Revenue Assurance

In particular, the greatest risk is the theft of cash from sales. Cash is ‘king’ and controls over its receipt, storage, banking and reconciliation are sometimes very poor. Organisations must review their processes in a step by step manner, highlight where there may be opportunities for the cash to be removed and implement changes.

I have observed the failure to adequately reconcile sales invoices and receipts with the banking of cash as one of the worst controlled processes in organisations in Fiji.

Payroll

The ‘ghosting’ of employees continues to be a concern. I know of more than four instances alone in Fiji in recent years involving hundreds of thousands of dollars where sometimes a single employee has been allowed to introduce ghosts onto the payroll and get away with for years.

Organisations should get a detailed payroll review undertaken now from someone who is experienced at identifying the warning signs of ghosting. They may be surprised at what they find !

Stock theft

This is very common in Fiji. Employees of organisations remove stock from the premises in collusion with transport drivers, suppliers and security. The stock is sold for cash at a greatly reduced price compared to its face value. The effect is that it increases the purchases made by the organisation in order to replace the stolen stock, that management believe has been used in the normal course of business.

Organisations are particularly vulnerable at night, when there are less employees on site and the security is not as tight.

I worked on one matter a couple of years ago in the West, where welding rods were being blatantly stolen by employees and sold to local businesses in Raki Raki and Ba. The welding rods had stickers on them to prove that they were sold to one particular organisation by a leading supplier of welding rods in Fiji. Yet they were mysteriously appearing in a range of businesses and being used by their employees. This type of systematic stock theft can only happen with the collusion of the employees.

Theft of diesel and petrol has become a high risk in recent times with the explosion in the price of crude. How have organisations in Fiji reassessed their controls over these assets ?

In order to reduce the opportunity for stock theft to occur, security on the gates must be independent, well trained and their integrity and competence tested on a regular basis. Organisations should consider having an independent security review performed by a reputable contractor/consultant.

What are the emerging trends that are likely to impact organisations in Fiji now and in the near future?

Patterns of behaviour are clearly emerging as both the cost and complexity of technology decreases and information is shared through the internet in real time. Although more traditional frauds continue to be perpetrated against organisations, there are also a number of new or increasingly prominent challenges. Some of these challenges include:

- Identity fraud and theft - Criminal syndicates follow the money and a

In a recent survey of fraud in Australian organisations, 84 percent of respondents agreed or strongly agreed with the proposition that fraud control is a governance issue.

In Fiji, it is even more important, because the whole fabric of society is affected by the level of fraud and particularly corruption that exists. The World Bank on their website states that: “The Bank has identified corruption as among the greatest obstacles to economic and social development. It undermines development by distorting the rule of law and weakening the institutional foundation on which economic growth depends. The harmful effects of corruption are especially severe on the poor, who are hardest hit by economic decline, are most reliant on the provision of public services, and are least capable of paying the extra costs associated with bribery, fraud, and the misappropriation of economic privileges.”

A recent case in South Africa proved the fraudulent and corrupt relationship between a Durban-based businessman named Schabir Shaik and South African politician and anti-apartheid leader Jacob Zuma and led to Shaik being sentenced to 15 years in jail. Concluding the sentencing proceedings in the Durban High Court on 7 June 2005, Judge Hillary Squires said:

"I do not think I am overstating anything when I say that this phenomenon [of corruption] can truly be likened to a cancer eating away remorselessly at the fabric of corporate privacy and extending its baleful effect into all aspects of administrative functions, whether state official or private sector manager. If it is not checked, it becomes systemic. And the after-effects of systemic corruption can quite readily extend to the corrosion of any confidence in the integrity of anyone who has a duty to discharge, especially a duty to discharge to the public.

One can hopefully discount the prospect of it happening in this country, but it is that sort of increasing disaffection which leads and has led on other parts of our continent and elsewhere to coups d'?tat or the rise of populace leaders who in turn manipulate politics for even greater private benefit ... This is the last step in a thousand mile journey."

The former Prime Minister of Fiji, the Honourable Laisenia Qarase, in his address to the Prime Minister’s Corporate Governance Summit in 2005 stated that:

“There is no quarrel about dealing with corruption as it is an obstacle to progress and the antitheses of good governance.

It is a stain on the integrity of a nation. And it hinders investment, slows growth, contributes to unemployment, leads to a reduction in living standards and reduces government revenues.

In our own case, the exact extent of it is hard to quantify because by its nature it is a shadowy and hidden thing, but reported investigations that are on-going and case before the courts indicate the urgent need for vigilance against corruption.”

What is the level of fraud and corruption in Fiji? Transparency International Chairman, Hari Pal Singh, made a good point when he called for a national study to gauge the extent of corruption in Fiji.

Having been involved in coordinating the KPMG fraud surveys of Australia and New Zealand whilst working for KPMG Forensic, I can say confidently that they are a good starting point for discussion, as long as the survey is done independently by someone who has built trust and can be relied onto protect the confidential information that should be provided as part of such a survey.

In other words, no individual organisation should be named and shamed. That should not be the purpose of the exercise. If senior management of corporations and CEO’s of Government Departments and Statutory Authorities do not have that confidence, they will not respond. It is that simple. Then the value of the survey would be diminished. I believe that such a survey should be done regularly in Fiji, possibly every two years and cover as many organisations as possible. The support and encouragement of leading industry bodies such as the Fiji Institute of Accountants, the Fiji Employers Federation and the Fiji Islands Hotel and Tourism Association would certainly help with gaining credibility with members and encouraging their participation.

Corporate governance is an entire culture that sets and monitors behavioural expectations intended to deter the fraudster and the corrupt. As part of the establishment of sound corporate governance, it is now clearly accepted that an organisation, whether public, private or not for profit, should formulate a fraud and corruption control strategy. Through the development and implementation of the strategy, compliance with anti-fraud and corruption control practices can be promoted, maintained and instances of fraud and corruption control non-conformance identified and dealt with quickly.

This article will discuss ways that all three sectors in Fiji can effect positive change. Whether it is to their bottom line, expenditure on public goods or positive outcomes for the disadvantaged

What is a fraud and corruption control strategy?

It is a comprehensive summary of key elements that the organisation has introduced to prevent, identify, manage, investigate and deal with fraud and corruption specific to its own circumstances. According to the Australian Standard AS8001-2003 , although an organisation’s approach to its strategy will be dependent upon its size, diversity, geographical spread and the industry in which it operates, the Standard recommends that a strategy contain a number of elements. Several of these elements are discussed below:

- Fraud and corruption awareness – How does the organisation educate their staff and stakeholders about how fraud and corruption occurs and what to do if it is discovered ? This is a key element as fraud surveys have clearly demonstrated over time that the majority of frauds are discovered by staff and that whistleblowers are also an important source of information. Most staff are na?ve to fraud and corruption. This helps in creating an environment for the dishonest to flourish.

- Reporting of fraud and corruption – Is there a formal reporting process ? Does senior management and the Audit and Risk Management Committee get told of all incidences ? If all instances are not recorded centrally, how does management assess the size and breadth of the problem and effectively manage it? Also importantly, if the instances of fraud and corruption are not reported to the Audit and Risk Management Committee, how do they monitor the performance of senior management in managing the risk ? There must be a central repository of all theft, fraud and corruption and it must be reported up.

- Fraud and corruption risk assessment - Identifying a couple of fraud risks in your business risk assessment or enterprise risk management process is far from adequate. An organisation should not rely on management alone to come up with all potential risks as there may be a knowledge gap, a reluctance to identify the existing weaknesses, inadequate allocation of time to discuss the issues or lack of a persistent inquisitor to ask the tough questions and follow up. So, consider having someone involved who thinks like a fraudster and has experienced a broad range of fraud and corruption issues who can add real value to the process. The insights regarding risks and process weaknesses can be invaluable.

- Whistleblowing – How does your organisation protect whistleblowers? Does it encourage anonymous reporting? Whistleblower programs allow employees and others to report concerns – including those about corporate fraud and corruption – and can allow the management and/or the Board to take early corrective action. Whistleblowing lines are very prominent in the public sector in Australia and now are becoming more prominent in the private sector. This may not suit the culture of Fiji, however it is important to recognise that honest staff who see something that they do not agree with, have to be given an outlet to voice their concerns. Sometimes that needs to be anonymously. I agree with Professor Ron Duncan of the University of the South Pacific who believes Fiji needs a Whistleblowers Act if good governance is to be effectively practiced. Professor Duncan was quoted as saying:

“Given the secretive nature of the offence, the protection of those who bring acts of corruption to the notice of law enforcement agencies cannot be emphasized enough. More so, in a small society such as ours with its pervasive culture of silence”

- Pre-employment screening - Is there a consistent process of screening across the organisation ? How thoroughly are background checks, such as prior employment history, tertiary qualifications and memberships of professional associations, conducted ? Does it cover only full-time employees or include contractors ? This is an area of concern in Fiji because the quality of the recruiting when outsourced has been inconsistent. I personally know of several cases where a recruitment company knew that a candidate was dismissed from his last employment for fraud and yet they put the candidate forward immediately for another accounting role, without either the recruiting firm or the candidate disclosing what happened.

- Regular reviews of internal controls - Effective internal controls cannot be both successful and static. They should be monitored and evaluated for improvements and changes made necessary by changing conditions. The scope and frequency of evaluations of the internal control structure depend on risk assessments and the overall perceived effectiveness of internal controls. As an example, under the Sarbanes-Oxley requirements, management is charged with performing an evaluation at least annually. Anti–money-laundering procedures employed by financial institutions are a good example of a proactive process designed to deter fraudulent transactions from taking place through a financial institution. I know that KPMG, one of the Big 4 firms in Fiji, has been using a very detailed and focused Forensic style approach on special internal audits, with considerable success. To catch a thief, you sometimes have to think like a thief !

Commonwealth Agencies in Australia have clearly led the private sector in developing fraud and corruption control strategies. This is mainly because it is mandated under the Financial Management and Accountability Act 1997 that all budget-funded agencies, and relevant Commonwealth Authorities and Companies Act 1997 funded bodies, put in place practices and procedures for effective fraud control. The Commonwealth Fraud Control Guidelines, outlines how each Agency must have a fraud control plan. The private sector as yet is slow to follow suit.

To my knowledge few, if any, public or private sector organisations in Fiji have a detailed fraud and corruption control strategy. If so, I would be keen to know about them.

What are the main trends and issues that organisations should be aware of in Fiji ?

Having spent quite some time in Fiji over the past three years investigating fraud and corruption, as well as discussing and implementing prevention strategies, I can say that there are areas of general concern to all organisations. I will discuss a number of these below:

Purchasing

Procurement is a high risk area. The risks include, but are not limited to:

- Purchasing from one-off suppliers or suppliers who appear to be resellers rather than manufacturers or the main distributors, often at inflated prices involving a kickback to an employee.
- Collusion between staff and suppliers that results the organisation paying for the non-delivery of goods. In one case alone I was told of, equipment purchased for $25,000 was delivered and taken straight back out the gate, yet it was signed for and the invoice paid. It is understood a $5,000 corrupt commission was paid to facilitate the transaction.
- Forgery of local purchase orders that allows significant payments to be made to suppliers and contractors.
- Leaking of tender prices by staff to a competing tenderer in order to give them an advantage. This is usually done for a secret commission.

Revenue Assurance

In particular, the greatest risk is the theft of cash from sales. Cash is ‘king’ and controls over its receipt, storage, banking and reconciliation are sometimes very poor. Organisations must review their processes in a step by step manner, highlight where there may be opportunities for the cash to be removed and implement changes.

I have observed the failure to adequately reconcile sales invoices and receipts with the banking of cash as one of the worst controlled processes in organisations in Fiji.

Payroll

The ‘ghosting’ of employees continues to be a concern. I know of more than four instances alone in Fiji in recent years involving hundreds of thousands of dollars where sometimes a single employee has been allowed to introduce ghosts onto the payroll and get away with for years.

Organisations should get a detailed payroll review undertaken now from someone who is experienced at identifying the warning signs of ghosting. They may be surprised at what they find !

Stock theft

This is very common in Fiji. Employees of organisations remove stock from the premises in collusion with transport drivers, suppliers and security. The stock is sold for cash at a greatly reduced price compared to its face value. The effect is that it increases the purchases made by the organisation in order to replace the stolen stock, that management believe has been used in the normal course of business.

Organisations are particularly vulnerable at night, when there are less employees on site and the security is not as tight.

I worked on one matter a couple of years ago in the West, where welding rods were being blatantly stolen by employees and sold to local businesses in Raki Raki and Ba. The welding rods had stickers on them to prove that they were sold to one particular organisation by a leading supplier of welding rods in Fiji. Yet they were mysteriously appearing in a range of businesses and being used by their employees. This type of systematic stock theft can only happen with the collusion of the employees.

Theft of diesel and petrol has become a high risk in recent times with the explosion in the price of crude. How have organisations in Fiji reassessed their controls over these assets ?

In order to reduce the opportunity for stock theft to occur, security on the gates must be independent, well trained and their integrity and competence tested on a regular basis. Organisations should consider having an independent security review performed by a reputable contractor/consultant.

What are the emerging trends that are likely to impact organisations in Fiji now and in the near future?

Patterns of behaviour are clearly emerging as both the cost and complexity of technology decreases and information is shared through the internet in real time. Although more traditional frauds continue to be perpetrated against organisations, there are also a number of new or increasingly prominent challenges. Some of these challenges include:

- Identity fraud and theft - Criminal syndicates follow the money and as

What is the level of fraud and corruption in Fiji? Transparency International Chairman, Hari Pal Singh, made a good point when he called for a national study to gauge the extent of corruption in Fiji.

Having been involved in coordinating the KPMG fraud surveys of Australia and New Zealand whilst working for KPMG Forensic, I can say confidently that they are a good starting point for discussion, as long as the survey is done independently by someone who has built trust and can be relied onto protect the confidential information that should be provided as part of such a survey.

In other words, no individual organisation should be named and shamed. That should not be the purpose of the exercise. If senior management of corporations and CEO’s of Government Departments and Statutory Authorities do not have that confidence, they will not respond. It is that simple. Then the value of the survey would be diminished. I believe that such a survey should be done regularly in Fiji, possibly every two years and cover as many organisations as possible. The support and encouragement of leading industry bodies such as the Fiji Institute of Accountants, the Fiji Employers Federation and the Fiji Islands Hotel and Tourism Association would certainly help with gaining credibility with members and encouraging their participation.

Corporate governance is an entire culture that sets and monitors behavioural expectations intended to deter the fraudster and the corrupt. As part of the establishment of sound corporate governance, it is now clearly accepted that an organisation, whether public, private or not for profit, should formulate a fraud and corruption control strategy. Through the development and implementation of the strategy, compliance with anti-fraud and corruption control practices can be promoted, maintained and instances of fraud and corruption control non-conformance identified and dealt with quickly.

This article will discuss ways that all three sectors in Fiji can effect positive change. Whether it is to their bottom line, expenditure on public goods or positive outcomes for the disadvantaged

What is a fraud and corruption control strategy?

It is a comprehensive summary of key elements that the organisation has introduced to prevent, identify, manage, investigate and deal with fraud and corruption specific to its own circumstances. According to the Australian Standard AS8001-2003 , although an organisation’s approach to its strategy will be dependent upon its size, diversity, geographical spread and the industry in which it operates, the Standard recommends that a strategy contain a number of elements. Several of these elements are discussed below:

- Fraud and corruption awareness – How does the organisation educate their staff and stakeholders about how fraud and corruption occurs and what to do if it is discovered ? This is a key element as fraud surveys have clearly demonstrated over time that the majority of frauds are discovered by staff and that whistleblowers are also an important source of information. Most staff are na?ve to fraud and corruption. This helps in creating an environment for the dishonest to flourish.

- Reporting of fraud and corruption – Is there a formal reporting process ? Does senior management and the Audit and Risk Management Committee get told of all incidences ? If all instances are not recorded centrally, how does management assess the size and breadth of the problem and effectively manage it? Also importantly, if the instances of fraud and corruption are not reported to the Audit and Risk Management Committee, how do they monitor the performance of senior management in managing the risk ? There must be a central repository of all theft, fraud and corruption and it must be reported up.

- Fraud and corruption risk assessment - Identifying a couple of fraud risks in your business risk assessment or enterprise risk management process is far from adequate. An organisation should not rely on management alone to come up with all potential risks as there may be a knowledge gap, a reluctance to identify the existing weaknesses, inadequate allocation of time to discuss the issues or lack of a persistent inquisitor to ask the tough questions and follow up. So, consider having someone involved who thinks like a fraudster and has experienced a broad range of fraud and corruption issues who can add real value to the process. The insights regarding risks and process weaknesses can be invaluable.

- Whistleblowing – How does your organisation protect whistleblowers? Does it encourage anonymous reporting? Whistleblower programs allow employees and others to report concerns – including those about corporate fraud and corruption – and can allow the management and/or the Board to take early corrective action. Whistleblowing lines are very prominent in the public sector in Australia and now are becoming more prominent in the private sector. This may not suit the culture of Fiji, however it is important to recognise that honest staff who see something that they do not agree with, have to be given an outlet to voice their concerns. Sometimes that needs to be anonymously. I agree with Professor Ron Duncan of the University of the South Pacific who believes Fiji needs a Whistleblowers Act if good governance is to be effectively practiced. Professor Duncan was quoted as saying:

“Given the secretive nature of the offence, the protection of those who bring acts of corruption to the notice of law enforcement agencies cannot be emphasized enough. More so, in a small society such as ours with its pervasive culture of silence”

- Pre-employment screening - Is there a consistent process of screening across the organisation ? How thoroughly are background checks, such as prior employment history, tertiary qualifications and memberships of professional associations, conducted ? Does it cover only full-time employees or include contractors ? This is an area of concern in Fiji because the quality of the recruiting when outsourced has been inconsistent. I personally know of several cases where a recruitment company knew that a candidate was dismissed from his last employment for fraud and yet they put the candidate forward immediately for another accounting role, without either the recruiting firm or the candidate disclosing what happened.

- Regular reviews of internal controls - Effective internal controls cannot be both successful and static. They should be monitored and evaluated for improvements and changes made necessary by changing conditions. The scope and frequency of evaluations of the internal control structure depend on risk assessments and the overall perceived effectiveness of internal controls. As an example, under the Sarbanes-Oxley requirements, management is charged with performing an evaluation at least annually. Anti–money-laundering procedures employed by financial institutions are a good example of a proactive process designed to deter fraudulent transactions from taking place through a financial institution. I know that KPMG, one of the Big 4 firms in Fiji, has been using a very detailed and focused Forensic style approach on special internal audits, with considerable success. To catch a thief, you sometimes have to think like a thief !

Commonwealth Agencies in Australia have clearly led the private sector in developing fraud and corruption control strategies. This is mainly because it is mandated under the Financial Management and Accountability Act 1997 that all budget-funded agencies, and relevant Commonwealth Authorities and Companies Act 1997 funded bodies, put in place practices and procedures for effective fraud control. The Commonwealth Fraud Control Guidelines, outlines how each Agency must have a fraud control plan. The private sector as yet is slow to follow suit.

To my knowledge few, if any, public or private sector organisations in Fiji have a detailed fraud and corruption control strategy. If so, I would be keen to know about them.

What are the main trends and issues that organisations should be aware of in Fiji ?

Having spent quite some time in Fiji over the past three years investigating fraud and corruption, as well as discussing and implementing prevention strategies, I can say that there are areas of general concern to all organisations. I will discuss a number of these below:

Purchasing

Procurement is a high risk area. The risks include, but are not limited to:

- Purchasing from one-off suppliers or suppliers who appear to be resellers rather than manufacturers or the main distributors, often at inflated prices involving a kickback to an employee.
- Collusion between staff and suppliers that results the organisation paying for the non-delivery of goods. In one case alone I was told of, equipment purchased for $25,000 was delivered and taken straight back out the gate, yet it was signed for and the invoice paid. It is understood a $5,000 corrupt commission was paid to facilitate the transaction.
- Forgery of local purchase orders that allows significant payments to be made to suppliers and contractors.
- Leaking of tender prices by staff to a competing tenderer in order to give them an advantage. This is usually done for a secret commission.

Revenue Assurance

In particular, the greatest risk is the theft of cash from sales. Cash is ‘king’ and controls over its receipt, storage, banking and reconciliation are sometimes very poor. Organisations must review their processes in a step by step manner, highlight where there may be opportunities for the cash to be removed and implement changes.

I have observed the failure to adequately reconcile sales invoices and receipts with the banking of cash as one of the worst controlled processes in organisations in Fiji.

Payroll

The ‘ghosting’ of employees continues to be a concern. I know of more than four instances alone in Fiji in recent years involving hundreds of thousands of dollars where sometimes a single employee has been allowed to introduce ghosts onto the payroll and get away with for years.

Organisations should get a detailed payroll review undertaken now from someone who is experienced at identifying the warning signs of ghosting. They may be surprised at what they find !

Stock theft

This is very common in Fiji. Employees of organisations remove stock from the premises in collusion with transport drivers, suppliers and security. The stock is sold for cash at a greatly reduced price compared to its face value. The effect is that it increases the purchases made by the organisation in order to replace the stolen stock, that management believe has been used in the normal course of business.

Organisations are particularly vulnerable at night, when there are less employees on site and the security is not as tight.

I worked on one matter a couple of years ago in the West, where welding rods were being blatantly stolen by employees and sold to local businesses in Raki Raki and Ba. The welding rods had stickers on them to prove that they were sold to one particular organisation by a leading supplier of welding rods in Fiji. Yet they were mysteriously appearing in a range of businesses and being used by their employees. This type of systematic stock theft can only happen with the collusion of the employees.

Theft of diesel and petrol has become a high risk in recent times with the explosion in the price of crude. How have organisations in Fiji reassessed their controls over these assets ?

In order to reduce the opportunity for stock theft to occur, security on the gates must be independent, well trained and their integrity and competence tested on a regular basis. Organisations should consider having an independent security review performed by a reputable contractor/consultant.

What are the emerging trends that are likely to impact organisations in Fiji now and in the near future?

Patterns of behaviour are clearly emerging as both the cost and complexity of technology decreases and information is shared through the internet in real time. Although more traditional frauds continue to be perpetrated against organisations, there are also a number of new or increasingly prominent challenges. Some of these challenges include:

- Identity fraud and theft - Criminal syndicates follow the money and a

- Reporting of fraud and corruption – Is there a formal reporting process ? Does senior management and the Audit and Risk Management Committee get told of all incidences ? If all instances are not recorded centrally, how does management assess the size and breadth of the problem and effectively manage it? Also importantly, if the instances of fraud and corruption are not reported to the Audit and Risk Management Committee, how do they monitor the performance of senior management in managing the risk ? There must be a central repository of all theft, fraud and corruption and it must be reported up.

- Fraud and corruption risk assessment - Identifying a couple of fraud risks in your business risk assessment or enterprise risk management process is far from adequate. An organisation should not rely on management alone to come up with all potential risks as there may be a knowledge gap, a reluctance to identify the existing weaknesses, inadequate allocation of time to discuss the issues or lack of a persistent inquisitor to ask the tough questions and follow up. So, consider having someone involved who thinks like a fraudster and has experienced a broad range of fraud and corruption issues who can add real value to the process. The insights regarding risks and process weaknesses can be invaluable.

- Whistleblowing – How does your organisation protect whistleblowers? Does it encourage anonymous reporting? Whistleblower programs allow employees and others to report concerns – including those about corporate fraud and corruption – and can allow the management and/or the Board to take early corrective action. Whistleblowing lines are very prominent in the public sector in Australia and now are becoming more prominent in the private sector. This may not suit the culture of Fiji, however it is important to recognise that honest staff who see something that they do not agree with, have to be given an outlet to voice their concerns. Sometimes that needs to be anonymously. I agree with Professor Ron Duncan of the University of the South Pacific who believes Fiji needs a Whistleblowers Act if good governance is to be effectively practiced. Professor Duncan was quoted as saying:

“Given the secretive nature of the offence, the protection of those who bring acts of corruption to the notice of law enforcement agencies cannot be emphasized enough. More so, in a small society such as ours with its pervasive culture of silence”

- Pre-employment screening - Is there a consistent process of screening across the organisation ? How thoroughly are background checks, such as prior employment history, tertiary qualifications and memberships of professional associations, conducted ? Does it cover only full-time employees or include contractors ? This is an area of concern in Fiji because the quality of the recruiting when outsourced has been inconsistent. I personally know of several cases where a recruitment company knew that a candidate was dismissed from his last employment for fraud and yet they put the candidate forward immediately for another accounting role, without either the recruiting firm or the candidate disclosing what happened.

- Regular reviews of internal controls - Effective internal controls cannot be both successful and static. They should be monitored and evaluated for improvements and changes made necessary by changing conditions. The scope and frequency of evaluations of the internal control structure depend on risk assessments and the overall perceived effectiveness of internal controls. As an example, under the Sarbanes-Oxley requirements, management is charged with performing an evaluation at least annually. Anti–money-laundering procedures employed by financial institutions are a good example of a proactive process designed to deter fraudulent transactions from taking place through a financial institution. I know that KPMG, one of the Big 4 firms in Fiji, has been using a very detailed and focused Forensic style approach on special internal audits, with considerable success. To catch a thief, you sometimes have to think like a thief !

Commonwealth Agencies in Australia have clearly led the private sector in developing fraud and corruption control strategies. This is mainly because it is mandated under the Financial Management and Accountability Act 1997 that all budget-funded agencies, and relevant Commonwealth Authorities and Companies Act 1997 funded bodies, put in place practices and procedures for effective fraud control. The Commonwealth Fraud Control Guidelines, outlines how each Agency must have a fraud control plan. The private sector as yet is slow to follow suit.

To my knowledge few, if any, public or private sector organisations in Fiji have a detailed fraud and corruption control strategy. If so, I would be keen to know about them.

What are the main trends and issues that organisations should be aware of in Fiji ?

Having spent quite some time in Fiji over the past three years investigating fraud and corruption, as well as discussing and implementing prevention strategies, I can say that there are areas of general concern to all organisations. I will discuss a number of these below:

Purchasing

Procurement is a high risk area. The risks include, but are not limited to:

- Purchasing from one-off suppliers or suppliers who appear to be resellers rather than manufacturers or the main distributors, often at inflated prices involving a kickback to an employee.
- Collusion between staff and suppliers that results the organisation paying for the non-delivery of goods. In one case alone I was told of, equipment purchased for $25,000 was delivered and taken straight back out the gate, yet it was signed for and the invoice paid. It is understood a $5,000 corrupt commission was paid to facilitate the transaction.
- Forgery of local purchase orders that allows significant payments to be made to suppliers and contractors.
- Leaking of tender prices by staff to a competing tenderer in order to give them an advantage. This is usually done for a secret commission.

Revenue Assurance

In particular, the greatest risk is the theft of cash from sales. Cash is ‘king’ and controls over its receipt, storage, banking and reconciliation are sometimes very poor. Organisations must review their processes in a step by step manner, highlight where there may be opportunities for the cash to be removed and implement changes.

I have observed the failure to adequately reconcile sales invoices and receipts with the banking of cash as one of the worst controlled processes in organisations in Fiji.

Payroll

The ‘ghosting’ of employees continues to be a concern. I know of more than four instances alone in Fiji in recent years involving hundreds of thousands of dollars where sometimes a single employee has been allowed to introduce ghosts onto the payroll and get away with for years.

Organisations should get a detailed payroll review undertaken now from someone who is experienced at identifying the warning signs of ghosting. They may be surprised at what they find !

Stock theft

This is very common in Fiji. Employees of organisations remove stock from the premises in collusion with transport drivers, suppliers and security. The stock is sold for cash at a greatly reduced price compared to its face value. The effect is that it increases the purchases made by the organisation in order to replace the stolen stock, that management believe has been used in the normal course of business.

Organisations are particularly vulnerable at night, when there are less employees on site and the security is not as tight.

I worked on one matter a couple of years ago in the West, where welding rods were being blatantly stolen by employees and sold to local businesses in Raki Raki and Ba. The welding rods had stickers on them to prove that they were sold to one particular organisation by a leading supplier of welding rods in Fiji. Yet they were mysteriously appearing in a range of businesses and being used by their employees. This type of systematic stock theft can only happen with the collusion of the employees.

Theft of diesel and petrol has become a high risk in recent times with the explosion in the price of crude. How have organisations in Fiji reassessed their controls over these assets ?

In order to reduce the opportunity for stock theft to occur, security on the gates must be independent, well trained and their integrity and competence tested on a regular basis. Organisations should consider having an independent security review performed by a reputable contractor/consultant.

What are the emerging trends that are likely to impact organisations in Fiji now and in the near future?

Patterns of behaviour are clearly emerging as both the cost and complexity of technology decreases and information is shared through the internet in real time. Although more traditional frauds continue to be perpetrated against organisations, there are also a number of new or increasingly prominent challenges. Some of these challenges include:

- Identity fraud and theft - Criminal syndicates follow the money and a

- Regular reviews of internal controls - Effective internal controls cannot be both successful and static. They should be monitored and evaluated for improvements and changes made necessary by changing conditions. The scope and frequency of evaluations of the internal control structure depend on risk assessments and the overall perceived effectiveness of internal controls. As an example, under the Sarbanes-Oxley requirements, management is charged with performing an evaluation at least annually. Anti–money-laundering procedures employed by financial institutions are a good example of a proactive process designed to deter fraudulent transactions from taking place through a financial institution. I know that KPMG, one of the Big 4 firms in Fiji, has been using a very detailed and focused Forensic style approach on special internal audits, with considerable success. To catch a thief, you sometimes have to think like a thief !

Commonwealth Agencies in Australia have clearly led the private sector in developing fraud and corruption control strategies. This is mainly because it is mandated under the Financial Management and Accountability Act 1997 that all budget-funded agencies, and relevant Commonwealth Authorities and Companies Act 1997 funded bodies, put in place practices and procedures for effective fraud control. The Commonwealth Fraud Control Guidelines, outlines how each Agency must have a fraud control plan. The private sector as yet is slow to follow suit.

To my knowledge few, if any, public or private sector organisations in Fiji have a detailed fraud and corruption control strategy. If so, I would be keen to know about them.

What are the main trends and issues that organisations should be aware of in Fiji ?

Having spent quite some time in Fiji over the past three years investigating fraud and corruption, as well as discussing and implementing prevention strategies, I can say that there are areas of general concern to all organisations. I will discuss a number of these below:

Purchasing

Procurement is a high risk area. The risks include, but are not limited to:

- Purchasing from one-off suppliers or suppliers who appear to be resellers rather than manufacturers or the main distributors, often at inflated prices involving a kickback to an employee.
- Collusion between staff and suppliers that results the organisation paying for the non-delivery of goods. In one case alone I was told of, equipment purchased for $25,000 was delivered and taken straight back out the gate, yet it was signed for and the invoice paid. It is understood a $5,000 corrupt commission was paid to facilitate the transaction.
- Forgery of local purchase orders that allows significant payments to be made to suppliers and contractors.
- Leaking of tender prices by staff to a competing tenderer in order to give them an advantage. This is usually done for a secret commission.

Revenue Assurance

In particular, the greatest risk is the theft of cash from sales. Cash is ‘king’ and controls over its receipt, storage, banking and reconciliation are sometimes very poor. Organisations must review their processes in a step by step manner, highlight where there may be opportunities for the cash to be removed and implement changes.

I have observed the failure to adequately reconcile sales invoices and receipts with the banking of cash as one of the worst controlled processes in organisations in Fiji.

Payroll

The ‘ghosting’ of employees continues to be a concern. I know of more than four instances alone in Fiji in recent years involving hundreds of thousands of dollars where sometimes a single employee has been allowed to introduce ghosts onto the payroll and get away with for years.

Organisations should get a detailed payroll review undertaken now from someone who is experienced at identifying the warning signs of ghosting. They may be surprised at what they find !

Stock theft

This is very common in Fiji. Employees of organisations remove stock from the premises in collusion with transport drivers, suppliers and security. The stock is sold for cash at a greatly reduced price compared to its face value. The effect is that it increases the purchases made by the organisation in order to replace the stolen stock, that management believe has been used in the normal course of business.

Organisations are particularly vulnerable at night, when there are less employees on site and the security is not as tight.

I worked on one matter a couple of years ago in the West, where welding rods were being blatantly stolen by employees and sold to local businesses in Raki Raki and Ba. The welding rods had stickers on them to prove that they were sold to one particular organisation by a leading supplier of welding rods in Fiji. Yet they were mysteriously appearing in a range of businesses and being used by their employees. This type of systematic stock theft can only happen with the collusion of the employees.

Theft of diesel and petrol has become a high risk in recent times with the explosion in the price of crude. How have organisations in Fiji reassessed their controls over these assets ?

In order to reduce the opportunity for stock theft to occur, security on the gates must be independent, well trained and their integrity and competence tested on a regular basis. Organisations should consider having an independent security review performed by a reputable contractor/consultant.

What are the emerging trends that are likely to impact organisations in Fiji now and in the near future?

Patterns of behaviour are clearly emerging as both the cost and complexity of technology decreases and information is shared through the internet in real time. Although more traditional frauds continue to be perpetrated against organisations, there are also a number of new or increasingly prominent challenges. Some of these challenges include:

- Identity fraud and theft - Criminal syndicates follow the money and a

Revenue Assurance

In particular, the greatest risk is the theft of cash from sales. Cash is ‘king’ and controls over its receipt, storage, banking and reconciliation are sometimes very poor. Organisations must review their processes in a step by step manner, highlight where there may be opportunities for the cash to be removed and implement changes.

I have observed the failure to adequately reconcile sales invoices and receipts with the banking of cash as one of the worst controlled processes in organisations in Fiji.

Payroll

The ‘ghosting’ of employees continues to be a concern. I know of more than four instances alone in Fiji in recent years involving hundreds of thousands of dollars where sometimes a single employee has been allowed to introduce ghosts onto the payroll and get away with for years.

Organisations should get a detailed payroll review undertaken now from someone who is experienced at identifying the warning signs of ghosting. They may be surprised at what they find !

Stock theft

This is very common in Fiji. Employees of organisations remove stock from the premises in collusion with transport drivers, suppliers and security. The stock is sold for cash at a greatly reduced price compared to its face value. The effect is that it increases the purchases made by the organisation in order to replace the stolen stock, that management believe has been used in the normal course of business.

Organisations are particularly vulnerable at night, when there are less employees on site and the security is not as tight.

I worked on one matter a couple of years ago in the West, where welding rods were being blatantly stolen by employees and sold to local businesses in Raki Raki and Ba. The welding rods had stickers on them to prove that they were sold to one particular organisation by a leading supplier of welding rods in Fiji. Yet they were mysteriously appearing in a range of businesses and being used by their employees. This type of systematic stock theft can only happen with the collusion of the employees.

Theft of diesel and petrol has become a high risk in recent times with the explosion in the price of crude. How have organisations in Fiji reassessed their controls over these assets ?

In order to reduce the opportunity for stock theft to occur, security on the gates must be independent, well trained and their integrity and competence tested on a regular basis. Organisations should consider having an independent security review performed by a reputable contractor/consultant.

What are the emerging trends that are likely to impact organisations in Fiji now and in the near future?

Patterns of behaviour are clearly emerging as both the cost and complexity of technology decreases and information is shared through the internet in real time. Although more traditional frauds continue to be perpetrated against organisations, there are also a number of new or increasingly prominent challenges. Some of these challenges include:

- Identity fraud and theft - Criminal syndicates follow the money and as such identity fraud and theft is fast becoming a significant problem as they target individuals and organisations. The quality of recent forgeries of identification documents such as driver’s licences, birth certificates and even passports has highlighted the need for biometric identification solutions such as fingerprints, voice patterns, retinal images, facial or hand geometry to be seriously considered by organisations. This has potential to be a real problem for the major banks in Fiji, Inland Revenue and Customs as well as the Fiji National Provident Fund.

- Cyber-crime – The role of ‘phishing’ and the use of ‘trojans’ to illegally penetrate computers to obtain confidential information, including banking details, shows no signs of abating. As an example, over 11,000 unique phishing attack websites were reported to the Anti-Phishing Working Group in May 2006. . As the internet penetrates Fiji to a greater extent in the next couple of years, so to will the extent of this type of fraud. Individual users and organisations must learn to protect themselves.

- Cheque fraud – this continues to be one of Australia’s most prevalent frauds affecting businesses and it is prevalent in Fiji. An example of this type of fraud was the recent case involving the altering of a Bank of Baroda cheque from $19.38 to $19,000.38. It involves the alteration of an existing cheque to a new payee and sometimes an altered amount. Some of the greatest exposure in Fiji besides the banks, would be supermarkets and other stores that cash people’s cheques for them. They should seriously consider their exposure if the cheque they are cashing has been altered!

What can your organisation do?

Senior management tasked with governance responsibilities should undertake a review of their approach to fraud and corruption control. It is recommended that they at least benchmark your organisation against best practice recommended by the Australian Standard AS8001-2003 – ‘Fraud and Corruption Control’ in order to determine gaps that require addressing. This will be the blue print for going forward.

Key areas of the fraud and corruption control strategy that should be emphasised and undertaken should include:
- championing a pro-active and thorough approach to fraud risk management across the organisation;
- reviewing the organisation’s whistleblowing policy and procedures and where one does not exist, seriously consider the inclusion of an anonymous reporting line to augment the reporting structure;
- educating staff about fraud and corruption, how it is detected and importantly the organisation’s reporting procedures; and
- investigating thoroughly all allegations of fraud and corruption and taking decisive action where there is proven evidence of it occurring. Consider zero tolerance !

Conclusion

Emerging technological trends, the globalisation of commerce as well as the growing impact of the prevalence of gambling should be of concern to Board members and senior management in all organisations in Fiji, both large and small. They all create risks that need to be constantly managed.

Those who commit fraud and corruption, whether internal or external to the organisation, are often attuned to system and control weaknesses and therefore target least points of resistance.

To deal with these fraud and corruption risks, organisations must look to how they are allocating their resources and seriously consider the need for a comprehensive strategy. It is time to allocate part of the budget to fraud and corruption prevention in order to positively impact your organisation’s achievements.

Case Study - Whistleblowing

Fraud awareness training was provided to all staff in a division. Subsequent to this training, the Financial Controller was sent an e-mail with the sender’s details disguised although indicating that they had attended one of the fraud awareness sessions. The e-mail contained detailed allegations concerning anomalies with a senior manager’s use of a company credit card.

A preliminary review was undertaken of the credit card statements that revealed personal purchases of clothes, meals, accommodation, dating services and books over an eighteen-month period that were all fraudulently misrepresented on the card statements as business related expenses. Although the card statements were countersigned by another manager, the manager later admitted trusting the senior manager’s explanations for the purchases.

The senior manager was in a key governance position within the organisation and was subsequently dismissed.

Case Study – False invoicing

A Finance Director with responsibility for the Asia-Pacific region travelled regularly. An anomaly with his expenses led to a further investigation of his activities. A link was identified between the name of an Australian based company of which he was a Director and a company based in Malaysia that had received consulting fees authorised by the Finance Director.

Further investigation revealed four companies in different Asian countries that had received consulting fees based on bogus projects. As a result of the investigation, it was proven that more than 50 invoices were prepared and subsequently signed off by the Finance Director at an Australian Dollar equivalent just below his delegation limit.

International company searches revealed he was a Director and Shareholder in each company. Over AUD2 million was recovered.

It was also revealed that the annual budget for such consulting expenses was $300,000 when the Finance Director joined. In the first year, he increased the budget to $1.8 million. He therefore budgeted for his own fraud.