
would typically incorporate a review of the following aspects:

Control environment

 A commitment by management and employees to competence and integrity (e.g.

leadership by example, employment criteria).

 Communication of ethical values and control consciousness to managers and

employees (e.g. through written codes of conduct, formal standards of discipline,
performance appraisal).

 An appropriate organisational structure within which activities can be planned,

executed, controlled and monitored to achieve the company’s/group’s objectives.

 Appropriate delegation of authority with accountability that has regard to

acceptable levels of risk.

 A professional approach to financial reporting.

Identification and evaluation of risks and control objectives

 Identification of key operational risks in a timely manner.

 Consideration of the likelihood of risks crystallising and the significance of the

consequent financial impact on the business.

 Establishment of priorities for the allocation of resources available for control and
the setting and communicating of clear control objectives.

Page 7
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

Information and communication

 Performance indicators that allow management to monitor the key operational

and financial activities and risks, and the progress towards operational and
financial objectives and to identify developments that require intervention (e.g.
forecasts and budgets).

 Information systems that provide ongoing identification and capture of relevant,

reliable and up-to-date financial and other information from internal and external
sources (e.g. monthly management accounts).

 Systems that communicate relevant information to the right people at the right
frequency and time in a format which exposes significant variances from the
budgets and forecasts and allows prompt response.

Control procedures

 Procedures to ensure complete and accurate accounting for financial

transactions.

 Procedures to ensure that where national resources are managed, that this is
done effectively and within the objectives of the governing Acts and regulations.

 Appropriate authorisation limits for transactions that reasonably limit the

Department’s exposure.

 Procedures to ensure the reliability of data processing and information reports

generated.

 Controls that limit exposure to loss of assets/records or to fraud (e.g. physical

controls, segregation of duties).

 Routine and surprise checks which provide effective supervision of the control
activities.

 Procedures to ensure compliance with laws and regulations that have significant
financial implications.

Monitoring and corrective action

 A monitoring process that provides reasonable assurance to management that

there are appropriate control procedures in place for all of the Department’s
financially significant business activities and that these procedures are being
followed.

 Identification of change in the business and its environment that might require
changes to the system of internal financial control.

 Formal procedures for reporting weaknesses and for ensuring appropriate

corrective action.
Page 8
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

3.6 Employ the “right” people

In seeking to implement “zero tolerance”, the Department must concern itself with the
honesty and integrity of its management and employees. One of the ways in which this
can be done is through background screening and integrity assessments of both existing
employees and candidates for employment.

A typical background screen and integrity test would be carried out by psychology
professionals or qualified psychometrists, and might include one or more of the
following5:

 Structured interviews with the person concerned

 Interviews with references (lifestyle assessment)
 Checking of criminal records
 Credit bureau enquiries
 Confirmation of work, schooling and higher education details as set out on the
individual’s cv
 Psychometric testing
 Verification of tertiary qualifications.

Certain organisations have been known to use polygraph testing during the recruitment
process for senior positions. It should be noted that polygraph testing should primarily
be regarded as an investigation tool. It is not recommended that employment decisions
be based only on polygraph test results, as these results presently are generally
inadmissible as evidence in a court of law. Thus the position in law of the polygraph is
not strong.

In respect of background checking and screening, there are certain legal issues to be
considered. These may be summarised as follows:

 The Constitution of the Republic of South Africa stipulates the right of the
individual to fair labour practices and the right to privacy. The Constitution further
takes a very strong stance against discriminatory practices.

 The Labour Relations Act of 1995 and the Employment Equity Act of 1998 seek
to define rights as they pertain to employees: in essence, an employer may not
unfairly discriminate against an employee or applicant for employment on any
arbitrary ground, such as race, gender or age.

 The Employment Equity Act states, however, that it is not unfair to discriminate
on the basis of an inherent requirement of a particular job.

 In order to protect the employer from legal action against it in respect of breach
of privacy, the employer must obtain the consent of the employee or the
applicant for employment. This consent must contain sufficient detail to place the
employee or applicant in a position so as to appreciate fully the nature and extent
of the integrity assessment. However, mere consent by the employee is not
sufficient to protect the employer from an action for unfair discrimination.

Page 9
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

 In respect of existing employees: where an employer requires an existing

employee to undergo an integrity assessment, this would amount to a change in
the conditions of employment. The employee would be entitled to refuse and the
employer may not take any steps against the employee. It may be possible for
employers to introduce such measures if such implementation can be motivated
on the basis of the operational requirements of the business and a procedure
compliant with relevant legislation is followed.

 In respect of an applicant for employment: provided that the employer is able to

justify the reason for obtaining the background information, the employer may
prescribe that, in order for an applicant to qualify to be considered for
employment, the applicant is required to undergo an integrity assessment and
must consent thereto. Where the applicant then refuses, the employer will be
entitled to disregard the applicant.

 Care should be taken when utilising psychometric testing as a basis for excluding
applicants from the recruitment and/or selection process. The Employment
Equity Act stipulates that such psychometric tests have to be scientifically
validated for South African circumstances, culturally fair and reliable. Reliability
infers a direct correlation between the test outcomes and the purpose for which
the test is being used.

The comments set out above are included for information purposes only and should not
be construed as legal advice or legal opinion in any way whatsoever. Any person
intending to conduct background and integrity testing of their employees or candidate
employees should first obtain legal advice from an attorney or a labour advisor
conversant with the relevant aspects of South African law.

3.7 Know with whom you do business

Approximately 80% of fraud against organisations is committed by their employees,

either individually or in collusion with licence holders suppliers or other third parties, such
as funding recipients. Third parties dealing with the Department gain access to useful
information such as bank account details, cheques and control procedures.

So it does pay to know with whom you are doing business!

In respect of background checks on suppliers, the situation is far simpler than for
employees and potential employees. Information about registered companies is
available from the Companies Office in Pretoria, the Receiver of Revenue and from
registered credit bureaus. Obtain agreement from potential suppliers that you are able
to contact existing customers of theirs.

Industry information will also be available from other companies in the same industry
and from industry organisations.

In respect of persons applying for the various types of licences, carry out background
checking prior to licences being granted.

Page 10
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

Section 4: Motivation for the Key Initiatives: Understand and

Manage our Fraud Risks

In order to deal with them, the fraud risks facing the Department must first be identified,
evaluated and assessed, and on an ongoing basis. Only then can practical measures
be determined to reduce the threat of loss.

4.1 The process

The fraud risk identification and assessment process is, for the most part, much the
same as for the identification and assessment of other areas of operational risk. The
key steps are as follows:

 Identify and assess the fraud risks

 Evaluate mitigating controls
 Define the ‘gap’ or residual risk and prioritise these
 Determine what additional controls or control improvements are required to
eliminate or minimise the threats.

An additional measure is to assess our susceptibility to fraud through a benchmarking

process that will allow us to assess the vulnerability of our fraud risk profile against a
database of researched and known profiles, on an ongoing basis.

4.2 Benchmarking your fraud risk profile

A fraud risk profile benchmarking process:

 Focuses both on financial control and other factors

 Is a self-assessment process
 Enables you to assess your susceptibility
 Is a by-product of risk assessment
 Provides a rational score
 Measures the entity against others and itself over time
 Provides a basis for assessing changes in risk profile over time.

Page 11
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

A world-class benchmarking process should take into account the drivers of fraud from
at least the following ten areas of an organisation:

 Employee characteristics
 Financial relationships
 Financing characteristics
 Cultural characteristics
 Organisational characteristics
 Management characteristics
 Control characteristics
 Systems controls
 Business and market characteristics.

Given the philosophy of “zero tolerance” and recognising that our vulnerability to the
threat of fraud is driven by the opportunities provided by the Department and the attitude
of employees, it makes sense to assess how the ‘soft’ aspects of the working
environment influence our risk profile.

This benchmarking exercise contributes to a clearer undestanding of what issues and

circumstances drive fraud and assists in focusing and prioritising improvement initiatives.

Page 12
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

Section 5: Motivation for the Key Initiatives: Proactive Defence

of the Assets of the Department and the National
Assets that the department takes responsibility for

Defending the ramparts comes strongly into consideration when an organisation faces
environmental factors that it cannot easily overcome or cannot influence at all. For
example, the desirability in the economy for its products (cell phones, liquor, motor
vehicle parts and perlemoen are examples of highly desirable items), or the existence of
syndicate behaviour.

Implementation of the following initiatives contribute significantly to the reduction of

commercial crime:

5.1 Data interrogation

5.2 Fraud awareness training
5.3 Fraud ‘tip-off’ reporting hotline
5.4 Forensic controls
5.5 A crime database.

5.1 Data interrogation

Data interrogation is an automated method of determining the profile of features that

would indicate if fraud or related irregularities exist. Data is taken from several sources
in our systems and is processed with a suite of advanced IT tools to detect if those
profiles currently exist.

Between half and three-quarters of all corporate frauds are committed by employees,
either acting alone or with outside accomplices, such as suppliers. Employees know the
business, and its way of doing things. They know, too, that the risks of discovery are
usually slim.

Two factors weigh heavily in the fraudsters’ favour. One, the average organisation
generates such a haystack of data that it is easy to hide even the biggest of needles.
Two, the complexity and compartmentalised structure of many big organisations mean
that anyone who is curious enough to go looking for the truth will find it hard to get more
than a fragmented view of events.

Getting behind the veil that corporate fraudsters throw over their frauds requires two
things: the ability to interrogate several corporate databases together and a library of
standing information about the real world outside - against which invented company
names, addresses, telephone numbers and much more can be checked.

State of the art data interrogation software searches out relationships, global patterns
and irregularities by crunching together an organisation’s various databases - such as
accounts, payroll, personnel, marketing, telephone call logs by extension, even building
access and controls records - and highlighting anomalies or suspect coincidences that
conform to known fraud ‘profiles’.

Page 13
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

Data interrogation delivers:

 Profiles of our main fraud risks

 A prioritised list of irregularities within our data where these fit the profiles of
fraud
 Rapid reporting on data quality and defects
 Cost savings over traditional investigation methods
 More accurate targeting of problem areas
 A summary of conflicts between data on different systems.
 A summary of defects in the data that indicate where controls may not have been
operated as designed.

Examples of interrogation results:

 Identification of spurious suppliers

 False VAT numbers
 False supplier addresses
 False company registration numbers
 Employees staff controlling suppliers for their own gain
 Duplicate payments
 Payment details for suppliers that match employee addresses and banking
details
 Problems in procurement by analysis of contract tender returns by authorising
officer bidder, date, amount, and variances
 Indications of “ghost” employees - where payments are made to non-existent
personnel all at one address.

5.2 Fraud awareness training

Employees need to understand what bribery, corruption and commercial crime are and
must be able to recognise them if they are to be expected to report frauds and other
commercial crimes to our management. It is, therefore, essential that employees and
managers be trained in what fraud indicators are and are taught how to be on the look-
out for potentially criminal behaviour.

The benefits of fraud awareness training for employees include:

 Empowers employees to identify crime … leading to tip-offs

 Can be generic and Department-specific
 Is a forum for ethical training
 Should be presented by forensic professionals
 Enhances ethical culture.

Page 14
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

5.3 Fraud ‘tip-off’ reporting hotline

Employees are our first line of defence against commercial crime, as they work for and
alongside potential and actual white-collar criminals. But the biggest problem facing
honest staff who wish to report crime is fear of retribution and of being victimised.

One of the few options available to overcome this problem is a reporting mechanism that
will give honest employees, suppliers, customers and other stakeholders the opportunity
to report crime in your organisation.

The United States Congress has promulgated the Whistleblowers Act. In July 1999, the
Public Interest Disclosure Act was voted into law in the United Kingdom. The South
African equivalent, the Protected Disclosures Act, was promulgated in 2000. All of these
pieces of legislation seek to protect those persons who “blow the whistle” on
wrongdoing.

A fraud reporting facility complements and underpins the commitment of an organisation

to fight crime.

International experience has shown tip-off lines to be highly effective in reducing the
incidence of crime where they are implemented. South Africa is no exception and many
successes have been recorded here.

Management needs to establish a ‘tip-offs policy’ that destigmatises whistle-

blowing by encouraging this practice. The policy should be clear and
unequivocable and must be widely publicised throughout the organisation.

Notable tip-off lines in South Africa include:

 Transnet
 First National Bank
 The Auditor-General’s “Speak Out” line
 Crime Stop.

Page 15
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

The key elements of a world-class tip-off reporting facility:

 Independently managed by a third party

 Confidential reporting
 Operates throughout the year, including after-hours
 Technology-driven
 Secure (people, systems and data)
 Reporting by telephone, fax, post or email
 Continual internal marketing and top management support
 Internal publicity of successes achieved
 Assistance to the client in making employees aware of the facility
 For South Africa in particular, a multi-language capability.

The benefits of a tip-off facility include:

 A simple, low cost but powerful deterrent

 Promotion of good governance
 Protection from negative publicity
 An easy way of promoting a culture of honesty and integrity
 Demonstration of a tangible corporate governance initiative
 Effective highlighting of risk areas and weak control environments.

5.4 Forensic controls

Forensic controls are procedures implemented as a backstop to the normal systems of

internal and accounting controls. Such controls are put in place where specific risks
have been identified as requiring special treatment.

Forensic controls are designed to prevent losses rather than identify them after they’ve
been incurred. Several examples of forensic controls are:

 Surprise inspections or asset counts (including review of licencing process)

 The testing of external access to IT systems and data
 Value document audit/review (ensuring cheques in particular are secure in as
many as possible respects)
 Industry-specific crime information sharing
 Soft-loan policy (it’s better to make a soft loan and have the employee abscond
than to not have one and not know how much is being stolen by the same
person).

Page 16
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

5.5 Crime database

In order to track criminal behaviour throughout an organisation and in relation to the

persons with whom it does business, particularly one that has several locations or is
geographically widespread, it is necessary to create a database of all actual criminal
acts perpetrated against the Department, as well as unsuccessful attempts.

This will assist management in identifying patterns that might indicate control or
procedural weaknesses, syndicate activity and collusion. The information gathered and
recorded in this manner also provides guidance for data interrogation procedures.

It should be noted, however, that the right to privacy guaranteed by the Constitution
precludes an organisation from publishing or distributing information about individual or
corporate suspects in criminal activities, as these persons have yet to be tried in a Court
of Law and are presumed innocent until found guilty. However, information about modus
operandi can be shared, without reference to names and locations.

Page 17
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

Section 6: Motivation for the Key Initiatives: React Swiftly when

a Fraud is Discovered

6.1 Forensic investigation capability

An organisation that is committed to the prevention of commercial crime and corruption

will ensure that its “zero tolerance” policy is supported by follow-up and investigation of
suspicious behaviour and actual criminal acts that are uncovered.

A forensic investigative capability can be set up in-house, usually reporting to the head
of Internal Audit or to a Loss Control Officer, or it can be out-sourced. One of the major
benefits of outsourcing is that external professionals will be seen to be objective. This is
often important in sensitive environments.

But whatever the approach taken, an investigation must be seen to be put in motion
quickly once a fraud has been discovered. This clearly demonstrates the “zero
tolerance” policy and top management commitment.

6.2 Fraud response plan

Once a crime has been uncovered, it is critical to carry out remedial actions in a
structured and transparent manner that is acceptable to trade unions, management and
employees. A standard response approach would include:

 Identification of the culprit or suspect and his or her position.

 An evaluation of the seriousness of the offence and the likely impact on the
Department.

 Formulation of the strategy to be followed, usually in consultation with the internal

auditors or professional forensic consultants.

 Consideration of the removal of the suspect.

 Set the guidelines for disciplinary procedures and enquiry.

 Securing of evidence and assets.

 Analysis of evidence at hand in order to assess whether there is a case against

the suspect.

 Reporting to the necessary authorities.

 Investigation to establish the extent and nature of the crime.

 Initiation of civil and criminal litigation.

Page 18
Department of Environmental Affairs & Tourism
Fraud Prevention Plan
Financial Year 2001/2002

 Public relations (corporate image).

 Tracing and repatriation of assets.

 Creating employee awareness of the incident.

 Identify and rectify any control weakness.

 Enter details into the crime database maintained by the Department.

Page 19