Many who have responsibility for fraud and corruption control within their business (whether private or public sector) will know of the better practice guidance from the Australia Standard AS 8001 Fraud and Corruption Control.
In Australia, AS 8001-2008 has been the backbone of guidance on how to prevent, detect, and respond to the risks of fraud and corruption as per the following graphic from page 18 of AS 8001-2008.
Click image to enlarge Source: Australian Standard AS 8001-2008 Fraud and Corruption Control
|
There was an information session webinar to the public facilitated by the NSW Independent Commission Against Corruption (ICAC) on 7 July 2020 on the revision to AS 8001. From that presentation, the following depicts the situation (prior to the revised released AS 8001:2021) and the Governance Series of Australian Standards in which AS 8001 fits.
Click image to enlarge Source: NSW Independent Commission Against Corruption (ICAC) webinar presentation on the revision to AS 8001, 7 July 2020
|
AS 8001 has now undergone a refresh with a revised released AS 8001:2021 launched to the public on 11 June 2021. It is clear that there has been a great deal of hard work contributed into AS 8001:2021 from a number of volunteers who comprise the Standards Australia AS 8001 revision Committee. The quality is excellent and was released to the public on 11 June 2021.
Click image to enlarge Source: Australian Standard AS 8001:2021 Fraud and Corruption Control |
Click image to enlarge Source: Australian Standard AS 8001:2021 Fraud and Corruption Control
|
THE MAIN CHANGES FROM AS 8001-2018 TO THE CURRENT AS 8001:2021 ARE AS FOLLOWS:
1. Restructuring but still with an emphasis on fraud and corruption prevention, detection and response
2. Minimum requirement clarification in terms of ‘shall’ do certain things to conform to the standard (rather than the predecessor standard ‘should’)
3. A ‘Fraud and Corruption Control System (FCCS)’ (also referred to as a framework) replaces a ‘Fraud and Corruption Control Plan’ with documentation still required (that is, a policy and procedure, or plan) but as part of the overall system
4. Harmonising AS 8001:2021 with AS/ISO 37001-2019 Anti-Bribery Management Systems
5. Inclusion of a requirement for an ‘Information Security Management System (ISMS)’ consistent with ISO / IEC 27001 Information technology – Security techniques – Information security management systems
6. The introduction of normative references which are other standards with which conformance is required before AS 8001:2021 conformance can be achieved of the following -
Click image to enlarge Source: Australian Standard AS 8001:2021 Fraud and Corruption Control |
7. Updated definitions
8. Updated guidance on fraud and corruption foundation elements, prevention, detection and response for
- The role of ‘Governing Body’ and ‘Top Management’
- Specialist resources
- Fraud and corruption risk assessment
- External attack particularly cyber attack
- The roles of internal and external audit
- Managing conflicts of interest
- Managing risks associated with gifts, hospitality donations and similar benefits
- Managing performance-based targets
- Workforce screening and screening of business associates (any external parties including vendors)
- Identification of early warning signs
- Fraud and corruption data analytics
- Whistleblower management
- Expertise of the investigator
- Immediate action on the discovery of a fraud or corruption event, including digital evidence first response
- Capture and analysis of digital evidence
- Separation of investigation and determination processes
- Fraud and corruption event register
9. Introduction of the concept of ‘pressure testing’ for internal control systems, including fraud and corruption control especially the innovative release by the Commonwealth Government through its online Commonwealth Fraud Prevention Centre of its accessible ‘Pressure Testing Framework’ applicable to public sector and private sector alike with a framework and tools and tips
Click image to enlarge Source: Commonwealth Pressure Testing Framework |
10. Introduction of guidance on the impact of fraud and corruption on third parties and whether to inform third parties of an incident or report
What does this mean for you?
Effectively, no matter what organisation or type of business you are, there will be something you can get out of the new AS 8001:2021 Fraud and Corruption Control standard. This may be a complete comparison of what your business has in place against the revised AS 8001 for continuous improvement and filling those fraud/corruption mitigation gaps, to smaller businesses getting tips and tricks on what to do to help the business reducing loss from such key business risks, which for some business can mean the difference between profit and loss.
For more information
If you have any questions or would like to discuss how the new AS 8001:2021 and better practices in fraud and corruption control can help you and your business, please do not hesitate to contact Roger Darvall-Stevens, National Head of Fraud & Forensic Services at RSM.