Putting together a working detection and prevention framework is the first step in safeguarding your business against corruption. In this blog, we will provide a summary of our framework model, which has been used by organisations in South Africa. This should help you better understand how it can help simplify your task in preventing corruption from damaging your business.
The framework has three areas of focus for assessment: employees, suppliers and customers. The framework breaks down the collection of information into individuals and companies. Individuals may be employees of your organisation or employees of your suppliers and customers. By collecting information against the criteria you have identified for your employees, you will have a template to apply for key individuals, such as directors or board members, of your customers and suppliers. All collection of information you undertake should comply with the relevant legislation, which most probably would be POPIA and the National Credit Act.
Finding your ‘heroes’
Your first step is to identify the employees who will manage the framework.
Ensure that these ‘heroes’ are employed across various departments in your business, but working together as a unit, ensuring the entire business is being monitored in the same way.
This will reduce the risk of division and silo mentality in managing the risks that you face.
It is important to remember that different departments have different needs and require different information. Enabling these team members to work together to evaluate the risk of corruption or fraud as a total problem, rather than a problem part owned by each responsible area in your business; regulatory risk (compliance), people risk (HR), operational risk (risk departments) and internal controls (Audit) you will achieve better and more agile “360 degree” decisions. You will receive important information on which to take action on before the problem has damaged your reputation and brand.
Identify your pain points
Next, identify your corruption risk priorities and needs.
These are known as your “pain points” and could be identified through previous engagements with employees, suppliers or customers that have raised red flags.
For example, these could have been raised during an application process for a new employee, through a new supplier or an existing supplier entering into a new venture. Typical pain points could be a process that is overly manual so that only a relatively small number of evaluations can be undertaken in a year compared to your employee or vendor base. In such circumstances, solutions that are adopted focus on certain perceived areas of risk leaving large sections of your value chain relatively un-monitored and potentially exposed to risks that may not be detected.
Evaluate the existing methods of detecting, identifying and preventing these risks from causing harm. Compare the outputs of your current solutions to the pain-points that you have identified. You should be able to quickly identify any gaps that exist. These gaps will typically fall into one of the four areas that we discussed in previous articles:
- inability to detect and prevent the wrong behaviour without impacting ability to grow the business
- inability to detect and prevent the wrong behaviour throughout the engagement life cycle
- inability to reduce the complexity of compliance and reduce compliance failures
- inability to gather, have on-hand and report relevant information or evidence to support a claim of wrongdoing
- releasing skilled resources from information collection and analysis tasks and allowing the resources to take up high level tasks, such as determinations about your risks.
One way of identifying your pain points is through risk assessment. These assessments come in a number of forms, some further and along and more accomplished than others, but something they all have in common is that they are not updated or refreshed regularly enough, nor do they sometimes monitor all the risks which require assessment.
Some companies we have worked with have only screened employees upon appointment to the company. Screening was not undertaken nor mandatory throughout their employment or before a promotion. Another example is that while suppliers were screened before being contracted, only a small percentage of service providers were evaluated throughout their journey with their customer. Very few, if any, companies we have worked with undertook due diligence evaluations upon their customers.
As such,
The framework you will develop and implement for your company will make risk driven evaluation of employees, customers and suppliers an ongoing, continuous activity.
This will ensure that the parts of your business that you consider “pain-points” will be subject to evaluation and analysis to ensure you have no priority risks that are left unattended.
Outcomes and key performance areas
It’s time to identify your desired outcomes, along with key performance areas of the detection system you will be putting in place. For example: “reduce the number of risky job applications to by 50% and save X Rands.”
You can do this by putting together a list of tasks:
- Identify the users and uses analysis you will produce
- Describe the target population and the service environment; the people or companies that you will assess.
- Identify your requirements
- Existing methods
- Pain points
- Desired state
- Describe solution
- Cost, impact, feasibility
- Assess the importance of the internal customer requirements
- Communicate the results
By properly evaluating and determining your requirements, you will have a greater understanding of information you need to collect, and in doing so, will avoid wasting time collecting unnecessary data.
Continuous, risk-driven evaluations
With the above in mind, it is important that the framework you develop and implement for your company makes risk driven evaluation of employees, customers and suppliers an ongoing, continuous activity. This will ensure that the parts of your business that you consider “pain-points” will be subject to evaluation and analysis to ensure you have no priority risks that are left unattended or unmonitored.
By allocating attention to the risks you know you need to monitor when you have implemented your framework, you will have tailored a solution to suit your circumstances and business objectives. This will enable strengthened governance and improved reporting, which will in turn create a culture of confidence, as your employees will feel enabled and in control of risks the business faces.
By implementing this type of framework, you will enable your employees to make risk-based decisions and enjoy the 360-degree view of corruption risk that you have developed for them.
By monitoring the risk you have identified on a continuous basis, your employees can use the data and the results to make better risk decisions and transform your business. This will enable them to protect the reputation of the company and ultimately, generate greater returns for shareholders and the community.
Protect yourself
Corporate Insights has developed a one-of-a-kind modular system that combines TransUnion’s big data universe with our own artificial intelligence and smart logic algorithms. It enables you to continually monitor, detect, act on, and prevent critical risks, both internally and externally.
The Corporate Insights system will allow you to protect your business from succumbing to the typical pitfalls that lead to corruption. It also comes with a host of additional benefits to ensure your company continues to operate optimally, free of the threat of corruption.
Click here to book a demonstration or call us today to find out how you can transform your business.