Government Counter Fraud Profession Standards and Guidance - Standard for Counter Fraud Culture Practitioners (HTML)
Published 28 November 2024
A. Professional Standard and Guidance for Counter Fraud Culture
A1. Purpose
This document is part of the wider Government Counter Fraud standards and guidance, which cover all the core disciplines and subdisciplines in the Government Counter Fraud Framework.
The Government Counter Fraud Professional Standards and Guidance are designed to present a consistent cross-government approach to countering fraud, raise the capability of individuals and through this, increase the quality of an organisation’s counter fraud work. Their aim is:
- To describe the knowledge, skills and experience (professional standards and competencies) needed for an individual to demonstrate practitioner level. The document directs you to a competency framework which outlines how someone can progress to this standard.
- To provide guidance to those using the standards on the processes and products they will use to deliver the discipline and what they should seek to put in place in the organisation to deliver the discipline effectively.
This standard forms the basis of the Counter Fraud Culture core discipline within the Government Counter Fraud Profession (GCFP).
The professional standards and guidance are not intended to cover every eventuality or every specific issue that may arise and should be adapted to the organisation’s resources and fraud risk profile. This standard should be read in conjunction with all other GCFP Standards.
The Government Counter Fraud Professional Standards and Guidance are designed to present a consistent cross-government approach to countering fraud
A2. Introduction
A counter fraud practitioner should be able to understand how culture impacts upon the prevalence of fraud and an organisation’s attitudes towards fraud, and recognise opportunities to collaborate with others to influence, measure, improve and maintain an effective counter fraud culture.
Counter fraud culture is defined as consisting of ethical beliefs, behaviours, values and practices that fraud, bribery and corruption are not acceptable and effective action should be taken to detect and prevent wherever possible and proportionate. An effective culture is fostered through a cycle of education, measurement, monitoring and improvement.
The word fraud will be used in this document to refer to all forms of fraud, bribery and corruption.
The Culture discipline covers the tools and techniques for establishing, measuring and monitoring an effective counter fraud culture within an organisation. A strong counter fraud culture is essential to effectively deal with fraud. This extends from those leading the organisation to all those associated with it.
This will ensure the organisation looks for fraud and positively embraces it being found and dealt with, as well as providing opportunities to increase efficiency by reducing fraud loss.
Organisations need to educate those associated with it through processes, communication and awareness to build a counter fraud culture.
Developing a counter fraud culture differs from other aspects of counter fraud work as it represents a collective response which may emerge slowly and involves attitudes and beliefs which are acquired over time and can vary between individuals.
A3. How This Document is Structured
This document contains the following:
- The Competency Framework outlining the knowledge, skills and experience required by those undertaking work within counter fraud culture to operate effectively, and how these develop through the competency framework levels of Trainee, Foundation and Practitioner.
- Guidance for professionals includes:
- Process guidance describing the recommended processes to implement counter fraud culture processes.
- Product guidance setting out the recommended guidance on developing good quality outputs in relation to counter fraud culture.
- Organisation guidance which has been agreed as best practice and should be followed by all counter fraud professionals and their organisations.
These standards have been created, reviewed and agreed by the GCFP Board, the body with oversight of the Profession, and the responsibility for the development and maintenance of the Counter Fraud Professional Standards and Guidance. The board has been assisted by an expert Cross Sector Advisory Group (CSAG).[footnote 1]
A4. Government Functions (UK)
In the United Kingdom, the Central Government operates under a functional model.
The Government Counter Fraud Function (GCFF) is one of the government’s fourteen functions. The GCFF has published a Functional Standard, a Strategy and in 2018 launched the World’s first Counter Fraud Profession. The vision of the GCFF is:
“Working across government to make the UK the world leader in understanding, finding and stopping fraud against the public sector.”
Functions are embedded in government departments and arm’s length bodies. The teams that make up the wider government function are supported by expertise in other public bodies and the functional centre. The Public Sector Fraud Authority (PSFA) provides support and expertise for the GCFF.
The Government Functions
- Communications
- Legal
- Commercial
- Counter Fraud
- Finance
- Analysis
- Digital, Data and Technology
- Internal Audit
- Property
- Debt
- Human Resources
- Security
- Property
- Project Delivery
- Grants
Cross Government Functions
The Centre of the Function sets the strategy, provides services and supports those across the organisations – for Counter Fraud this is the PSFA.
Government Departments
Departments have their own capability in counter fraud – making up the Function across government.
A5. Public Sector Fraud Authority
The Public Sector Fraud Authority (PSFA) provides increased scrutiny of activity to reduce fraud and economic crime, and builds broader and deeper expert services to support departments and public bodies to further improve their capability. The PSFA builds on the foundations of the Functional Centre for Counter Fraud, formerly known as the Centre of Expertise. The PSFA has an established mandate that sets out its roles and responsibilities and those of ministerial departments and public bodies interacting with it.
The purpose of the PSFA is to work with ministerial departments and public bodies to understand and reduce the impact of fraud.
It brings:
- A greater focus on performance and outcomes.
- Increased depth and breadth of support.
- Integrated partnership between Cabinet Office (CO) and HM Treasury (HMT).
The PSFA is changing the way that government manages fraud:
Its mission is to[footnote 2]:
- Modernise the fraud and error response by widening access and use of: leading practices, tools and technology, better protecting taxpayers’ money.
- Build expert-led services developed in collaboration with experts in departments and public bodies to better fight fraud and error through risk, prevention, data and enforcement techniques.
- Develop capability in the public sector to find, prevent and respond to fraud both organisationally and individually.
- Put performance at the heart of the public sector fraud conversation focusing on investments and outcomes.
- Aim to be seen as a beacon of fraud and error expertise and a destination for those wanting to make a difference in fighting public sector fraud.
The PSFA structure is composed of three service and three functional areas, one of which is Practice, Standards and Capability (PSC). This central team supports the oversight and development of the Government Counter Fraud Profession (GCFP). The PSC team works with a number of public bodies, via an oversight board, to agree the strategy, focus and products of the Profession. The PSFA is also the home of the Centre of Learning for Counter Fraud, which is responsible for building a vibrant learning community, improving counter fraud capability and providing fraud leaders with industry-leading skills.
A6. Government Counter Fraud Profession
The Government Counter Fraud Profession (GCFP) has a clear governance structure. Its board leads oversight of the Profession, with senior members selected from public sector organisations with a mature response to counter fraud and economic crime. Member organisations vary in size and the number of staff they have working in counter fraud, but all have an equal vote on the board. The key principles when developing the Profession, as agreed by the board, were Collaboration, Choice, Empowerment and Pace.
The GCFP board is supported by a Cross Sector Advisory Group (CSAG). This is made up of experts in counter fraud from a range of sectors, including academic, financial, legal and regulatory. The advisory group acts as a critical friend to the decisions made by the board.
The GCFP Cross Government Board leads oversight of the Profession
A7. Government Counter Fraud Framework
The framework covers the core disciplines and sub-disciplines that a public sector organisation needs to counter fraud threat. Organisations will use these to different extents depending on the nature of their function and services, and the associated fraud threat, as assessed through their threat assessments and fraud risk assessments.
- Organisational Level – this is aimed at the organisation. It is covered by the Counter Fraud Functional Standards. These state the basics that organisations should have in place to have an effective counter fraud response. It includes things like having a risk assessment, a fraud policy and having fraud awareness across the organisation.
- Core disciplines – the disciplines include a functional leadership level (Leadership, Management and Strategy) for those who are responsible for co-ordinating an organisation’s overall response to fraud. The main area is in the functional delivery level, this details the core disciplines that an organisation may use in an effective counter fraud response. Within these core disciplines are details of the knowledge, skills and experience needed to undertake these disciplines effectively.
- Sub-disciplines – the sub-disciplines is an area of additional knowledge, skills and experience that enhance capability across a number of core disciplines.
The Government Counter Fraud Framework
Organisational Level
Functional Standards
The Functional Standards detail the basics that an organisation should have in place to have an effective counter fraud response. This includes a level of fraud awareness across the organisation.
Core Disciplines
Leadership, Management and Strategy
An awareness across all specialist areas and the capability to define an effective counter fraud response and how to deploy the specialisms in the business
- Risk Assessment
- Measurement
- Intelligence and Analysis
- Prevention and Deterrence
- Use of Data and Analytics
- Sanctions, Redress and Punishment
- Culture
- Detection
- Investigation
Sub Disciplines
- Bribery and Corruption
- Money Laundering
- Disruption
- Cyber Fraud
- Criminal Justice
Membership Categories
There are five membership categories mapped to the GCFP framework, namely:
- Investigation
- Intelligence
- Fraud Control
- Data and Analytics
- Leadership, Management and Strategy
The Fraud Control Cluster
The Fraud Control cluster incorporates the Fraud Risk Assessment, Fraud Prevention, Fraud Detection, Counter Fraud Culture and Fraud Loss Measurement disciplines enabling the development of a career pathway for the counter fraud control practitioner which is equitable with those of the other Government Counter Fraud Profession (GCFP) disciplines (such as Intelligence and Investigation). The cluster draws together the required knowledge, skills and experience practitioners and organisations can self assess against when building their capability.
Drawing together the required knowledge, skills and experience
- Fraud Risk Assessment
- Fraud Prevention
- Fraud Detection
- Counter Fraud Culture
- Fraud Loss Measurement
The Counter Fraud Culture Standard is part of the GCFP Framework of standards. It will support the GCFP Fraud Control membership pathway. To be acknowledged as a counter fraud Practitioner these standards will have to be met. A combination of the disciplines from the Fraud Control cluster allows individuals working in the area of fraud risk and prevention to advance within the Government Counter Fraud Profession.
For information regarding how you can be recognised as a member of the Government Counter Fraud Profession (GCFP) please contact:
A8. Roles and Responsibilities
All employees and those associated with an organisation have a role to play in the building of a successful counter fraud culture. For the purposes of this standard a Practitioner will be undertaking work within the counter fraud environment and will have the ability and opportunity to build, measure and influence the counter fraud culture through the work they undertake.
Leadership across an organisation should embed a positive counter fraud culture, setting the tone at the top with strong ethics. It involves the regular and transparent communication of strong ethics and values, supports effective corporate governance, and promotes widespread compliance with defined processes and controls, and reinforces the message that fraud is unacceptable.
Leadership across an organisation should embed a positive counter fraud culture
A9. Key Components Explained
Components outline at a high level, the knowledge, skills and experience required for each core and sub-discipline. There are 4 key components for the Culture Standard for Counter Fraud Professionals. Each component has a series of elements, which are specific descriptors of knowledge, skills and experience required. These elements are then grouped into a competency framework.
Within the competency framework are three competency levels, these are Trainee, Foundation and Practitioner. These levels can be used to identify progression within the standard. The framework helps to establish where your competency level is and where you have areas that you may wish to develop.
1. Counter Fraud, Bribery and Corruption Knowledge
Having the appropriate knowledge to effectively tackle and respond to fraud, bribery and corruption.
2. Engagement and Communication
Influencing internal and external stakeholders to adopt, promote and implement shared counter fraud and corruption practices.
3. Leadership, Ethics and Accountability
Influence and engage at all levels to promote a strong counter fraud and corruption culture. Embody ethics and values within the organisation to govern and manage fraud for which everyone is accountable.
4. Measurement
Having appropriate mechanisms in place to effectively measure, monitor and improve counter fraud and corruption culture.
A10. Competency Levels
General rules about the competency levels are set out below:
- Trainee is about developing introductory knowledge.
- Foundation is about having the knowledge.
- Practitioner is about demonstrating the application of the knowledge.
An Advanced Practitioner works differently to the other levels as there are no predetermined categories for this level.
Instead, members can select individual or groups of elements they have a particular interest in, or focus on, to demonstrate their skills, knowledge and experience.
B. Culture Standard Competency Framework
Practitioner Competency
The below competencies are required to attain Practitioner level. The full Culture Competency framework can be found at Appendix 1. Guidance on terminology can be found in the Glossary.
1. Counter Fraud Bribery and Corruption Knowledge
1.1. Demonstrate a well developed knowledge of fraud, bribery, and corruption typologies.
1.2. Demonstrate a knowledge of why fraud related offending occurs including the motives behind such frauds and how these can be combated.
1.3. Demonstrate knowledge of the different types of enablers that may help facilitate fraud and how these may be disrupted.
1.4. Demonstrate an understanding of the main indicators of fraud and be able to recognise these when present at scheme/system/organisational level.
1.5. Demonstrate how to design and implement counter fraud policies, programmes, projects and procedures.
1.6. Demonstrate an understanding of the Fraud Risk Assessment process within your organisation.
1.7. Demonstrate an understanding of Initial Fraud Impact Assessments and how these are conducted.
1.8. Demonstrate a knowledge of the difference between Fraud Prevention[footnote 3], Fraud Detection[footnote 4] and recovery.
2. Engagement and Communication
2.1. Demonstrate how to use a range of communication channels and techniques to promote counter fraud awareness across an organisation.
2.2. Demonstrate knowledge of your organisation’s internal and external stakeholders and how to develop positive relationships with them.
2.3. Demonstrate how to promote the outcomes of fraud prevention, investigation, detection and recovery action and create opportunities to raise fraud awareness (e.g. case studies relevant to the organisation).
2.4. Demonstrate the ability to work with others and seek out opportunities to influence and evolve counter fraud policies and procedures.
2.5. Demonstrate the ability to create, measure and maintain an effective counter fraud culture and actively promote progress across the organisation.
2.6. Demonstrate the ability to devise, plan and implement an educational programme throughout the organisation which includes: campaigns, seminars, and printed media.
2.7. Demonstrate the ability to produce a protocol agreement/memorandum of understanding agreement which sets out the respective responsibilities of all parties involved in counter fraud across an organisation.
2.8. Demonstrate how to promote the organisation’s counter fraud strategy and policies internally and externally through effective educational and communication programmes.
3. Leadership, Ethics and Accountability
3.1. Demonstrate an understanding of your organisation’s code of ethics and corporate values and how the communication of these can promote and maintain an effective counter fraud culture.
3.2. Demonstrate awareness of governance structures that enable all those associated with an organisation to prevent fraud.
3.3. Demonstrate an understanding of how counter fraud management forms part of, and enables effective corporate governance.
3.4. Demonstrate an understanding of the three lines of defence across an organisation and how these can support the maintenance of an effective counter fraud culture.
3.5. Demonstrate how to influence the development and operation of procurement services, making it clear that continuous and effective controls to prevent and deter fraud, bribery and corruption are an essential part of this function.
3.6. Demonstrate the ability to introduce and maintain methods to ensure the effective compliance in relation to the use of hospitality and gift registers.
3.7. Demonstrate how to evaluate and enhance the processes in place for fraud reporting in an organisation.
4. Measurement
4.1. Demonstrate how to design and introduce corporate health checks to assess the governance, structures and processes in place to understand, find and manage fraud and corruption effectively.
4.2. Demonstrate how to use a range of processes, policies and people to measure the counter fraud culture in an organisation.
4.3. Demonstrate how the use of Fraud Risk Assessment, Initial Fraud Impact Assessment, Fraud Management Cycle and control evaluation[footnote 5] can inform the measurement of the organisation culture.
4.4. Demonstrate how to identify, collate and analyse information from different sources to assist in the development of an Impact, Threat and Vulnerability (ITV) assessment of the fraud landscape facing the organisation.
4.5. Demonstrate the design, issue and analysis of surveys which assess employee, contractor, supplier and other stakeholders’ understanding of fraud, bribery and corruption.
4.6. Demonstrate the ability to monitor and evaluate the effectiveness of counter fraud campaigns and other media used in messaging activities, e.g. monitoring detection and prevention levels.
4.7. Demonstrate a knowledge of fraud that has occurred in the organisation historically and the lessons learned and actions taken from these.
4.8. Demonstrate how to apply counter fraud knowledge to design and implement counter fraud procedures and controls to both planned and existing policies, programmes, projects and procedures.
C. Guidance on Processes For Counter Fraud Culture
C1. Introduction
This guidance covers the standard for a counter fraud culture practitioner. All processes and procedures should be regularly revised and evaluated to ensure they meet the required standards and remain current. Set out below are the processes used to influence, measure, improve and maintain an effective counter fraud culture.
There has to be a means to measure the culture and its counter fraud response and effectiveness
C2. Counter Fraud Culture Measurement Cycle
In order for an organisation to ensure that an effective counter fraud culture is in place there has to be a means to measure the culture and its counter fraud response and effectiveness.
A counter fraud culture is challenging to create and maintain, as different people will respond in different ways and bring different perspectives and values to it. However, it can be lost very quickly and therefore robust monitoring and evaluation techniques need to be put in place to prevent this from happening.
The Culture Measurement Cycle provides a framework on which to base this measurement and will help an organisation to reflect on its current counter fraud culture, how it is performing and how it can be improved.
The cycle is one of continuous improvement to reflect and review how changes in people, processes and policies can have both a positive and negative impact. Organisations are continually changing and as such, culture is not static.
The counter fraud culture of an organisation has far reaching effects.
The Counter Fraud Culture Measurement Cycle[footnote 6] is a useful process to drive, improve, review and support development of a counter fraud culture.
The Counter Fraud Culture Measurement Cycle
Ethics and Value
- Information
- Measure
- Evaluate
- Action and Communication
- Measure and Assess
Ethics and Values
In the measurement cycle, ethics and values are central to the process of shaping the counter fraud culture. Strong ethical practices promote ethical decisions and create a foundation for positive counter fraud practices. An environment that promotes strong ethics and values and empowers employees to have the courage to challenge, be proactive, curious and innovative in their approach to identify and tackle fraud will promote a positive counter fraud culture. A positive workplace culture can encourage ethical and supportive behaviours, while discouraging fraudulent or corrupt activities.
Staff will be less able to rationalise fraudulent or corrupt conduct where a positive workplace culture exists. A culture built on selflessness, integrity, objectivity, accountability, openness, honesty and leadership[footnote 7] is a key organisational strength that can serve to reduce the risk of fraud. When combined with weak controls, a bad culture can act as a catalyst for fraud within an organisation.
Information
The first step to measuring a counter fraud culture is to identify “information stakeholders” and to gather and collect information from a variety of different sources. This information could include surveys, internal audit reports, lessons learned reviews, fraud measurement outcomes, fraud risk assessments, initial fraud impact assessments, monitoring systems, data analytics, data analysis, organisational comparative fraud analyses, fraud reporting, detection rates, fraud reporting data, investigation reports and fraud risk assessment workshops amongst other sources. It is recommended that information should be obtained from different teams across the organisation, not just fraud teams, in order to assess the true organisational culture.
Examples of information sources:
- Surveys – staff perception surveys of the counter fraud culture of an organisation from both managers’ and non-managers’ perspectives, including fraud and non- fraud teams, will be a vital information tool to measure a counter fraud culture. Benefit is drawn from undertaking the surveys on an annual basis to assist in identifying how the staff perception changes over time.
- Internal Audit Reports – internal audit reports evaluate an organisation’s internal controls, including its corporate governance and accounting processes, and will be a useful tool to assess counter fraud culture at the time the internal audit was undertaken and any actions taken as a result of the internal audit to enhance the culture.
- Fraud Measurement Outcomes – fraud measurement is assessing and quantifying the level of fraudulent activity within an organisation. The outcomes of a measurement review will provide useful information to assess where and how fraud is occurring in your organisation and insight into what needs to be done to counter this.
- Fraud Risk Assessments (FRA) – a fraud risk assessment helps you better understand your organisation’s fraud exposure, the associated risks and the strength of controls. A good fraud risk assessment can in itself be an indicator of a positive counter fraud culture and helps identify how potential fraudsters might attempt to circumvent existing controls. Fraud risk assessments are a useful source of information for counter fraud culture measurement. A FRA gives a snapshot of an organisation’s exposure to fraud at a point in time. Over time, the outcome of fraud risk assessments can be compared and movements in exposure will help to demonstrate the extent to which a counter fraud culture is shifting. A steady improvement in assessed quality would be a positive indicator of improvement in culture. Leaders are expected to take full ownership and accountability for the four types of fraud risk assessment; Organisational (Enterprise), Thematic (Grouped), Initial Fraud Impact Assessment and Full FRA, establishing a culture where leaders not only set the tone from the top but also ensure appropriate risk management.
- Counter Fraud Self Assessment – a counter fraud self assessment could be undertaken within an organisation to assess performance against the standard, and measure counter fraud controls. (An example of self assessment can also be found in the product section of this standard).
- Monitoring Systems – system monitoring continuously observes and analyses IT systems’ performance and data to search for anomalies which may indicate unusual patterns of behaviour to act upon (unexpected activity). This could be useful in both detecting fraud and assessing the counter fraud culture of an organisation.
- Data Analytics – data analytics is the collection, transformation and sorting of data in order to draw conclusions, make predictions and drive informed decisions. The data outputs will be useful for the assessment of an organisation’s counter fraud culture.
- Data Analysis – information can be analysed to make informed decisions on organisational culture, e.g. Data Pairing - where data from two similar entities that share the same characteristics is compared or data from a number of time periods for the same entity is compared.
- Organisational Comparative Analysis - an organisation can compare its published fraud and loss performance against that of other similar organisations to benchmark counter fraud activity.
- Fraud Reporting (referrals) – fraud reporting can arise from the introduction of fraud indicators and reporting of suspicious activity within an organisation or from external sources. A low reporting rate could indicate the need for more counter fraud cultural awareness. Reporting of fraud is different to whistleblowing.
- Fraud Reporting Data (whistleblowing) – fraud reporting (whistleblowing) is an internal process that allows a person to reveal information about activity within an organisation that is deemed illegal, immoral, illicit, unsafe or fraudulent. Whistleblowing data is a very useful information dataset for culture measurement, to assess the volume and types of whistleblowing referrals within an organisation.
- Detection Rates/Fraud Results – an organisation’s detection rate and results (e.g. number of prosecutions, penalties, assets recovered) can give an indication of the scale of fraud within an organisation. Low detection or fraud results could indicate a need for more cultural awareness.
- Fraud Risk Assessment Workshops - running fraud risk assessment workshops and using this information to drive improvements across your fraud control environment.
- Fraud Investigation Reports – fraud Investigation reports can be useful in understanding how a fraud was able to occur, and commonality between such reports can help in the assessment of counter fraud culture and attitudes towards governance and control. For example, identifying a consistent failure to undertake expected supervisory checks.
Measure
Having gathered information from a range of sources, different techniques can be used to estimate the level of fraud within an organisation and identify where in the organisation it is occurring. Movements in the measured level of fraud over time will indicate whether the counter fraud culture is moving in the right direction and, if not, provide vital information that can be used in the evaluation phase of the culture cycle (Step 3) so that effective action can be taken. Regular internal measurement processes allow for better assessment of the effectiveness of an organisation’s counter fraud culture. Any set of measurements is only a starting point. It is important to take action on the findings of any measurement exercise, and to give feedback on the findings to relevant people and organisational units for action. Such actions should feed into the evaluation and action phases and be tracked to ensure that they are implemented in a timely and proportionate manner.
Movements in the measured level of fraud over time will indicate whether the counter fraud culture is moving in the right direction
Evaluate
The evaluation of the measurement cycle results allows for meaningful conclusions to be drawn, helping to make informed decisions relating to counter fraud. It is important to evaluate not only what the information is telling us but also what it is not. For example, an area reporting no fraud may appear to be a good thing however, the reasons for this need to be questioned. No reports of fraud does not necessarily mean there is no fraud occurring nor does it demonstrate a positive counter fraud culture. It could indicate the opposite, that there is apathy toward the issue of fraud, poor leadership, lack of employee awareness or poor communication. The evaluation should also not be looked at in isolation.
Comparisons should be drawn across business areas and comparable organisations and using annual information to ensure a more efficient evaluation of the measurement results and a wider understanding of the counter fraud culture.
Action and Communicate
In the measurement cycle, action plans following measurement and evaluation can incorporate immediate and short term plans as well as longer term initiatives and strategies to enhance positive aspects and address areas needing improvement. However the actions alone will not drive culture change.
Internal communication is needed to foster awareness and understanding of fraud’s impact on culture. Actions and steps taken need to be transparent. Good communication to build fraud awareness and a commitment to preventing fraud, together with clear consequences of engaging in fraudulent activity help to deter fraudulent behaviour and promote a positive counter fraud culture within your organisation. All internal communications activity should be undertaken with the consent of your internal communications team to ensure that it supports your organisation’s communications plan and strategy.
Examples of communicating to enhance the organisation’s counter fraud culture:
- Promote ethics and values.
- Promote corporate governance.
- Zero tolerance of internal fraud within the organisation.
- Risk based tolerance toward all other fraud.
- Discussing at senior management levels the fraud risk and counter fraud practices.
- Knowledge and expertise to inform and educate senior leaders and other professionals.
- Raise awareness of guidance, policies and procedures relating to counter fraud.
- Highlight success stories and the impact of fraud prevention efforts, to keep employees engaged and motivated.
- Making your staff aware of what fraud is and how to report it.
- Tailored fraud awareness training and counter fraud campaigns.
- Communicate the results of fraud investigations to raise awareness of your organisation’s active management of fraud risk and corrective action.
Measure and Assess Action Outcomes
In the measurement cycle, any actions taken need to be measured to assess their impact on the counter fraud culture. This allows any changes in culture to be tracked, and as new data is input following new actions, organisations can build a comparative analysis to better understand the impact of a counter fraud culture over time. The counter fraud measurement cycle is a continuous cycle which allows organisations to adapt and refine their culture to align with evolving goals and values.
No reports of fraud does not necessarily mean there is no fraud occurring
C3. Counter Fraud Culture Triangle[footnote 8]
In the simplest of terms, a positive and effective culture is built and influenced by 3 factors: the direction and control in the organisation, the organisation’s policies and procedures, and the people within the organisation. In order for a counter fraud culture to be effective, these elements must work together. If one element is failing then a positive counter fraud culture will not be attained.
Counter Fraud Culture Triangle
Organisational Culture
- Directions and Contorl
- Policies and Processes
- People
Direction and Control
In an organisation the “tone from the top’’ reinforces ethical behaviour which permeates throughout the culture of the organisation.[footnote 9] When leadership openly communicates its commitment to counter fraud, it sets a precedent for the entire organisation. Controls are an integral part of corporate governance. They allow management to direct all aspects of the organisation’s operations to ensure that corporate objectives are met ethically, lawfully, effectively and efficiently at all times. Without such controls, processes may not align with the organisation’s values and goals of reinforcing desired cultural attributes, employee behaviours and organisational performance.
Policies and Processes
Policies and processes serve as the backbone of an organisation’s culture, influencing its norms, values and practices.
- Policies establish guidelines for behaviour, decision making and interactions shaping the way people engage with each other and the organisation as a whole. Clear and well defined policies promote consistency, fairness and accountability, fostering a culture of trust and respect. The enforcement of policies communicates the organisation’s commitment to its values and standards, removing the opportunity for fraud, influencing employees behaviour and shaping the overall cultural landscape.
- Processes exert significant influence over an organisation’s culture and are driven by relevant policies. The way tasks are structured, workflows are designed and decisions are made all contribute to shaping the prevailing norms and values within the workplace. Efficient, transparent and robust processes can foster a culture of accountability, collaboration and trust. The alignment of processes with an organisation’s goals and values reinforces the desired cultural attributes driving employee behaviour and organisational performance. By continuously refining and adapting processes to meet evolving needs, organisations can build a culture that promotes resilience in the face of change.
In an organisation the “tone from the top’’ reinforces ethical behaviour
People
In an organisation, people play a pivotal role in shaping its culture[footnote 10]. Through their own actions, attitudes and interactions, people collectively create the environment that defines the organisation’s identity and values. By fostering collaboration, diversity and a sense of belonging through wellbeing support, people cultivate a culture that promotes innovation, productivity and overall success.
C4. Lessons from Behavioural Science[footnote 11]
Behavioural science can offer useful insights to help build a counter fraud culture. The seven steps below show how fraud can be reduced using interventions leveraging behavioural science.
Seven Steps to Reduce Fraud
- Make it easy: Make it as straightforward as possible for people, e.g. to pay tax or debts, for example, by pre-populating a form with information already held
- Highlight key messages: Draw people’s attention to important information or actions required of them, for example by highlighting them upfront in a letter
- Use personal language: Personalise language so that people understand why a message or process is relevant to them
- Prompt honesty at key moments: Ensure that people are prompted to be honest at key moments when filling in a form or answering questions
- Tell people what others are doing: Highlight the positive behaviour of others, for instance that “9 out of 10 people pay their tax on time”
- Reward desired behaviour: Actively incentivise or reward behaviour that saves time or money
- Highlight the risk and impact of dishonesty: Emphasise the impact of fraud or late payment on public services, as well as the risk of audit and the consequences for those caught
C5. Fraud Health Checklist
A fraud health checklist can be used to assess the counter fraud culture of an organisation by providing an insight into the effectiveness of its counter fraud measures. This can then support a full Fraud Maturity Self Assessment. Below is an example of a fraud health checklist. A fraud health checklist should be adapted to an organisation’s resources and risk profile.
Please answer the following questions to assess the effectiveness of fraud prevention deterrence and detection measures within your organisation. Rate each question based on the scale provided.
Does the organisation: | Yes | No |
---|---|---|
1. Have an accountable individual at board level who is responsible for counter fraud, bribery and corruption? | ||
2. Have a counter fraud, bribery and corruption strategy? | ||
3. Have a fraud, bribery and corruption risk assessment? | ||
4. Have a policy and response plan for dealing with potential instances of fraud, bribery and corruption? | ||
5. Have an annual action plan that summarises key actions to improve capability, activity and resilience in that year? | ||
6. Have outcome-based metrics summarising what outcomes they are seeking to achieve that year. For organisations with ‘significant investment’ in counter fraud, bribery and corruption or ‘significant estimated’ fraud loss, include metrics with a financial impact? | ||
7. Have well established and documented reporting routes for staff, contractors and members of the public to report suspicions of fraud, bribery and corruption, and a mechanism for recording these referrals and allegations? | ||
8. Have established routes for reporting identified loss from fraud, bribery, corruption, error, and associated recoveries? | ||
9. Have agreed access to trained investigators that meet the agreed public sector skill standard? | ||
10. Undertake activity to try and detect fraud in high-risk areas where little or nothing is known of fraud, bribery and corruption levels, including loss measurement activity where suitable? | ||
11. Ensure all staff have access to and undertake fraud, bribery and corruption awareness training as appropriate to their role, and have policies and registers for gifts, hospitality and conflicts of interest? | ||
12. Have in place policies and registers for gifts, hospitality and conflicts of interest? |
Scoring – Yes = 2 points , No = Zero points
More than 20 – Strong fraud prevention, deterrence and detection practices Between 10 and 20 – Moderate level of fraud prevention and detection measures, improvements may be needed in certain areas
Less than 10 – Weak fraud prevention and detection practices. Significant improvements required to mitigate fraud risks.
C6. How to Measure the Maturity of your Counter Fraud Culture
No sector is immune to fraud and those it does business with are susceptible to the threat it poses. For departments, organisations and individuals to protect themselves from fraud, it is essential to understand the culture that exists in order to manage and mitigate the threat and ensure an ongoing commitment to transparency, open governance and accountability at all levels.
A maturity model shows how capable an organisation or system is of achieving continuous improvement. It is a useful prompt to analyse your organisation and understand where it sits in its maturity journey and what activities or processes may be required to enable improvement.[footnote 12]
The suggested self assessment tool discussed below takes the user through the key questions that all organisations will want to consider in order to:
- Evaluate the effectiveness of existing counter fraud measures.
- Use the evaluation outcomes to identify areas of strength and continue with those initiatives, processes and controls.
- Identify areas for improvement, and the solutions that can be implemented.
Those responsible for countering fraud within the organisation will be responsible for coordinating the completion of the form, but it is recommended that it is signed off by top level management and shared with the accountable individuals at board level. Best practice would be to use this tool alongside the staff survey on counter fraud which is available in the products section of this standard. The maturity self assessment tool is an example of how to measure the maturity of your counter fraud culture and should be adapted and evolved to an organisation’s needs.
No sector is immune to fraud
Maturity Counter Fraud Self Assessment Tool
Question | Yes | No | Guidance |
---|---|---|---|
Does your organisation have an ethics standard? | - Organisations should promote clear ethical standards through codes of conduct and a formal counter fraud policy. These ethics should form part of the appraisal process and include staff integrity health checks. | ||
Does your organisation have a strong sense of purpose in its approach to counter fraud, bribery and corruption? | - An organisation which aligns its mission and goals with its actions will promote ethical behaviour and build trust. - Strong corporate governance practices contribute to long-term sustainability and success by reducing the risk of fraud, misconduct and conflicts of interest and by promoting responsible and ethical behaviour throughout the organisation. |
||
Is there a top level commitment to countering fraud in your organisation? | - There should be a clear and effectively communicated commitment throughout the organisation. It should be evidenced through statements, policies, strategies, resourcing and procedures. There should be regular reviews of policies and procedures to ensure that these remain relevant and are actively complied with. - There should be active involvement of the board or equivalent with a named point of contact, ensuring that regular discussion takes place at board level. - Top level management should be committed to preventing, deterring and tackling fraud by persons associated with the organisation and they should foster a culture within the organisation in which fraud, bribery and corruption are not acceptable. |
||
Does your organisation have a senior counter fraud champion in the organisation who promotes counter fraud messages? | - Organisations will benefit from having a senior counter fraud champion responsible for promoting counter fraud messages. The champion should work across the business units and beyond to engage stakeholders. | ||
Does the counter fraud champion have direct access to the audit committee and internal and external audit when this is needed? | - Direct access to the audit committee and internal and external audit is necessary when serious fraud matters need to be escalated quickly and impartially. | ||
Does your organisation have a current counter fraud strategy and has this been communicated organisation wide? | - A counter fraud strategy should be aligned with the corporate strategy and provide a platform for organisations to demonstrate their commitment to tackling fraud both externally and internally. It offers the opportunity for greater transparency both to staff and to the public, and allows for the optimal and synergistic use of resources. - The strategy should be implemented across the organisation so that all staff are aware of it and what it means for them. |
||
Does your organisation have procedures in place to manage the tender process in such a way that it ensures that the best bid wins the contract? | - Tender processes must follow the law and government guidelines and ensure that all bidders are treated equally and fairly. There should be controls in place to prevent bribery and corruption entering the procurement process and ensure that the best value for money is obtained for the taxpayer. | ||
Does your organisation have a gifts and hospitality register covering both offer and receipt, including things offered but not accepted? | - Your gifts and hospitality register should include gifts offered, received and declined. It should also record what was done with the gift if accepted and kept by the department. | ||
Does your organisation use data and technology to indentify, manage and report on fraud risks and exposures? | - Organisations should consider using data and technology efficiently in current and future systems to combat fraud, embracing developments in technology but including human oversight and moderation. | ||
Does your organisation have counter fraud clauses within the contracts of suppliers and external contractors? | - Clauses within contracts should include what standards are expected to be met and consequences if not met. e.g. monies will be reclaimed and reports may be made to law enforcement. | ||
Does your organisation promote positive fraud behaviours? | - A culture of expected behaviours around fraud should be promoted throughout the organisation from inception to every grade e.g. job adverts, contracts, inductions, and training, so that expected behaviours around fraud are embedded and integrated naturally and consistently across the organisation. | ||
Does your organisation foster collaborative working between different parts of its business and other bodies to incorporate fraud risk within their policies/ procurement? | - Organisations should foster collaborative working between their different functions and with other organisations, to ensure a comprehensive approach to fraud risk management and address potential vulnerabilities across all aspects of their business operations. | ||
Have critical / sensitive business areas been identified that are vulnerable to fraud, and are business continuity and other mitigation plans in place and regularly tested? | - All business areas, and especially those where performance is critical to the successful achievement of corporate objectives, should have a business continuity plan in place to safeguard assets, maintain operational integrity and sustain trust with stakeholders, ensuring resilience against potential fraudulent activities. | ||
Does your organisation have policies and signposting in place to support staff welfare and wellbeing? | - Motivators to committing fraud can include personal financial pressures. By having support mechanisms in place, some of the critical motivators for fraud can be neutralised. | ||
Do you undertake impact, vulnerability and threat assessment activities to identify and assess a malicious actor’s capability and intent? | - The findings of the impact, vulnerability and threat assessment should inform the assessment of risk, with a focus on the capabilities and intent of a person or group with the potential to cause harm to the organisation’s objectives. - This can include an analysis of past fraud, bribery and/or corruption by examining the opportunities to commit fraud against the organisation and the skills needed for a potential perpetrator to be successful. |
||
Is the assessment of fraud, bribery and corruption risk part of your regular risk assessment process? | - Risks from fraud, bribery and corruption should be captured as part of detailed risk assessments undertaken on individual business areas as set out in the Government Counter Fraud Standards for Risk Assessment. | ||
Do you have data analytics processes in place to better identify possible fraud, bribery and corruption activity? | - It is important that data analytics are undertaken by people with the relevant skills and training (to lower the risk of error), and that all such exercises are undertaken with the permission of the Data Controller and are consistent with the organisation’s responsibilities under the Data Protection Act 2018. Such activities must also be consistent with the organisation’s registration with the Information Commissioner’s Office. | ||
Do you have a system for recording and capturing all incidents of fraud, bribery and corruption and failures of the counter bribery and corruption management system? | - Organisations should ensure that they have procedures in place to capture all instances of suspected fraud, bribery and corruption, and that they are appropriately reported and followed up. Lessons should be learned wherever possible. This may be part of the organisation’s fraud and whistleblowing intelligence system, but if so, there needs to be a mechanism to specifically identify bribery and corruption within this. | ||
Do you have an agreed process for preventing and reporting allegations of fraud, bribery and corruption? | - An internal process should consider how information is securely handled and ensure that adequate procedures are in place in accordance with the Bribery Act 2010 and the Economic Crime and Corporate Transparency Act 2023. Organisations should ensure they have adequate processes in place to provide a defence to the offences of a failure to prevent fraud and a failure to prevent bribery. - This may be separate to the organisation’s whistleblowing reporting tool. Having a good whistleblowing policy and procedure in place that is regularly reviewed ensures individuals can report malpractice without fear of reprisal. |
||
Do training programmes address the responsibilities of all staff for the detection and prevention of fraud, bribery and corruption for issues such as the integrity of staff, security and vetting, due diligence and HR processes? | - The risk of fraud, bribery and corruption should feature in training programmes for staff of all levels; the risks need to be recognised throughout the organisation at all stages of employment from induction to exit, employee and contractor responsibilities towards countering fraud should be captured in the staff handbook and relevant supplier contracts respectively. - Training programmes for fraud management should include all elements of the product life cycle including pre-implementation development, live running and decommissioning. They should be kept up to date and involve annual knowledge checks. - To ensure consistency of approach, limit duplication and keep costs to a minimum, there should be a fraud protocol document outlining how different departments involved in the management of fraud risks and threats work together (including HR, Procurement, Finance, Corporate Governance, Risk Management, Internal Audit and Counter Fraud). - All staff need to be made aware of their own responsibilities, including contractors who should be informed of the organisation’s policy for countering bribery and corruption. - It is helpful for fraud, bribery and corruption risks to be considered whenever new policies and procedures are developed. The risks identified should be cascaded as part of staff training. - Training programmes will raise staff awareness, knowledge and understanding of the importance of tackling fraud, and of the risks and issues in relation to bribery and corruption. They also highlight the roles and responsibilities everyone has in fighting fraud and promoting an effective anti-fraud culture across government. |
||
Do you communicate/ raise awareness of fraud, bribery and corruption within your organisation and the channels available to report suspicions? | - Consider how your organisation raises awareness of fraud, bribery and corruption and how messages can be reinforced to enable staff to be better aware of the risks of bribery and corruption within their work area/role. - Are your staff and other internal and external stakeholders empowered to speak up when they suspect fraud, and do they feel confident to do so? - Does your organisation communicate the results of fraud investigations internally, as this can act as a deterrent to others? It also demonstrates organisational transparency and accountability, building a culture of trust and highlighting the importance of fostering ethical behaviour. |
Scores and next steps[footnote 13]
2 Points = Yes
0 Points = No.
If you scored 34-40 you have an Established Culture
“Established” means a culture that views countering fraud as a priority, and is part of how you operate. You have regular reviews in place, and a clear and consistent understanding of your risk appetite, which is the level of fraud that can be tolerated in order to meet organisational objectives, and who is accountable across the organisation. To go even further you:
- Continue to review data and survey staff about fraud culture.
- Run fraud risk assessment workshops and use this information to drive improvements across your fraud control environment.
- Benchmark your entity’s performance against other entities.
- Regularly review fraud training and counter fraud practices.
- Implement robust processes and regularly review them to counter fraud.
- Continue to actively investigate and respond to detected fraud.
If you scored 24-32 you have an Intermediate Culture
At “intermediate”, fraud may be viewed as an important issue but there is likely to be little or no resource allocated. You can do more to improve by:
- Making sure that fraud risk is considered using Initial Fraud Impact Assessments.
- Considering if internal capability for fraud risk assessments could be developed in the future.
- Discussing fraud risk and counter fraud practices at senior management levels, and how these could be developed so that the organisation can progress to an “Established Culture”.
- Beginning to seek investment in processes, tools or other resources to help in countering fraud.
If you scored 0-22 you have an Interested Culture
If you are in this group, your organisation is unlikely to view counter fraud as a priority or have systems and controls in place to prevent, detect and respond to it effectively. The steps you should consider are:
- Making sure that fraud risk is considered in organisational level risk assessments.
- Building and maintaining a culture that sees finding fraud as a positive outcome.
- Promoting fraud awareness.
- Profiling significant fraud cases.
- Implementing fraud training.
- Making your staff aware of what fraud is and how to report it.
D. Guidance on Products for Counter Fraud Culture
D1. Introduction
This guidance covers what good quality products should look like when influencing, measuring, improving and maintaining an effective counter fraud culture.
D2. Organisational Warning Indicators[footnote 14]
When considering how fraud and corruption are able to thrive in an organisation, certain warning signs can indicate that controls over fraud, bribery and corruption risks need to be improved. Presence of the indicators below increase the potential for fraud to occur.
- Poor tone from the top and tone from within the organisation.
- Lack of management oversight and effective audit.
- A failure of management to implement supervisory responsibilities.
- Little or no training on, or communication of, controls to counter fraud.
- Failure to undertake fraud risk assessment.
- Lack of procedures and processes to regularly scan corporate systems for evidence of anomalies.
- Fraud risks that are not adequately addressed by robust internal controls.
- Poor vetting and due diligence.
- Lack of segregation of responsibilities.
- Lack of scrutiny or monitoring.
- Poor record management.
- Circumventing tendering/procurement process.
- Lack of proper authorisation for activities and transactions.
- Overriding controls.
- Unusual and/or anonymous transactions.
- Poor data and information security.
- Poor physical security.
D3. How to respond to Organisational Warning Indicators
Robust controls need to be in place to respond to organisational warning indicators. These measures create a fortified defence against fraud, ensuring the integrity and trustworthiness of the organisation. These controls include:
- Positive and consistent tone from the top.
- Procedures, policies and processes to minimise the risk of fraud.
- Supervisory implementation of management responsibilities.
- Regular audits and fraud risk assessments.
- Continuous fraud training and awareness programmes.
- Procedures and processes to scan systems for fraud and transaction anomalies.
- Internal controls, including the segregation of duties and authorisation processes.
- Pre-employment vetting processes.
- Due diligence checks on third party suppliers and contractors.
- Physical controls and security.
- Data and information security.[footnote 15]
- Stringent financial oversight and accounting controls.
- Whistleblowing mechanisms.
- Transparent reporting processes.
- Security controls around information technology and data.[footnote 16]
Robust controls need to be in place to respond to organisational warning indicators
D4. Three Lines of Defence Against Fraud
The three lines of defence in risk management against fraud are recognised by the Institute of Internal Auditors as the framework by which the effective management of risk can be assured.[footnote 17] The three lines of defence are also referred to in The Orange Book - Management of Risk - Principles and Concepts.[footnote 18] The identification of risk areas may also indicate areas where counter fraud culture needs to be addressed.
Three Lines of Defence Against Fraud
First line of defence – Management
- Who – Operational managers and staff directly involved in executing business activities
- What – Establishing and maintaining effective internal fraud controls, identifying and managing fraud risks, and ensuring compliance with policies and procedures
Second line of defence – Risk Management and Compliance
- Who – Risk management, compliance and control functions that support and oversee the first line of fraud defence
- What – establishing fraud risk management frameworks, developing counter fraud policies and procedures, conducting fraud risk assessments, monitoring compliance with regulations, and providing guidance and support to first line
Third line of defence – Audit/Assurance
- Who – Internal audit function which provides independent assurance and advisory services to the organisation
- What – evaluating the effectiveness of fraud governance, fraud risk management and internal fraud control processes, conducting audits and reviews, providing recommendations for improvement and reporting findings to senior management and the board of directors
D5. How to Build Good Working Relationships
Good working relationships and communication contribute to a positive counter fraud culture. Building good working relationships involves a combination of interpersonal skills, communication techniques and collaborative tools as shown in the following principles and tactics:
Principles
- Effective Communication – active listening, being clear and concise, open and transparent.
- Empathy and Understanding – acknowledge and understand others’ perspectives.
- Collaborative Problem Solving – a supportive environment where team members feel comfortable to share ideas.
- Conflict Resolution – handling objections to a taken position and reaching common ground.
- Building Trust – act with integrity, be transparent about intentions, expectations and limitations.
- Recognition and Appreciation – recognise achievement and contributions.
- Collaboration – schedule regular meetings and check-ins to keep members informed and aligned on goals/priorities.
Tactics
- Be Balanced – developing lines of reasonable argument.
- Be Positive – emphasise the positive and support arguments with positive examples.
- Attitude – a polite but assertive manner.
- Behaviour – affirmative body language when others are speaking.
- Judgement – knowing when to make concessions.
D6. Memorandum of Understanding (MOU)[footnote 19]
A memorandum of understanding (MOU) can be used to establish clear guidelines, roles and responsibilities among stakeholders, facilitating efficient collaboration and coordination in preventing and addressing fraudulent activities.
A MOU should include a number of areas including:
- Names of the parties involved.
- The details of the project.
- The full scope of the project.
- Individual names, roles and responsibilities.
- Legislation for any data sharing.
- Beginning and end dates of agreement.
- Background.
- Costs.
- Date of agreement.
- Signatures of parties.
Building good working relationships involves a combination of interpersonal skills, communication techniques and collaborative tools
D7. Effective Management of Gifts and Hospitality[footnote 20]
An effective gifts and hospitality policy for staff is used to support positive ethical behaviours and culture within an organisation and should include:
- Clear mandatory guidelines – develop clear policies and guidelines that define acceptable and unacceptable gifts and hospitality including thresholds, reporting requirements and approval processes.
- Communication and training – ensure all staff are aware of the guidelines and policies and provide examples of what is acceptable and not acceptable.
- Approval process – implement a formal approval process for accepting or providing gifts and hospitality. This process should involve appropriate levels of management or oversight to ensure transparency.
- Document and report – employees should document all gifts and hospitality received or provided including the nature, value and purpose of the gift or hospitality as well as the identities of the parties involved and who offered the gift or hospitality whether accepted or declined. Instances of non-compliance or unethical behaviour should be reported through established channels.
- Review and oversight – regularly review to monitor compliance with policies and guidelines. Fraud oversight will ensure transparency and identify potential conflicts of interest.
- Consequences for non-compliance – the consequences of non-compliance with policies and guidelines regarding gifts and hospitality, including disciplinary actions for employees, should be clearly communicated.
- Clear definition of both gifts and hospitality – to include the offer of use of transport, accommodation and costs to attend conferences.
- Clear guidance on the acceptance of gifts or hospitality – that they should generally be refused and only accepted in prescribed circumstances.
- Setting a maximum financial limit – for the receipt of gifts.
- Guidance – when hospitality may be accepted and how to accept gifts where refusal would cause offence (gift not to be retained by the staff member).
- Auditable – process for the recording of both offers and acceptance of the gift or hospitality.
- Process – for staff to sign to say they have understood the policy on a yearly basis.
An effective gifts and hospitality policy for staff is used to support positive ethical behaviours and culture within an organisation
A whistleblowing policy is crucial for promoting transparency, accountability and positive culture
D8. Fraud Reporting Policy/ Process (Whistleblowing[footnote 21])
A whistleblowing policy is crucial for promoting transparency, accountability and positive culture by providing a safe avenue for employees to report fraud and other misconduct or unethical behaviours.
A whistleblowing fraud reporting policy and process should contain a number of factors.[footnote 22] The policy should:
- Be clear, simple and easily understood.
- State the relevant legislation and what this means for whistleblowers and the whistleblowing process.
- Define what constitutes wrongdoing.
- State who is, and who is not, covered by whistleblowing arrangements.
- Publicise how to raise a concern and that concerns can be raised 24/7.
- Stipulate who and where concerns should be reported to.
- Refer to requests for anonymity.
- Refer to requests for confidentiality.
- State what whistleblowers can expect when reporting concerns.
- Highlight the type of issues that can be raised.
- Positively encourage anyone who has serious concerns about any aspect of their work to come forward and voice them. Promote a policy whereby all persons can raise concerns without fear of retaliation and are protected from any such actions.
- Have a process in place which allows people to come forward independent of management, which is also accessible to suppliers and contractors.
- Be regularly reviewed.
D9. How to Develop your Corporate Values
Corporate values provide a common purpose that all employees should understand, work towards and live by, supporting a positive counter fraud culture.
Corporate values:
- Guide decision making and a sense of what’s important and what’s right.
- Have a direct impact on an organisation’s culture.
- Set out what you stand for as an organisation.
- Define your organisation to employees, stakeholders and customers.
How to build an organisation’s corporate values
1. Start with evaluation of the existing values (culture measurement cycle).
- Survey staff and board level members for their views of any existing values.
- Consider how long they have been in place, how they are viewed, and how effective they have been.
2. Using staff focus groups and closed sessions with board members, spend time to think creatively and aspirationally about potential new values.
- Allow participants to take time individually and in small groups to select 2-3 attributes and values that inspire them. Ask why, and get a sense of the attraction to particular values.
3. Collate and theme/group the findings of steps 1 and 2 to produce a shortlist of around 5 key values.
- Using insight from stakeholders, consider which best represent the organisation, its mission and its focus.
4. Incorporate into publications, strategies and communicate widely.
- When communicating, ensure the values are aligned and linked to the organisation’s goals and aspirations, with clear messaging of how to “live” the values every day.
5. Recognise those who embody the values.
- Use reward and recognition policies to celebrate and highlight those who embody and bring the values to life to encourage others to adopt them.
Example of values from the PSFA set out below
1. Expertise
We will ensure that our expertise drives decision making, building our reputation as authoritative and credible experts in our field.
2. Innovation
We will innovate to meet the ever evolving fraud threat through creativity and agility to achieve results.
3. Collaboration
We will work in close alliance with partners and across all business areas to achieve our collective goals and maximise our strengths.
4. Integrity
We are professional, committed, honest and transparent. Integrity underpins every aspect of our work.
5. Respect
We respect each other and celebrate diversity, valuing different ways of working to bring inclusion to the heart of our working practices.
D10. Code of Ethics
Ethics and values are at the centre of counter fraud culture and form the basis of the counter fraud culture measurement cycle described in section C2. A code of ethics is a guiding set of principles intended to instruct professionals to act in a manner that aligns with the organisation’s values, and is beneficial to all stakeholders involved. A code of ethics should be clear and transparent.
The core principles observed by those in the Government Counter Fraud Profession are aligned to those of the Civil Service code[footnote 23]:
- Integrity
- Honesty
- Objectivity
- Impartiality
Government Counter Fraud Profession Code of Ethics[footnote 24] – alongside this, the Government Counter Fraud Profession has four behaviours which complement the Civil Service code:
- Courageous – standing up for what is right; never ignoring unethical or unprofessional behaviour. Having the courage to hold difficult conversations with stakeholders to ensure the best outcomes.
- Challenging – to challenge appropriately where the wrong decision is being made or inappropriate behaviour e.g. bullying, indiscretion etc. is being displayed.
- Collaborative – partnering and collaborating with the wider fraud community and stakeholders within your organisation.
- Objective – Acting solely according to the merits of a task and serving governments with different objectives with a commitment to objectivity and impartiality.
A code of ethics should be supported by a code of conduct. Employment contracts should also specify what will happen in the event that fraud is suspected including: suspension, the right to investigate concerns made, the right to call those suspected for interview, interviews under caution and cooperation arrangements.
The Nolan Principles[footnote 25] are the basis of the ethical standards expected of public office holders – Selflessness, Integrity, Objectivity, Accountability, Openness, Honesty and Leadership.
D11. Counter Fraud Awareness Survey – for staff and stakeholders[footnote 26]
Conducting fraud awareness surveys helps to identify potential vulnerabilities and reinforces a culture of integrity, trust and ethical behaviour among employees. Regular administration of a counter fraud awareness survey allows for tracking changes in culture over time and identifying areas for improvement.
A good qualitative staff survey should be anonymous to encourage honest feedback and include open ended questions that allow employees to express their opinions, concerns and suggestions in their own words. For example:
- Do you think this organisation or department has a problem with fraud? If so, what is it?
- Do you believe fraud prevention is a priority in your organisation?
- Are you aware of the department’s fraud strategy?
- Does the organisation have a fraud strategy?
- Does your organisation have a fraud policy that provides guidance on unacceptable behaviour and potential disciplinary actions?
- How effective do you feel your organisation is at providing training and awareness on how to recognise and combat fraud?
- How thoroughly do you believe your organisation checks the background of potential new recruits and the vetting of existing staff?
- How thoroughly do you believe your organisation performs due diligence checks on potential and existing suppliers and contractors?
- Do you understand the fraud risks facing your organisation and their potential impact?
- How effective do you believe your organisation would be if a fraud is discovered?
- Are you aware of how to raise fraud concerns?
- Do you think any action will be taken against internal fraud?
- What barriers do you perceive to reporting suspected fraud?
- Do you feel comfortable raising concerns about potential fraud with your manager or higher-level management?
The results of counter fraud awareness surveys can be used to identify the current counter fraud culture in the organisation, assist in the development and implementation of an action plan and use as a benchmark to track improvements.
D12. Culture Dashboard[footnote 27]
A Culture dashboard provides a visual representation of key management information and metrics to quickly assess the organisation’s position on counter fraud, corruption and bribery and identify areas for improvement. A dashboard can be a valuable tool for monitoring and managing counter fraud culture over time.
A dashboard for senior leaders on counter fraud culture could include:
- Fraud incidents.
- Fraud detection rates.
- Prosecution outcomes.
- Whistleblower reports.
- Training completion rates.
- Compliance with gift and hospitality policies and procedures.
- Employee surveys.
- Year on year and month on month comparisons of fraud levels.
- Action plans, impact and progress reports on issues of concern.
- Number of allegations awaiting investigation.
- Oldest live investigation and its elapsed time.
- Average elapsed time for an investigation.
- Most expensive live investigation.
- Average cost of investigations.
- Legal challenges outstanding.
- Recovery rates.
Negative Culture
- No tone from the top.
- Poor and unethical standards of leadership.
- Poor communication.
- Lack of transparency.
- No training.
- Fraud not acknowledged.
- Whistleblowers not protected.
- No clear policies and procedures.
Negative Culture leads to:
- Unethical decision making.
- Fraud not identified.
- Losses due to fraud.
- Reputational damage.
Positive Culture
- Tone from the top to prevent fraud.
- Strong and ethical leadership.
- Staff communicated with openly and transparently and supported with training and awareness.
- Fraud is acknowledged but not tolerated.
- Whistleblowers are protected.
- Clear policies and procedures to tackle fraud.
- Active curiosity of fraud causes is encouraged.
Positive Culture leads to:
- Ethical decision making.
- Increase in fraud detection.
- Reduced level of fraud.
- Build public confidence and trust.
D13. Wellbeing Support[footnote 28]
Wellbeing support is essential for fostering a strong counter fraud culture as it helps employees feel valued, supported and motivated to uphold ethical standards. This will help to reduce the likelihood of fraudulent behaviour stemming from stress, dissatisfaction or personal difficulties.
Wellbeing support should include:
- Routes to speak up if fraud suspected.
- HR access and assistance.
- Employee assistance programme.
- Helplines for staff e.g. debt problems.
- Fair treatment policy.
- Adequate pay and benefits.
D14. Fraud Protocol Document[footnote 29]
A fraud protocol document provides an agreed basis for coordinating the different parties involved in counter fraud activities for example: HR, Procurement, Security, Internal Audit and Counter Fraud. A fraud protocol document supports the building of a positive counter fraud culture by reducing the risk of duplication of effort, ensuring that business units are not overly burdened by inspection activities, helps to ensure that counter fraud activities are delivered to a common standard and allows for a comprehensive approach to fraud management. The responsibilities of each of the teams are covered by the document as set out in the counter fraud strategy.
It will help to ensure the organisation is prepared to address fraud effectively. It may include:
- Scope and Objectives – detail which departments, organisations, teams and counter fraud activities the protocol document will apply to. It will provide a definition of the fraud relevant to the organisation and clear objectives for managing this including desired outcomes as part of the joint working interactions between the covered parties. It will also include details of policies that will impact the work and the contribution of each team to the objectives set out in the counter fraud strategy.
- Defined Roles and Responsibilities – clear, defined responsibilities and liaison points must be documented to ensure consistency and avoid conflicts. Consideration should be given to priorities of actions and overall leading of the counter fraud activities. Clear details of how each party will impact or contribute to the fraud action plan and strategy should be recorded.
- Information or Intelligence – sharing processes should be documented, what data, information and intelligence can be shared, which legislation or policies and processes to allow sharing and storage procedures of intelligence. Who will be responsible for sharing information and when.
- Working Processes – the protocol document should be clear on joint working processes, procedures and co-operation required to be effective in meeting the objectives.
- Monitoring and Review – there should be a clear review process detailed for the protocol document, including responsibility for the review and timelines. It should detail how effectiveness can be reviewed and how to identify barriers and conflicts. It needs to include how the protocol document will be revised, if necessary.
D15. Communication Channels[footnote 30]
Communicating fraud awareness programmes and the outcomes of fraud investigations is vital for keeping employees informed, reinforcing organisational commitment to integrity and building a culture of accountability, transparency and deterrence against fraudulent behaviour. Communication channels may include, and are not limited to:
- Email.
- Phone calls/video conferencing.
- Social media.
- Intranet.
- Newsletters.
- Surveys.
- Websites.
- Written communications e.g. policies.
- Targeted direct mail.
- Pop up messages on login screens.
- Whistleblowing procedures – particularly where reports are made to dedicated phone lines and email addresses.
D16. How to be a Counter Fraud Culture Champion[footnote 31]
All individuals play a crucial role in influencing and promoting a counter fraud culture within their organisation. An individual should:
- Lead By Example – demonstrate honesty and integrity and ethical behaviour in all decisions, follow policies and procedures relating to fraud prevention and reporting rigorously.
- Collaborate With Others – work collaboratively across different departments and functions to share information and best practices for fraud prevention.
- Promote a Positive Work Environment – create a supportive and inclusive work environment where people feel empowered to speak up about potential fraud risks without fear of retaliation, encourage open communication, trust and mutual respect.
- Stay Informed And Engaged – stay informed about the latest developments in fraud prevention and detection through ongoing learning and professional development, engaging in forums and networking to exchange knowledge and expertise with other fraud professionals.
- Raise Awareness – educate yourself and others about the different types of fraud that can occur and their impact, share information about red flags and best practice for fraud prevention.
- Be Vigilant – stay alert and observant of any suspicious or unusual activity that could indicate potential fraud, encourage others to report any concerns or suspicions they might have.
- Report Suspected Fraud – promptly report any suspected instances of fraud or misconduct to the appropriate channels such as fraud hotline.
- Support Fraud Prevention Efforts – participate in fraud prevention training programmes and initiatives, offering expertise and insights to help inform fraud detection processes and internal controls.
- Encourage Transparency and Accountability – hold yourself and others accountable for upholding ethical standards and following established procedures.
This role is in addition to the Counter Fraud Champion role as defined by GovS 013.
D17. Fraud Risk Assessment (FRA)
A Fraud Risk Assessment[footnote 32] covers how to effectively identify, describe and assess individual fraud risks and develop these into a comprehensive fraud risk assessment for the entire organisation. It covers how to identify and evaluate mitigating controls, including understanding their limitations. The identification of risk may indicate areas where counter fraud culture needs to be addressed.
A Fraud Risk Assessment (FRA) may consider an organisation’s vulnerabilities to both internal and external fraud. It is an essential element of an effective counter fraud response and, while it should be integrated into the organisation’s overall risk management approach, requires specific skills, knowledge, processes and products.
All organisations must have an Organisational (Enterprise) level fraud risk assessment supported by Grouped (Thematic) fraud risk assessments, as well as Initial Fraud Impact Assessments and Full Fraud Risk Assessments for the areas of highest risk and materiality.
The fraud risk assessments must allow the organisation to understand where it has the potential to be vulnerable to fraud and error by describing the fraud risks that the organisation faces and assessing their likelihood and impact.
The HMG Functional Standards outline the requirements of all organisations and regular reviews by the Counter Fraud Function’s Centre of Expertise are completed to monitor and report progress against the standards.
D18. Initial Fraud Impact Assessment[footnote 33]
An Initial Fraud Impact Assessment (IFIA) is a high-level fraud, bribery and corruption impact assessment that should be completed early on in the life cycle of proposed new major spend activity. The IFIA is an indicator of the impacts, should fraud occur. It does not evaluate in detail the effects of the controls on the specific fraud risks and the extent to which residual risk remains. That is the role of the Full Fraud Risk Assessment. An IFIA can support the counter fraud culture by highlighting areas of potential impact.
The IFIA can also help to identify gaps in the counter fraud approach so that these can be considered upfront. Completing an IFIA should enable the Senior Responsible Officers (SRO) and Accounting Officers to prioritise which spend activities they should put the greatest focus on for taking action to reduce and react to fraud risk. It also gives a view on the different impacts, not just financial, that instances of fraud would have, and how widespread fraud could be. This will help inform the likely extent of risks and the impacts it will have, and help SROs to start to think about their counter fraud resourcing.
Embedded into corporate governance arrangements, the IFIA is used to inform spend approval decisions and provide early assessment of the need to resource counter fraud activity, including mapping out counter fraud requirements throughout the spend area life cycle. It should also help to identify when the proposed design of a spend activity needs to be adapted or changed in relation to counter fraud concerns.
D19. Impact, Threat and Vulnerability (ITV) assessment
An Impact, Threat and Vulnerability (ITV)[footnote 34] Analysis provides an estimation of the severity of the aggregate threat facing an organisation and what a proportionate response to them is. It therefore starts with the fraud risk assessment which should list all identified fraud risks, their likelihood of occurrence, their proximity and the impact that is likely to ensue should the relevant risks emerge. An ITV analysis then:
- Ranks these risks in order of importance
- Holistically considers exactly what the priorities for action are
- Examines cost effective responses which will deal with a number of linked risks and
- Puts management information routines in place which will detect when the relevant risk(s) are starting to emerge.
An ITV analysis will also be informed by new and emerging threats not on the Fraud Risk Assessment, which will come from internal data sources (such as intelligence) and from open source information.
Assessing threats faced by an organisation also highlights areas which will have an impact on the counter fraud culture. It should be seen as a continuous exercise, overseen by the counter fraud team but supported as necessary by other relevant teams including, but not limited to, intelligence, risk management, fraud prevention, fraud detection, data analytics and investigations.
D20. Fraud Awareness Training[footnote 35]
Fraud awareness training is integral to a counter fraud culture and should include everyone within the organisation, including temporary staff and external contractors. Training increases awareness of what fraud looks like for the organisation and reaffirms an organisational commitment to tackling fraud. Developing counter fraud culture within an organisation is intrinsically linked to developing and embedding ethical awareness in induction, training and professional development.
Training should include:
- How counter fraud aligns with the organisation’s strategic goals and values.
- Why it is important.
- The responsibilities for all officials to control fraud and corruption risks in their day-to-day work.
- What fraud and corruption looks like, including common red flags, how to respond to them, and how to report suspected fraud or corruption confidentially.
- Counter fraud training content should be refreshed regularly.
Recommended frequency of training:
- Induction – counter fraud induction training should be mandatory.
- Regularly – counter fraud training[footnote 36] should be undertaken regularly, yearly at a minimum, on a rolling programme.
E. Guidance for Organisations – Approved Professional Practice
E1. Introduction
The guidance set out below is the approved professional practice for public sector organisations to help influence changes, and to measure, improve and maintain an effective counter fraud culture.
In the United Kingdom, this includes aspects of mandated steps for HMG organisations as per the Government Functional Standard GovS 013: Counter Fraud and the Public Sector Fraud Authority (PSFA) Mandate. Where steps are mandated, this is clearly signposted.
Those engaged in counter fraud, bribery and corruption work shall ensure:
- Objectives are aligned to government policy and organisational objectives.
- Accountabilities and responsibilities for managing fraud, bribery and corruption risk are defined, mutually consistent, and traceable across all levels of management.
- Staff have the skills, awareness and capability to protect the organisation against fraud, bribery and corruption.
- Controls are in place to mitigate fraud, bribery and corruption risks and are regularly reviewed to meet evolving threats.
- Fraud, bribery and corruption risk management practices, tools and methods continue to evolve in line with industry trends, threats and best practice.
- The standard is applied in accordance with the professional standards and Guidance for counter fraud, bribery and corruption.
- Public service codes of conduct and ethics, and those of associated professions are upheld.
E2. The Government Functional Standard – GovS013 Counter Fraud[footnote 37]
The Government Functional Standard GovS013: Counter Fraud sets out a Counter Fraud Organisational basics checklist to help understand, find and prevent fraud.
- Have an accountable individual at board level who is responsible for counter fraud, bribery and corruption.
- Have a counter fraud, bribery and corruption strategy that is submitted to the centre.
- Have a fraud, bribery and corruption risk assessment that is submitted to the centre.[footnote 38]
- Have a policy and response plan for dealing with potential instances of fraud, bribery and corruption.
- Have an annual action plan that summarises key actions to improve capability, activity and resilience in that year.
- Have outcome-based metrics summarising what outcomes they are seeking to achieve that year. For organisations with ‘significant investment’ in counter fraud, bribery and corruption or ‘significant estimated’ fraud loss, include metrics with a financial impact.
- Have well established and documented reporting routes for staff, contractors and members of the public to report suspicions of fraud, bribery and corruption and a mechanism for recording these referrals and allegations.
- Report identified loss from fraud, bribery, corruption and error, and associated recoveries, to the centre in line with the agreed government definitions.
- Have agreed access to trained investigators that meet the agreed public sector skill standard.
- Undertake activity to try and detect fraud in high-risk areas where little or nothing is known of fraud, bribery and corruption levels, including loss measurement activity where suitable.
- Ensure all staff have access to and undertake fraud awareness, bribery and corruption training as appropriate to their role.
- Have policies and registers for gifts, hospitality and conflicts of interest.
Effective governance in these areas will support the maintenance of an organisation’s fraud culture and also help to measure and evaluate the effectiveness of the culture.
E3. Leadership, Ethics and Accountability
The Functional Standard GovS013 sets out the requirement to have a board level individual accountable for Counter Fraud.
This senior individual needs to be active in raising awareness of the harm that fraud can cause, including financially and the impact on morale of staff. Leaders should be visible and promote the ethics and values of the organisation with the aim of deterring individuals from committing fraud.
The organisation should have specific detail relating to the outcome of fraud risk assessments in the corporate governance frameworks and risk management registers. It is critical that those in decision making and senior management roles in the organisation understand the likelihood of risk at an organisational level to be able to make decisions about mitigating risk, evaluating controls and assurance programmes as appropriate.
It is recognised there is a cost to counter fraud and therefore the response to fraud risks should be proportionate to the outcome should the risks materialise. Outcomes refer to both financial and non-financial outcomes (such as reputational damage and diminished service outcomes).
Ethics, behaviours and values are integral to building culture within an organisation and should be modelled and built into an organisation’s structure. The Seven Principles of Public Life (also known as the Nolan Principles[footnote 39]) apply to all roles across the public sector. They should be read alongside organisation specific codes of conduct and ethics for civil servants.
The expectations for personal and business conduct within the public sector should be clearly defined in their employee code of conduct, issued by human resources. These principles should also be used to consider behaviour and conduct in day-to-day work, for example, recruitment, procurement, training processes and performance reviews with staff. See product section D10.
Further information on leadership can also be found within functional standard GovS01.[footnote 40]
E4. Counter Fraud Culture
Organisations should establish a counter fraud culture that includes regular fraud awareness programmes throughout the organisation. Effective leadership in counter fraud management should be tailored to the organisation’s size, management structure and identified risks.
Organisations should establish a workplace culture that encourages ethical and supportive behaviours and supports fraud reporting, while discouraging fraudulent, corrupt or other criminal activities.
Where a positive workplace culture exists, staff will be less likely to rationalise fraudulent or criminal conduct and be more responsive to identifying fraud.
A culture built on honesty, transparency and integrity is a key organisational strength that can serve to reduce the risk of fraud from both external and internal threats. Therefore it follows that the organisation’s corporate values and ethical practices are key to building, shaping and maintaining this culture.
There are a range of ways that a positive counter fraud culture can be established within the workplace, including, but not limited to:
- Clear codes of conduct, behaviours and values, and promoting these.
- Reward and recognition programmes.
- Health and wellbeing training and initiatives.
- Promoting an inclusive and diverse organisation.
- Open and transparent communication and decision making.
- Training and promoting ethical conduct and decision making.
- Commitment to taking action in relation to all concerns raised in staff surveys.
- A number of routes for reporting fraud in the organisation, including dedicated whistleblowing procedures with a positive attitude to whistleblowing.
- An independent audit committee for fraud oversight and action.
- Pre-employment vetting of new employees prior to taking up post.
- Due diligence checks on third party suppliers and contractors.
Organisations should demonstrate to all staff and others working with them (including relevant stakeholders) that the Counter Fraud Function, of which Culture is an integral part, has the full support of the management board and the audit committee.
There should be:
- A visible, consistent, top-down approach to fraud prevention, together with a similar attitude to business ethics and professionalism.
- A commitment to protect the organisation’s business and employees, this includes a “duty of care” to ensure their staff are not put in a position where they could be compromised by accepting inappropriate gifts or inducements.
- A clear policy on the acceptance and giving of gifts and hospitality. Organisations should maintain a conflicts of interest register and a gifts and hospitality register. This policy should be clearly documented and circulated to employees, suppliers and clients.
- An inclusive and supportive workplace, offering health and wellbeing policies and initiatives, as well as reward and recognition programmes with transparent messaging.
Creating an organisational culture, based upon sound ethics and integrity, will help to effectively prevent, deter and respond to fraud
It is essential that all staff have access to policies, documents and working practices that:
- Promote the seven Nolan Principles of public life and expected behaviours.
- Encourage staff to speak up when they become aware of policy, system, procedural or control weaknesses.
- Emphasise the impact of fraud and the organisation’s tolerance to it.
- Promote the organisation’s response to fraud, with details of reporting lines and accountabilities.
- Enable staff to recognise when a fraud may be occurring.
- Promote a whistleblowing policy whereby anyone can raise concerns without fear of retaliation and is protected from any such actions.
- Advertise confidential fraud reporting methods such as online and by and telephone, and evaluate their use and effectiveness.
- Explain the roles of the different teams involved in counter fraud activity and how these relate to one another.
E5. Engagement and Communication
Organisations should ensure that a communications strategy is in place that involves all its counter fraud functions and is available to everyone in the organisation and the third parties they interact with. This includes suppliers, contractors, and agents.
The key messages shared with staff and stakeholders, both internally and externally, should consistently promote the organisation’s stance on fraud, clarifying its tolerance level, and the processes in place to prevent, detect, and respond to fraud. This includes regular internal communication of the organisation’s fraud policy and response plan, as well as establishing clear expectations in contracts and protocols with external parties regarding the detection and prevention of fraud.
It is important to promote the outcomes of fraud investigations across the organisation to raise awareness of the sanctions imposed, discourage others from engaging in fraud, and reinforce a strong counter fraud culture. Careful consideration should be given to any information shared externally. All interaction with the media and through external communications channels, such as the organisation’s social media channels or website, should only be done so by the organisation’s communications and media team. They will ensure all activity aligns to the organisation’s overarching communications strategy and plans and ensure that all communications policies are adhered to.
E6. Behavioural Science
Behavioural science is the study of how human behaviour influences decision making and organisational dynamics. This can inform strategies for improved counter fraud performance and outcomes.
Organisations should consider working with behavioural science teams or seek guidance on how to build elements of their techniques into future communication campaigns.
Behavioural science techniques can be a useful tool to persuade individuals to take a different course of action, and deter them from committing fraud.
Other key insights can have an impact, including building in opportunities for promoting honesty in the application or contract process, with regular questions and prompts about the accuracy of information provided, and regular warnings throughout the process and documentation of the range of sanctions that will be pursued if dishonesty is proven.
Some organisations have had success using “opportunity moments” creating short term opportunities for targeted demographics to facilitate the return of overpayments or debts due to error. These campaigns can be effective at maximising the financial return and allowing other resources to focus on the more complex and longer term aims of tracing and recovering fraud losses.
E7. Measurement – How to Evaluate your Counter Fraud Culture
An organisation’s culture, once developed through its structure, values and ethical frameworks, will require regular maintenance and assurance to evaluate its effectiveness and maturity. As the organisation changes in terms of business scope, size and staffing turnover, it needs to constantly review and re-evaluate its counter fraud culture. Other factors such as external, environmental and political change can also have an impact.
There are different approaches that can be deployed to evaluate a counter fraud culture, and these can include both qualitative and quantitative research methods. The qualitative approach will be informed by surveys of staff, stakeholders and third party contractors, to test their attitudes and understanding of fraud. Quantitative data can be used alongside this type of information, including detection and prevention rates and audit information, supported by fraud risk assessments which should be repeated over time at varying levels.
The key to effective measurement is to utilise a range of sources to build a holistic understanding of the organisation’s maturity,[footnote 41] and highlighting areas for improvement to the organisation’s senior leadership team.
E8. Legal Framework (England and Wales only)
Those operating at all levels should be aware of their legislative frameworks and powers available to them. It is imperative that those most senior, and therefore accountable in the organisation, have particular regard for the intention and meaning of the Acts set out below and for some of these the obligations they face as a consequence of them:
Fraud Act 2006
It is important that leaders understand the key principles of the Fraud Act 2006, including fraud by false representation (section 2), fraud by failing to disclose information (section 3) and fraud by abuse of position (section 4) :
Section 2: Fraud by false representation
1. A person is in breach of this section if he
a. dishonestly makes a false representation, and
b. intends, by making the representation—
i. to make a gain for himself or another, or
ii. to cause loss to another or to expose another to a risk of loss.
2. A representation is false if—
a. it is untrue or misleading, and
b. the person making it knows that it is, or might be, untrue or misleading.
3. “Representation” means any representation as to fact or law, including a representation as to the state of mind of—
a. the person making the representation, or
b. any other person.
4. A representation may be expressed or implied.
5. For the purposes of this section a representation may be regarded as made if it (or anything implying it) is submitted in any form to any system or device designed to receive, convey or respond to communications (with or without human intervention).
Section 3: Fraud by failing to disclose information:
1. A person is in breach of this section if he
a. dishonestly fails to disclose to another person information which he is under a legal duty to disclose, and
b. intends, by failing to disclose the information—
i. to make a gain for himself or another, or
ii. to cause loss to another or to expose another to a risk of loss.
Section 4: Fraud by abuse of position
1. A person is in breach of this section if he
a. occupies a position in which he is expected to safeguard, or not to act against, the financial interests of another person,
b. dishonestly abuses that position, and
c. intends, by means of the abuse of that position—
i. to make a gain for himself or another, or
ii. to cause loss to another or to expose another to a risk of loss.
2. A person may be regarded as having abused his position even though his conduct consisted of an omission rather than an act.
Bribery Act 2010 (UKBA) Section 7 Failing to Prevent Bribery
Section 7 of the UK Bribery Act introduces an offence for commercial organisations where they fail to prevent bribery committed by a person associated with the organisation, where it is done to obtain or retain business or an advantage in the conduct of business for the commercial organisation[footnote 42].
A relevant commercial organisation is defined as:
a. a body which is incorporated under the law of any part of the United Kingdom and which carries on a business (whether there or elsewhere),
b. any other body corporate (wherever incorporated) which carries on a business, or part of a business, in any part of the United Kingdom,
c. a partnership which is formed under the law of any part of the United Kingdom and which carries on a business (whether there or elsewhere), or
d. any other partnership (wherever formed) which carries on a business, or part of a business, in any part of the United Kingdom, and, for the purposes of this section, a trade or profession is a business.
The Ministry of Justice issues guidance on how an organisation can demonstrate they had adequate procedures to prevent bribery which an organisation can use as a defence for the section 7 offence.[footnote 43]
Adequate procedures:
- Proportionate Procedures
- Top-Level Commitment
- Risk Assessment
- Due Diligence
- Communication (including training) and
- Monitoring and Review.
Economic Crime and Corporate Transparency Act 2023
The government has created a new failure to prevent fraud offence, to hold organisations to account for fraud committed by employees, or associated persons, which may benefit them, or, in certain circumstances, their clients. The offence will encourage more organisations to implement or improve prevention procedures, driving a major shift in corporate culture to help prevent fraud and protect victims.
Under the new offence, an organisation may be criminally liable where an employee or agent, subsidiary, or ‘other associated person’ commits a fraud intending to benefit the organisation and the organisation did not have reasonable fraud prevention procedures in place.
In certain circumstances, the offence will also apply where the fraud offence is committed with the intention of benefiting the client of the organisation. It does not need to be demonstrated that directors or senior managers ordered or knew about the fraud.
The offence sits alongside existing law. For example, the person who committed the fraud may be prosecuted individually for that fraud, while the organisation may be prosecuted for failing to prevent it.
The offence applies to all large bodies, corporate and partnerships, and to all sectors. This means that in addition to businesses, large not-for-profit organisations such as charities are also in scope, as well as incorporated public bodies. However, to ensure the burdens on business are proportionate, only large organisations are in scope, defined (using the standard Companies Act 2006 definition) as organisations meeting two out of three of the following criteria: more than 250 employees, more than £36 million turnover and more than £18 million in total assets. The Home Office has produced guidance on procedures that relevant bodies can put in place to prevent persons associated with them from committing fraud offences[footnote 44].
Those operating at all levels should be aware of their legislative frameworks and powers available to them
F. Further Guidance
F1. Further Information
This professional standards and guidance has been created in order to align counter fraud capability across government
You can learn more about the Public Sector Fraud Authority and the Government Counter Fraud Profession via: Public Sector Fraud Authority
For further information on the Government Counter Fraud Profession, or to view the other Professional Standards and Guidance available, please visit the Government Counter Fraud Profession page at: Counter Fraud Standards and Profession
If you have any questions surrounding the Government Counter Fraud Profession, and how you can get yourself and your department involved, please contact: [email protected]
Alternatively, the Counter Fraud and Investigation Team in the Government Internal Audit Agency (GIAA) provide a range of services defined in the Government Counter Fraud Framework. They can be contacted to discuss how they are able to assist you to meet your requirements at: [email protected]
Glossary
Competency command word | Definition |
---|---|
3 Lines of Defence | The three lines of defence model is a valuable framework that outlines internal audits role in assuring the effective management of risk, and the importance for delivering this of its position and function in corporate governance structure. |
Apply | Make use of a skill/knowledge |
Corporate Governance | Corporate governance is the system of rules, practices and processes by which organisations are directed and controlled. |
Culture definition | Counter fraud culture is defined as consisting of ethical beliefs, behaviours, values and practices that fraud, bribery and corruption are not acceptable and effective action should be taken to detect and prevent wherever possible and proportionate. An effective culture is obtained through a cycle of education, measurement, monitoring and improvement taken as a result of findings. |
Counter Fraud Self Assessment | An organisation counter fraud self assessment is a process whereby an organisation evaluates its own systems, procedures and controls to identify vulnerabilities and weaknesses that could be exploited by fraudsters. It involves assessing various aspects such as governance, risk management, internal controls and employee awareness to detect and prevent fraud effectively. |
Cluster | The Fraud Control cluster incorporates the Fraud Risk Assessment, Fraud Prevention, Fraud Detection, Counter Fraud Culture and Fraud Loss Measurement disciplines enabling the development of a career pathway for the counter fraud control practitioner |
Demonstrate | Show something and explain how it works. |
Describe | Make use of a skill/knowledge |
Design | Make or draw plans for something. |
Discuss | Consider and offer an interpretation or evaluation of something; or give a judgement on the value of arguments for and against something. |
Evaluate/Assess | Judge or calculate the quality, importance, amount, or value of something. |
Explain | Make something easier to understand by giving information about it and/or give a reason for an action. |
Fraud Landscape Document | Cross-Government Fraud Landscape Annual Report 2022 (PDF, 4MB) |
Identify | Recognise a problem, need, fact, etc. and show that it exists. |
Know | Provide evidence of factual information or awareness gained through experience or education. |
Understand/ Interpret | Provide the intended meaning or cause of something. |
Appendix
Appendix 1 – Full Competency Framework
1. Counter Fraud Bribery and Corruption Knowledge
Number | Trainee (T) | Foundation (F) | Practitioner (P) |
---|---|---|---|
1.1 | Identify different fraud, bribery, and corruption typologies. | Explain an understanding of fraud, bribery, and corruption typologies. | Demonstrate a well developed knowledge of fraud, bribery, and corruption typologies. |
1.2 | Recognise why fraud related offending occurs including the motives behind such frauds and how these can be combated. | Explain why fraud related offending occurs including the motives behind such frauds and how these can be combated. | Demonstrate a knowledge of why fraud related offending occurs including the motives behind such frauds and how these can be combated. |
1.3 | Recognise the different types of enablers that may help facilitate fraud and how these may be disrupted. | Explain the different types of enablers that may help facilitate fraud and how these may be disrupted. | Demonstrate knowledge of the different types of enablers that may help facilitate fraud and how these may be disrupted. |
1.4 | Identify the main indicators of fraud and how to recognise these when present at scheme/ system/organisational level. | Explain the main indicators of fraud and how to recognise these when present at scheme/ system/organisational level. | Demonstrate an understanding of the main indicators of fraud and be able to recognise these when present at scheme/system/ organisational level. |
1.5 | Recognise how to design and implement counter fraud policies, programmes, projects, and procedures. | Explain how to design and implement counter fraud policies, programmes, projects, and procedures. | Demonstrate how to design and implement counter fraud policies, programmes, projects, and procedures. |
1.6 | Identify the process for Fraud Risk Assessment within your organisation. | Explain the Fraud Risk Assessment process in your organisation . | Demonstrate an understanding of the Fraud Risk Assessment process in your organisation. |
1.7 | Identify Initial Fraud impact Assessments and how these are conducted. | Explain Initial Fraud impact Assessments and how these are conducted. | Demonstrate an understanding of Initial Fraud impact Assessments and how these are conducted. |
1.8 | Recognise the difference between Fraud Prevention[footnote 45], Fraud Detection and recovery.[footnote 46] | Explain the difference between Fraud Prevention[footnote 43], Fraud Detection and recovery.[footnote 44] | Demonstrate a knowledge of the difference between Fraud Prevention[footnote 43], Fraud Detection and recovery.[footnote 44] |
2. Engagement and Communication
Number | Trainee (T) | Foundation (F) | Practitioner (P) |
---|---|---|---|
2.1 | Identify the range of communication channels and techniques available to promote counter fraud awareness across an organisation. | Explain the range of communication channels and techniques available to promote counter fraud awareness across an organisation. | Demonstrate how to use a range of communication channels and techniques to promote counter fraud awareness across an organisation. |
2.2 | Identify who your organisation’s internal and external stakeholders are, and a range of techniques that could be used to build relationships with them. | Explain who your organisation’s internal and external stakeholders are, and a range of techniques that could be used to build relationships with them. | Demonstrate knowledge of your organisation’s internal and external stakeholders and how to develop positive relationships with them. |
2.3 | Recognise how to promote the outcomes of fraud prevention, investigation, detection and recovery action and create opportunities to raise fraud awareness (e.g. case studies relevant to organisation). | Explain how to identify and create opportunities to promote the outcomes of fraud prevention, investigation, detection and recovery action to raise fraud awareness (e.g. case studies relevant to organisation). | Demonstrate how to promote the outcomes of fraud prevention, investigation, detection and recovery action and create opportunities to raise fraud awareness (e.g. case studies relevant to organisation). |
2.4 | Identify how to work with others and identify opportunities to influence and evolve counter fraud policies and procedures. | Explain how to work with others and identify opportunities to influence and evolve counter fraud policies and procedures. | Demonstrate the ability to work with others and seek out opportunities to influence and evolve counter fraud policies and procedures. |
2.5 | Identify how to create, measure and maintain an effective counter fraud culture and actively promote progress across the organisation. | Explain how to create, measure and maintain an effective counter fraud culture and actively promote progress across the organisation. | Demonstrate the ability to create, measure and maintain an effective counter fraud culture and actively promote progress across the organisation. |
2.6 | Recognise how to produce an educational programme throughout the organisation which includes: campaigns, seminars and printed media. | Explain how to produce an educational programme throughout the organisation which includes: campaigns, seminars and printed media. | Demonstrate the ability to devise, plan and implement an educational programme throughout the organisation which includes: campaigns, seminars, and printed media. |
2.7 | Identify the elements required in a counter fraud protocol agreement/memorandum of understanding and how you achieve collective agreement across an organisation. | Explain the elements required in a counter fraud protocol agreement/memorandum of understanding and how you achieve collective agreement across an organisation. | Demonstrate the ability to produce a protocol agreement/memorandum of understanding agreement which sets out the respective responsibilities of all parties involved in counter fraud across an organisation. |
2.8 | Identify how to promote the organisation’s counter fraud strategy and policies internally and externally through effective educational and communication programmes. | Explain how to promote the organisation’s counter fraud strategy and policies internally and externally through effective educational and communication programmes. | Demonstrate how to promote the organisation’s counter fraud strategy and policies internally and externally through effective educational and communication programmes |
3.0 Leadership, Ethics and Accountability
Number | Trainee (T) | Foundation (F) | Practitioner (P) |
---|---|---|---|
3.1 | Identify the code of ethics of your organisation and corporate values and how the communication of these can promote and maintain an effective counter fraud culture. | Explain the code of ethics of your organisations and corporate values and how the communication of these can promote and maintain an effective counter fraud culture. | Demonstrate an understanding of your organisation’s code of ethics and corporate values and how the communication of these can promote and maintain an effective counter fraud culture. |
3.2 | Identify governance structures that enable all those associated with an organisation to prevent fraud. | Explain governance structures that enable all those associated with an organisation to prevent fraud. | Demonstrate awareness of governance structures that enable all those associated with an organisation to prevent fraud. |
3.3 | Recognise how counter fraud management forms part of, and enables effective corporate governance. | Explain how counter fraud management forms part of, and enables effective corporate governance. | Demonstrate an understanding of how counter fraud management forms part of, and enables effective corporate governance. |
3.4 | Recognise the three lines of defence across an organisation and how these can support the maintenance of an effective counter fraud culture. | Explain the three lines of defence across an organisation and how these can support the maintenance of an effective counter fraud culture. | Demonstrate an understanding of the three lines of defence across an organisation and how these can support the maintenance of an effective counter fraud culture. |
3.5 | Recognise how to influence the development and operation of procurement services, making it clear that continuous and effective controls to prevent and deter fraud, bribery and corruption are an essential part of this function. | Explain how to influence the development and operation of procurement services, making it clear that continuous and effective controls to prevent and deter fraud, bribery and corruption are an essential part of this function. | Demonstrate how to influence the development and operation of procurement services, making it clear that continuous and effective controls to prevent and deter fraud, bribery, and corruption are an essential part of this function. |
3.6 | Identify the importance of a compliance process to support the use of hospitality and gift registers. | Explain the importance of a compliance process to support the use of hospitality and gift registers. | Demonstrate the ability to introduce and maintain methods to ensure the effective compliance in relation to the use of hospitality and gift registers. |
3.7 | Recognise the importance of processes for fraud reporting in an organisation. | Explain the importance of processes for fraud reporting in an organisation. | Demonstrate how to evaluate and enhance the processes in place for fraud reporting in an organisation. |
4. Measurement
Number | Trainee (T) | Foundation (F) | Practitioner (P) |
---|---|---|---|
4.1 | Summarise the elements required for a corporate health check to assess the governance, structures and processes in place to understand, find and manage fraud and corruption effectively. | Explain the importance of and elements required for a corporate health check to assess the governance, structures and processes in place to understand, find and manage fraud and corruption effectively. | Demonstrate how to design and introduce corporate health checks to assess the governance, structures and processes in place to understand, find and manage fraud and corruption effectively. |
4.2 | Identify the processes, policies and people that can be deployed to measure the counter fraud culture in an organisation. | Explain the processes, policies and people that can be deployed to measure the counter fraud culture in an organisation. | Demonstrate how to use a range of processes, policies and people to measure the counter fraud culture in an organisation. |
4.3 | Recognise how the use of Fraud Risk Assessment, Initial Fraud Impact Assessment, Fraud Management Cycle and control evaluation[footnote 47] can inform the measurement of the organisation culture. | Explain how the use of Fraud Risk Assessment, Initial Fraud Impact Assessment, Fraud Measurement Cycle and control evaluation can be helpful to inform the measurement of the organisation culture. | Demonstrate how the use of Fraud Risk Assessment, Initial Fraud Impact Assessment, Fraud Management Cycle and control evaluation[footnote 45] can inform the measurement of the organisation culture. |
4.4 | Recognise how to identify, collate and analyse information from different sources to assist in the development of an Impact, Threat and Vulnerability (ITV) assessment of the fraud landscape facing the organisation. | Explain how to identify, collate and analyse information from different sources to assist in the development of an Impact, Threat and Vulnerability (ITV) assessment of the fraud landscape facing the organisation. | Demonstrate how to identify, collate and analyse information from different sources to assist in the development of an Impact, Threat and Vulnerability (ITV) assessment of the fraud landscape facing the organisation. |
4.5 | Identify how to design, issue and analyse surveys which assess employee, contractor, supplier and other stakeholders understanding of fraud, bribery and corruption. | Explain how to design, issue and analyse surveys which assess employee, contractor, supplier and other stakeholders understanding of fraud, bribery and corruption. | Demonstrate the design, issue and analysis of surveys which assess employee, contractor, supplier and other stakeholders understanding of fraud, bribery and corruption. |
4.6 | Recognise the importance of and how to monitor and evaluate the effectiveness of counter fraud campaigns and other media used in messaging activities, e.g. monitoring detection and prevention levels. | Explain the importance of and how to monitor and evaluate the effectiveness of counter fraud campaigns and other media used in messaging activities, e.g. monitoring detection and prevention levels. | Demonstrate the ability to monitor and evaluate the effectiveness of counter fraud campaigns and other media used in messaging activities, e.g. monitoring detection and prevention levels. |
4.7 | Identify details of your organisation’s historical fraud and the lessons learned and actions taken from these. | Explain how to identify details of your organisation’s historical fraud and the lessons learned and actions taken from these. | Demonstrate a knowledge of fraud that has occurred in the organisation historically and the lessons learned and actions taken from these. |
4.8 | Identify how to apply counter fraud knowledge to design and implement counter fraud procedures and controls to both planned and existing policies, programmes, projects, and procedures. | Explain how to apply counter fraud knowledge to design and implement counter fraud procedures and controls to both planned and existing policies, programmes, projects, and procedures. | Demonstrate how to apply counter fraud knowledge to design and implement counter fraud procedures and controls to both planned and existing policies, programmes, projects, and procedures. |
Products From Other Standards
Product | GCFP Standards |
---|---|
Strategy – Counter Fraud Strategy And Fraud Control Strategy, Which Includes The Strategy Management Cycle | Leadership, Management and Strategy (LMS) Standard[footnote 48] |
Annual Action Plan, Which Includes The Operational Management Cycle | LMS Standard & Prevention Standard[footnote 49] |
Fraud Awareness Training | GovS013[footnote 50] |
Gifts, Hospitality and Conflicts of Interest Register and Policy | GovS013, Prevention Standard |
Fraud Maturity Matrix | LMS Standard |
Fraud Responsibilities Matrix | LMS Standard |
Stakeholder Management Plan | LMS and Prevention Standard |
Counter Fraud Policy | LMS Standard |
Communications Plan | LMS & Prevention Standard |
Fraud Risk Management Cycle | Fraud Risk Assessment (FRA) Standard[footnote 51] |
Fraud Risk Assessment and Plan - Organisational (enterprise) Fraud Risk Assessments - Thematic (grouped) Fraud Risk Assessments - Initial Fraud Impact Assessments (IFIAs) - Full Fraud Risk Assessments |
FRA Standard & Prevention Standard |
Fraud Measurement, Calculation and Reporting Process | Fraud Measurement Standard |
Protocol Documents including MOU, Partnership Agreements etc | Prevention Standard |
Control Assessment Tool | Prevention Standard |
Lessons Learned Reviews | Prevention Standard |
Behavioural Science Models in Communication | Prevention Standard |
Programme of Awareness and Publicity | Sanction, Redress and Punishment Standard |
CBC Risk Assessment | Counter, Bribery and Corruption Standard[footnote 52] |
Control Improvement Plan | Counter, Bribery and Corruption Standard |
Control Assessment Tool | Counter, Bribery and Corruption Standard |
Counter Fraud Annual Report | Prevention and LMS Standard |
Internal Fraud Prevention Guide | Practice Note Guide, request from GCFP |
CBC Response Plan | Counter, Bribery and Corruption Standard |
Government Standards
Functional Standards[footnote 53] | Standard Number |
---|---|
Government functions – sets expectations for the direction and management of functions across government. | GovS 001 |
Project delivery – sets expectations for the direction and management of portfolios, programmes, and projects in government. | GovS 002 |
Human Resources – sets expectations for the leadership and management of human resources across-government. | GovS 003 |
Digital – sets expectations for the management of digital, data and technology in government. | GovS 004 |
Digital, Data and Technology – sets out how all digital, data and technology work and activities should be conducted across government. | GovS 005 |
Finance – sets expectations for the effective management and use of public funds. | GovS 006 |
Security – sets expectations for the planning, delivery and management of government security activities.. | GovS 007 |
Commercial and Commercial Continuous Improvement Assessment Framework – designed to help drive continuous improvement in commercial practices across the public sector | GovS 008 |
Internal Audit – sets the expectations for internal audit activity to enhance the effectiveness and efficiency of governance, risk management and control in government organisations | GovS 009 |
Analysis – sets expectations for the planning and undertaking of analysis to support well-informed decision making | GovS 010 |
Communication – sets expectations for the management and practice of government communication in order to deliver responsive and informative public service messaging | GovS 011 |
Counter Fraud – sets the expectations for the management of fraud, bribery and corruption risk in government organisations | GovS 013 |
Debt – part of a suite of standards to guide people working in and with the UK government | GovS 014 |
Grants – promotes efficiency and effectiveness in grant making across all government departments and arm’s length bodies | GovS 015 |
-
The Cross Sector Advisory Group (CSAG) is a cross-industry group of experts in a range of disciplines who provide advice to evolve and shape the Profession. This group provides advice to the GCFP Board. ↩
-
(Which aims to stop as many frauds as possible). ↩
-
(Which catches those frauds which have evaded prevention techniques) and an ability to use the two forms of fraud management together to help create and maintain effective fraud deterrence. ↩
-
Fraud Prevention Standard for Counter Fraud Professionals (PDF, 3.3MB) ↩
-
Developed by GCFP. ↩
-
- Developed by GCFP.
-
Applying behavioural insights to reduce fraud, error and debt (PDF, 534KB) ↩
-
Influence change to develop a strong counter fraud culture ↩
-
Adapted from Home Office Bribery and corruption assessment template (DOCX, 99.4KB) ↩
-
- Source Betts et al, Investigation of Fraud and Economic Crime, OUP 2016.
-
All IT should be managed in accordance with ITIL 4 Service Management Procedures and comply with Information Security Management Standard ISO 27001 ↩
-
These should cover system inputs, processes and outputs, file transfers, standing data and network and communications. ↩
-
Source created GCFP. ↩
-
Source created GCFP. ↩
-
Source GCFP developed. ↩
-
Protecting public services and fighting economic crime (PDF, 213KB) ↩
-
Source created GCFP. ↩
-
Source created GCFP. ↩
-
Source Created GCFP ↩
-
Adapted: Fraud Prevention Standard for Counter Fraud Professionals (PDF, 3.3MB) ↩
-
Source created by GCFP. ↩
-
Source created by GCFP. ↩
-
Professional standards and guidance for fraud risk assessment in government ↩
-
Initial Fraud Impact Assessment (IFIA) Practice Note (PDF, 2.2MB) ↩
-
Commonwealth Fraud and Corruption Control Framework 2024 (PDF, 3.7MB) ↩
-
Guide to Designing Counter Fraud and Corruption Awareness Training for Public Bodies (PDF, 6.4MB) ↩
-
Centre of Expertise in GovS 013. ↩
-
Government functional standard GovS 001: government functions ↩
-
See Maturity assessment tool at C6. ↩
-
Offence of ‘failure to prevent fraud’ introduced by ECCTA ↩ ↩2 ↩3
-
Which catches those frauds which have evaded prevention techniques and an ability to use the two forms of fraud management together to help create and maintain effective fraud deterrence. ↩
-
Fraud Prevention Standard for Counter Fraud Professionals (PDF, 3.3MB) ↩
-
- LMS Standards can be obtained by emailing: [email protected]
-
Professional standards and guidance for fraud risk assessment in government ↩
-
A Standard for the Counter Bribery and Corruption Professional ↩