In previous articles, we have dug down into the framework you should develop to detect and prevent corruption in your business. By using a risk-scoring model that uses continual assessment you can ensure your business is able to to pick up on any changes of behaviour/circumstances over times. The framework allows for you to identify corruption red flags, whether they be on an individual employee, a supplier or a collection of summary data for a department or series of positions in your organisation.
The next question is: what do you do once the risk has been identified?
Risk mitigation has often been tackled by in the form of a simple, but very effective tool called the 4T’s of risk treatment. The four treatments are defined as: Terminate, Treat, Transfer or Tolerate.
- Terminate:
Risk Mitigated by prohibition of activities through limitation resulting in the termination of service, prohibition of activities i.e. dangerous practices. - Treat:
Risk mitigated through application of policy, procedure with reference to standards and guidelines. - Transfer:
A decision is made to pass the impact of the activity to a third party BUT you remain responsible for defining and evaluating the KPIs of the third party’s performance. Insurance is the most common form of transfer, while other typical interventions here are the use of external investigators, counsellors or therapists. - Tolerate:
No action taken, no policy statement, risk occurrence is expected and treated during normal course of business, for example, late deliveries, bad weather, technical issues etc.
You risk-scoring framework will ultimately dictate your actions on identified risks. Taking an instance of financial distress, for example, you could manage it in a variety of ways. You could decide to treat it by counselling or supporting an employee, particularly so when the risk is considered minor or moderate, or you could decide to treat the risks identified by application of policy or a disciplinary code, if the risk is such that this action is warranted.
You could decide to terminate the risk occurring, such as disclosure of sensitive information by prohibiting social media posts related to company commercial or confidential information.
Further evidence required
Alternatively, you may find the evidence at hand is insufficient to make a determination and you require further information for analysis before you can reach a decision. Typical examples of this are when an employee has extensive commercial interests and there is a risk that there may be a conflict of interest.
If you find yourself in these circumstances, one option is to undertake a due-diligence evaluation of the circumstances that lead to the risk report. There are usually several types of due diligence. A level 1 is a high level review looking for key or material risks. When you find them, a level 2 is undertaken to get more detail on these risks to make a decision. If you are still unable to determine the risk, a level III (typically an investigation) is launched.
FCPAcompliancereport.com describes a Level 2 report as: supplementing the initial data with a deeper screening of international media, typically the major newspapers and periodicals from all countries plus detailed internet searches.
This will often reveal other forms of corruption-related information and may expose undisclosed or hidden information about the company, the third party’s key executives and associated parties.
Level 3 due diligence, meanwhile, is a deep dive into the background of an individual or company. Typically, this is a full investigation and is undertaken when the information you have received from both the lifestyle assessment and Level 2 due diligence is unable to satisfy the risk criteria you have defined.
A level III due diligence will typically require an in-country ‘boots-on-the-ground’ investigation. A Level III due diligence investigation is designed to supply your company “with a comprehensive analysis of all available public records data supplemented with detailed field intelligence to identify known and more importantly unknown conditions. Seasoned investigators who know the local language and are familiar with local politics bring an extra layer of depth assessment to an in-country investigation.” These types of investigations are normally only required on a small number of subjects, during a given period of time.
Continual assessments plug the gaps
In our experience, however, by using a framework that is set up to continually monitor for threats of corruption, there little or no need for investigative intervention, as you are identifying risks as they emerge, before they manifest as a problem that would require a level 3 investigation. The risks that are identified during the lifestyle assessment are generally mitigated through support, advice and monitoring the actions implemented to improve or rehabilitate the risk issue so that it is no longer a threat to the organisation.
Of the 15% to 20% of cases that do need further investigation, only about 3% to 5% would need a Level 3 due diligence investigation.
And while nobody wants such investigations to be necessary, it is far more palatable than the alternative of a forensic investigation (worth linking out to article on forensic investigation) once the crisis has already occurred. It is more cost-effective as well.
The framework will provide you with a solution so that you can quantify your risks, and the cost of measures to mitigate them. You will also remain in control of any action you decide to take. If applied correctly, the framework should ensure that you do not need to launch wide scope forensic investigations that become public crises, damaging your reputation in the process.
The framework explained
Putting together a working detection and prevention framework is the first step in safeguarding your business against corruption. We have previously provided a summary of our framework model, which has been used by organisations in South Africa. This should help you better understand how it can help simplify your task in preventing corruption from damaging your business. To revisit this article, click HERE.
Protect yourself
Corporate Insights has developed a one-of-a-kind modular system that combines TransUnion’s big data universe with our own artificial intelligence and smart logic algorithms. It enables you to continually monitor, detect, act on, and prevent critical risks, both internally and externally.
The Corporate Insights system will allow you to protect your business from succumbing to the typical pitfalls that lead to corruption. It also comes with a host of additional benefits to ensure your company continues to operate optimally, free of the threat of corruption.
Click here to book a demonstration or call us today to find out how you can transform your business.