Thank you for joining us for our session today. Many local authorities have innovated to tackle fraud and collaborate effectively to meet the challenges. A reduction in fraud can indeed be a source of sizeable savings. Local authorities remain keen to develop a consistent risk and performance methodology for the sector and for individual councils to estimate the potential risk they face on a consistent basis, hence the creation of the Fighting Fraud and Corruption Locally strategy which will be covered today in addition to fraud risk assessment. As well as the obvious financial impact, fraudulent incidents may subject organisations to privacy concerns, and reputational damage. It is essential that organisations are proactive in predicting and assessing their exposure to these threats in order to mitigate the likelihood and impact of a fraud incident.
In addition to our guest speakers, we are also joined from the Institute by Liz Sandwith, Chief Professional Practices Advisor; Derek Jamieson, Director of Regions; and our chair Piyush Fatania, Head of Audit, Risk, Assurance and Insurance Services for Gloucestershire County Council, and member of the Institute’s Council.
Chair's opening comments
Welcome to our Local Authority Forum.
Each pound a criminal takes is a pound less for vital public services. Fraudsters are like a virus constantly revising and sharpening their techniques and local authorities need to do the same. Councils have a good record in countering fraud and the strategy contains numerous case studies and examples of successes. However, local authorities report that they are still encountering barriers to tackling fraud effectively, including lack of incentives, data sharing, information sharing and powers, but also that they require support from senior stakeholders and those in charge of governance.
Our speakers today are Ashlee Mewburn and Damien Margetson from KPMG, who will share their advice/guidance around undertaking a fraud risk assessment.
Size of the fraud problem
The annual ACFE (Association of Certified Fraud Examiners) report is a useful guide to reference.
Building blocks of fraud risk management
A fraud risk assessment is part of a broader picture.
A common issue is a fraud risk assessment gathering dust on a shelf (digitally speaking).
This is an issue. An assessment should not be an ad-hoc activity.
Things change frequently. A fraud risk assessment should be regularly refreshed.
Fraud risk assessment
There are six steps which are outlined in more detail in the slide deck (see link below).
Click here for the slide deck.
Fighting fraud and corruption locally
Simon Bleckly, Head of Audit Risk and Assurance for Warrington Borough Council and HIA, Salford City Council is part of the FFCL Strategic Advisory Board and Operational Group.
The FFCL is the local government counter fraud strategy in England (also used in other home nations). The operational group brings regional groups together to share good practice techniques. It offers projects to support the strategy in terms of data analytics, measurement, schools, social care, etc. The group also has a knowledge hub with a forum and documents share.
The knowledge hub is hosted on KHub, and is freely accessible for local authorities. Click here for details.
A recent session on current fraud trends in local authorities identified:
Chair's closing comments
The length of time before fraud can be detected (14 months according to ACFE) reinforces the importance of preventative and detective controls. It's important to remember that fraud isn’t always a about money. Close working, between internal audit and fraud teams, where both exist, ensures an integrated approach to make sure nothing falls between the gaps. Fraud prevention and detection is everyone’s responsibility.
Institute's closing comments
Our next LA forum on 23rd March looks at cultivating a healthy culture.
Thank you for attending. As always, if you have any ideas or suggestions for what we might include in future agendas, please contact Liz Sandwith email@example.com
Q: Can you ever have something other than zero appetite to fraud?
A: In an ideal world, there would always be zero appetite. Given the scale of the issue, can organisation really justify the level of resource to get to that position? It's always about the level of risk that can be tolerated to maintain business as usual, as with any risk. Some organisations apply a risk appetite to reported fraud in terms of what's investigated
Comment: Two members commented that their authority has had no investigation for two years
Comment: There should also be zero tolerance to fraud
Comment: Agree with the speaker. This has been the challenge for many organisations over the years - the reality that you will experience fraud and cannot reduce the risk to zero without unacceptable costs or ceasing doing business. There has to be an open and realistic discussion about risk appetite
Q: Could you say something about the safeguards that you would expect internal audit to put in place if an auditor undertakes a counter-fraud role such as a fraud risk assessment?
A: Not overly familiar with the public sector standards. At a practical level, the main thing is it needs to be done competently, and if that means internal audit then it’s better than being done poorly by 2nd or 1st lines. Operational staff need to be accountable to help mitigate against internal audit marking its own homework
Comment: The IASAB has guidance on internal audit roles in counter fraud Guidance on internal audit's role in counter fraud
Comment: Emerging fraud risk | mandate fraud - email hacks into supplier to then facilitate a change of bank request