Companies operating in China are finding an increasingly growing need for an effective, efficient anti-fraud and anti-corruption program.
Companies in China, like those in any growing market with a wealth of opportunities, face and must proactively face these challenges. Those that are listed on foreign exchanges, such as the US or UK markets face also further risks from regulatory compliance with the Foreign Corrupt Practices Act (FCPA – US) and the UK Bribery act.
Many companies believe that having an annual external audit reduces the risk of fraud. However, according to both US and international auditing standards, while it is necessary to have an “auditor’s consideration of fraud in an audit of financial statements, it is management’s responsibility to design and implement programs and controls to prevent, deter, and detect fraud.” (PCAOB)
What are the elements of an effective anti-fraud/anti-corruption program? Most experts in the industry note that there are three fundamental elements:
- Creating and maintaining a culture of honesty and high ethics and standards
- Conducting a thorough evaluation of the risks of fraud and corruption and ensuring the implementation of the policies processes, procedures, and controls (PPPC) needed to mitigate such risks and reduce the opportunities for fraud and corruption
- Ensuring the development and functioning of an appropriate oversight process. Culture, Evaluation and Oversight, backed by a strong framework of Policies, Procedures, Processes and Controls
A culture of honesty and high ethical standards
Every company has the responsibility to create a culture of “honesty and high ethical standards.” A culture based on integrity and strong ethical values assists in the deterrence of financial fraud, theft or misappropriation of assets, corruption and other issues.
Key steps and activities to establish this kind of culture include:
- Setting the tone at the top with management setting a positive example
- Clear and regular communications about the company culture to both external and internal parties
- Establishing a clear code of conduct and ethics, with annual confirmation that management and employees understand and abide by the code
- Communication of code of conduct and ethics to external parties
- Maintaining an effective whistleblower program and hotline
- Developing an appropriate training program which includes expectations about behaviour
- Investigating and remediating any instances of potential fraud or corruption
- Having appropriate disciplinary responses to unwanted behaviours
Management must actively demonstrate a commitment to supporting a culture of ethical behaviour and compliance. It is also important to ensure the workplace is a positive environment for management and employees. Communication is key to ensuring both external parties, such as vendors and consultants, and internal, such as management and employees, understand what the company’s expectations are or what the appropriate culture requires.
Evaluation: The risk assessment
To maintain an effective anti-fraud/anti-corruption program, it is important to annually assess the company’s risks. The main objective of the risk assessment is to more clearly understand the company’s risks in order to develop a program that will enable the company to prevent, detect and appropriately respond to fraud and/or corruption.
Therefore, the risk assessment should consider the various ways that fraud, corruption and misconduct may occur by and against the company. It should include not only the potential for fraudulent financial reporting, theft and/or misappropriation or misuse of assets, unauthorised or improper receipts and expenditures, corruptive behaviour and bribery, but also the risk of fraud by senior management or the Board of Directors as well as incentives for and pressures on management or employees to commit fraud.
Essential elements of an effective fraud risk assessment include:
- A systematic assessment process which considers various types of fraud and fraud schemes to which the company may be vulnerable
- Assessment of risks at not only a company-wide level but also at the significant business unit and significant account levels
- Evaluation and assessment of the significance of each type of risk and the likelihood of occurrence
- Understanding the cost-benefit relationship of responses to risks
- Reduce the exposure of the risks through the development of a strong framework of anti-fraud/anti-corruption policies, procedures, processes and controls (PPPC)
- Develop appropriate periodic testing of the PPPC to ensure they are operating effectively
Development of an appropriate oversight process
In order to maintain an effective anti-fraud/anti-corruption program, appropriate oversight by management and the board of directors is necessary. Management should have an organised process for assessing the quality of the anti-fraud programs and controls over time through ongoing monitoring activities as well as separate periodic evaluations. Many companies use an internal audit department to assist with the mitigation of company risks.
Internal audit may test the PPPC, reviewing the system annually and ensuring that changes in the business or environment are considered and responded to appropriately. The audit committee of the board of directors is typically tasked with oversight of the internal audit department and should receive periodic reports on its activities, including reports on any fraud/corruption noted and what response or action was taken as a result.
Absent an audit committee and internal audit department, management should develop an appropriate oversight process to monitor the effectiveness of the anti-fraud/anti-corruption program to ensure it is able to adequately prevent, detect and respond to fraud and corruption activities.
While the risks a Company faces operating in China can be challenging, the rewards and opportunities can outweigh certain of those risks with the implementation of an effective anti-fraud/anti-corruption program. The risk of fraud can be reduced through a combination of prevention, deterrence, and detection measures.
To get assistance with developing an anti-fraud/anti-corruption program and learn more about various ways to assess the company’s risks please do not hesitate to contact us.