Case Study: Fraud and corruption control assessment for Victorian Government regulator

A Victorian government regulator engaged RSM Australia’s Fraud & Forensic Services team to perform a Fraud and Corruption Control Assessment.

The Victorian government regulator faced challenges in managing fraud and corruption risks across the organisation. The regulator needed to identify and mitigate these risks to ensure the integrity of its operations and maintain public trust.

The engagement

This engagement involved a comprehensive assessment of fraud risks at multiple levels, including the organisation, business units and specific processes. Our Fraud & Forensic Services team enhanced the regulator's Fraud and Corruption Risk Register and aligned their Fraud and Corruption Control Framework with the strict Australian Standard AS 8001:2021 for Fraud and Corruption Control. This alignment ensured compliance with applicable legislation, guidelines, standards and best practices.

Furthermore, we provided guidance on best practices for organisational fraud and corruption control, focusing on the operating model and governance considerations. Our team also identified opportunities to enhance the regulator's technology and tooling capabilities.

As part of the engagement, we reviewed the regulator's Fraud and Corruption policy to ensure it complied with all relevant legislative, regulatory requirements, and aligned with Victorian Government and portfolio standards.

Our tailored approach 

Our team followed a tailored approach to ensure that the Fraud and Corruption Control Assessment was comprehensive and effective in meeting the regulator's specific needs. Our approach involved the following steps:

• Thorough Document Analysis:

We conducted a comprehensive review of the client's documents, which included policies, procedures, organizational charts, fraud and forensic case studies, risk management methodologies, historical and current internal audit practices and reports, and de-identified historical reports of fraud and corruption.

• Extensive Consultation: 

We held a total of 18 initial assessment consultation meetings across the organization, involving stakeholders at various levels, including Senior Executives and Managers.

• Policy and Procedure Enhancements: 

Where relevant policies and procedures already existed, we reviewed and updated them. For those areas where such policies and procedures were lacking, we took the initiative to develop draft documents for subsequent finalisation and implementation.

• Stringent Compliance Analysis: 

Our team conducted a rigorous analysis of the existing fraud and corruption control arrangements. This analysis involved a thorough comparison with legislative requirements and best practices, such as the Australian Standard AS 8001:2021 for Fraud and Corruption Control, the Australian Standard AS ISO 31000:2018 for Risk Management – Guidelines, and the Victorian Government Risk Management Framework (VGRMF).

• Engaging Stakeholder Workshops: 

We facilitated two group stakeholder consultation workshops, focusing on fraud and corruption risk identification, assessment, and the review of existing controls. In addition, we conducted two group stakeholder consultation and training workshops, specifically addressing 'grey corruption' and potential controls to be implemented.

• In-Depth Risk Analysis: 

An in-depth analysis of current fraud risks, potential mitigations, and treatments was carried out to inform the design of an updated fraud and corruption risk assessment.

• Customised Training Material: 

To enhance awareness and understanding, we developed specialised fraud and corruption awareness training materials tailored to the regulator's needs.

Challenges, Issues and Risks

During this engagement, we encountered several noteworthy challenges, which included:

Data Volume Management: Managing a substantial amount of data presented a significant hurdle. Sorting through extensive data sources and ensuring their accuracy and relevance were vital components of our process.

Information Presentation: A key challenge was the presentation of voluminous findings. Our objective was to transform complex data into a format that was easily understandable for our clients.

Stakeholder Scale: Given the client's identity as a large Victorian government regulator, the sheer number of stakeholders was substantial. This extensive stakeholder base necessitated meticulous consultation and coordination.

In summary, addressing these challenges required a meticulous approach to data management, clear and accessible reporting, and effective communication with a multitude of stakeholders.

Outcomes

RSM Australia's Fraud & Forensic Services team delivered the following outcomes:

• Enhanced Risk Assessment Register: 

We provided an updated and meticulously crafted fraud and corruption risk assessment register. This comprehensive resource was prepared for management's finalisation and implementation.

• Revised Policy and Procedure Documents: 

As per the defined scoping requirements, we either updated existing or created new policy and procedure documents. These documents were aligned with best practices and regulatory standards.

• Prioritised Management Plan: 

We delivered a prioritised management roadmap that outlined a clear path to reducing fraud and corruption risks to acceptable levels. This roadmap included the development of individual risk treatment plans.

• Detailed Report: 

Our findings from the fraud and corruption risk assessment, including the benchmarking exercise of the Fraud and Corruption Control Framework, were meticulously documented in a comprehensive report.

• Awareness Training Program: 

We developed a comprehensive plan for a fraud and corruption control awareness training program. This plan was designed for management's finalisation and subsequent implementation.

• Training Materials: 

We prepared draft training materials, workshop agendas, and presentations for relevant workshops. These materials were tailored to the client's specific needs and were open to client review and feedback.

• Employee Training Sessions: 

Our team conducted a total of 25 interactive and informative fraud and corruption awareness training sessions for employees. These sessions were instrumental in enhancing awareness and understanding throughout the organisation.

RSM Australia's dedicated efforts led to a wide range of tangible and actionable outcomes that not only addressed current challenges but also fortified the regulator's capacity to manage and mitigate fraud and corruption risks effectively.

FOR MORE INFORMATION

If you would like to learn more about the topics discussed in this article, please contact Roger Darvall-Stevens.