Forces of change such as the rapid rise of technological interconnectivity, increased public transparency and greater regulatory scrutiny of fraud and corruption have reached a tipping point. Following the AS8001 Standard revision in 2021, it should come as no surprise that corporate governance - particularly the roles of boards and executives - is a vital component of the framework of a robust fraud and corruption control system for your organisation.
BDO’s Forensic Services team explore the revised fraud and corruption Standard AS8001:2021, more than a year on from its implementation, providing important context and insight to foster the understanding of the revision and answering pressing questions for corporate boards and executives.
Corporate governance and AS8001
The Standard revision calls for creating and implementing a fraud and corruption control system. This system is not a static plan but a process for detecting, preventing and responding to threats to your company. The revised Standard applies to all organisations. However, it places more responsibility on boards to:
- Understand the modern risks facing their company
- Manage a fraud and corruption control system with senior management.
Mapping the threat in tech
Technology and cyber security risks provide a massive attack surface of interconnected tech, the Internet of Things (IoT) and integrated applications commonly employed by organisations today. Another critical area to your organisation’s compliance is that of third-party providers, which are also highly attractive to cyber criminals.
Proper due diligence of third parties and effective integration into your organisation’s risk assessment process is imperative to protecting valuable information. The AS8001 Standard supports compliance with globally accepted practices such as the information security management system or ISO 27001 and best practices for risk management or ISO 31000.
Transparency and the changing legal and regulatory landscape
Regulatory and legal measures are designed to prevent misconduct in all its shapes and forms. Design of internal controls and verification of ongoing business processes to meet the requirements of the Standard will assist in reducing the risk of loss, reputational damage, legal issues or stakeholder backlash.
Our experts emphasise the importance of cultural change and continual improvement toward transparency as a strength, rather than a risk, in handling misconduct and whistleblowers.
Robust whistleblower systems that protect the whistleblower's privacy, create a secure communication channel for investigations, and follow legal and regulatory obligations for disclosure send a strong organisational message, both internally and externally. Whistleblowing remains one of the best ways to detect fraud and corruption.
Our experts suggest using an independent third-party to run your company’s whistleblower hotline, similar to BDO’s Whistleblower Reporting service.
Company culture comes from the top
A culture of transparency must come from the top. The lessons of corporate cultural failure are evident wherever material personal interest conflicts with fraud controls of the company. If directors perform their duties with due diligence in acting in the company’s best interests, they will be able to create a ‘risk culture’ throughout the company. Furthermore, the Australian Prudential Regulation Authority (APRA) recommends that culture be integral to your company’s risk management approach.
BDO’s Forensic Services experts are assisting boards who are revisiting their company risk profile and seeking fraud risk assessments to address gaps in the understanding of areas of risk, including:
- Enterprise agreements, lack of controls over data and cybersecurity threats
- Supply chain risks related to modern slavery that negatively impacts a company’s environmental, social and governance (ESG) commitments
- Compliance with new legislation in Victoria regarding underpayment penalties.
A company’s ‘risk culture’ starts with the examples set by the board and senior executive.
Keep your organisation on the right track
It’s been said that running a business is all about managing risk. Boards must address more threats today than ever before, including cybercrime, anti-trust competition, modern slavery, the global pandemic, corruption, insolvency, money laundering, fraud, and workplace misconduct. We recommend using the Standards as your blueprint for a future with trust embedded in your corporate governance framework.
1. Technology
It’s imperative to proactively plan for cyber attacks and demonstrate resilience to information threats. Boards must understand exactly what data assets your company is trying to protect when aligning cyber security efforts across your organisation.
2. Transparency
A culture of transparency is critical for addressing fraud and corruption that, when left unchecked, erodes public and shareholder confidence in organisations. Boards can use a legal and regulatory roadmap to provide a framework that is both effective and confidential when investigating whistleblower reports yet be open with disclosures of findings. You should consider how transparency can be an effective business strategy for your organisation.
3. Tone-from-the-top
The Standard places the management of risks more squarely on the board’s shoulders, with increased expectations to manage risk assessment, whistleblowing, process audits, and maintain communication with senior management on fraud and corruption. It’s incumbent on the board to set up a ‘risk culture’ through robust risk monitoring and effective controls.
4. Trust in corporate governance
A mutual, reciprocal trust between a company, its customers and shareholders require the same level of trust between the board and executives. The Standards can help your board to fulfil its role of managing governance and risk with a critical weapon - a corporate culture of openness, trustworthiness, and transparency.
If you need assistance helping your board understand their role in combatting fraud and corruption, contact BDO’s Forensic Services experts.
Is your organisation effectively implementing fraud and corruption control?
BDO has prepared a checklist with boards and executives in mind to ensure the right questions are being asked about their organisation’s current risks and controls.