IGF 2024-Day 0-Workshop Room 3-Event 178 Ethical Procurement in the Digital Age -- RAW

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.

***

 

>> LUBNA AL MOHAMMEDI:  My name is Lubna Al Mohammedi.

  I'm the -- of a supply chain, CIPS.  Today we have critical

  subject regarding ethics.  Under the title of ethics,

  Ethical Procurement in the Digital Age we have Mr. Sam

  Achampong, regional director of Asia, Middle East, and

  Africa.  Let's start the presentation.

    Thank you.

    >> SAM ACHAMPONG:  Welcome to you all.  A pleasure to be online of

  course.  From CIPS, we work globally on procurement and supply chain

  matters.  Today we're going to talk about ethics.

    Why are we talking about ethics?  We realise there is a perception

  that technology provides transparency that eradicates issues of ethics

  or corruption.  Because we have a system and you take away the human

  element thereby's a perception that eradicates that behavior.  And of

  course you do.  There's a lot of good things in relation to technology

  and the Internet that allow us to provide transparency around

  transactions.

    Especially in procurement.  Because procurement is when you are

  buying things for your company.

    However, what I'm going to point out, some of the ways in which we

  can try and avoid those ethical situations or certainly mitigate

  against them.

    So and the reason why we're attacking this subject is -- is basically

  this comment saying:  Does technology by itself prevent unethical

  behavior?

    And we as a institute know that actually it doesn't entirely, because

  as this quote at the top there says, 80% of fraud within procurement,

  within buying things is carried out at what we call the specification

  stage.  In other words, before you input your specification or your

  procurement into a purchase order and things along those lines, those

  behaviors can have already taken place.

    So it's still very important that we understand some of the issues.

    As an introduction this here we talk about the fact that despite

  digital interventions the issues of fraud and corruption unfortunately

  are growing.  So social media, technology platforms are not eradicating

  that.  It's actually growing.  And what COVID, the pandemic pointed

  out, was that actually there are additional vulnerabilities due to the

  fact that people are using more and more digital platforms.

    So it's not less, it's more.  Which is -- which is quite surprising.

    So out of this what we're going to cover are these main points.

  We're going to talk about -- first we're going to define what fraud and

  corruption is.  Because many people think -- have different views.  But

  we're going to define what I mean by fraud and corruption first.  One

  of the implications, but importantly how to -- the practical steps in

  prying to avoid that.  -- what are the --

    Fraud and corruption itself costs 6% of global GDP.  We're talking

  about trillions of dollars, that's what the implications of fraud cost

  to us as human beings across the world.  And almost half of the people

  who were surveyed in -- in the survey that we carried out, almost half

  of these people acknowledged that they had experienced fraud or

  corruption in the last two years.

    Which is quite staggering.

    As well as more than 10% people -- of people saying that these kind

  of scenarios of fraud and corruption are normal place in areas that

  they're aware about.  That's the scale of the problem.  Let's define

  what I mean by fraud.  That's the important thing.  Fraud ask when you

  mislead another party for financial gain -- is when you -- that's the

  definition of fraud.  Bribery is when you give something of value to

  somebody because you want to influence them.  Okay?  So we're -- been

  quite straight here.  And corruption is when you use your position to

  gain credibility or -- to gain advantage, an unfair advantage.  Those

  are the three definitions.  Just so we're all on the same page here.

  Those are the definitions of fraud and -- fraud, corruption and

  bribery.

    To mitigate against fraud and corruption, there are lots of laws and

  legislations around the world.  So here in the Kingdom, there is the --

  the royal decree, that's the latest decree related to fraud and

  corruption that's here to mitigate it.  If you look at other parts of

  the world, in the UK, from where I'm from, you have the UK bribery act.

  The acts that are here to protect people and mitigate against some of

  the issues that are happening.  That's what happening around the world.

  There are a lot of other pieces of legislation to also help combat some

  of these issues.

    And when you look at the actual types of fraud in relation to

  procurement -- now what I mean procurement, I'm specifically talking

  about when you are buying things, buying goods or services for your

  company.  So whenever I say procurement, I'm specifically saying that.

  When you're buying goods or services for your company.  So procurement

  fraud can happen in many different ways.  These are some of the

  examples.  And the definition of those examples are for example

  personal interest.  What does that mean?

    That means that I'm purchasing items for my organisation for my own

  use.  So I use the company money to buy -- instead of buying a laptop,

  I buy an Apple iMac.  That's for me.  I know it's not for the company.

  And undisclosed interests.  So maybe you have an interest in an

  organisation and you then give that organisation a contract.  That's

  undisclosed interest.  You have to -- there's nothing wrong with doing

  that but you just have to be clear to acknowledge that, yes, I have an

  interest in this company.  So everybody is aware.

    Receiving gifts, undeclared gifts, travel, entertainment, et cetera,

  where suppliers work with each other to allow each other to win

  contracts, that's also another issue.  And variation of abuse is

  interesting.  Variation of abuse is where companies bid for a contract

  at a very low price and throughout the course of the contract, they

  will keep issuing variations to get more money out of it.  Okay?

    So they won't declare the initial compliance document, keep saying --

  and if you want this, okay, you order the pen.  But if you want ink,

  that's more money, right?  That sort of thing.  Right?  That's

  variation abuse.  And contract specification, contract specification

  abuse is where an organisation -- or an individual will ensure that the

  specification favored a specific company.

    So your company have asked you to buy a car, but the special occasion

  you put out says it has to be a BMW, has to have these wheels, only BMW

  can provide that car.  That's specific case abuse, when you say we will

  buy a car, has to be able to go at this speed.  But that specification,

  that's specification abuse.

    So what do we do?  So there are few ways to get over that.  And -- to

  assess the risk in your own organisation.  And there are various steps.

  And by the way, these slides will become available to everybody.  So

  you won't digest everything now.  But there are seven steps in which

  you can assess the risk within your organisation to prevent some of

  these things happening.

    First is to establish the process.  You need to have a workshop, you

  need to set up what's called an anticorruption policy, and within --

  with all the people within your organisation, so that everybody

  understands some of the things I'm talking about today.

    Once you've done that, when you're identifying the risks, these are

  some of the kinds of questions you will ask.  What arrangements to you

  have in place, how could corruption occur in your organisation?  That's

  all you need to assess.

    Where does the risk lie, and which locations within the organizations

  are these issues likely to happen?  Is it in the warehouse, is it in

  HR, these sorts of things are what you need to think about at that

  point.

    And then you need to rate something called the inherent risk.  This

  is quite detailed.  I won't go into too much detail.  The inherent risk

  is the risk relating to the impact it could have.  There's a tool

  that's provided within the CIPS insight, you can go to www.CIPS.org,

  what you look at is if you look at for example bribery of tax

  authorities.  If you want to assess how important it is to deal with

  this, what you do is you say, what's the probable impact?  If someone

  in your organisation bribed the tax authorities, the impact is very

  high.  Okay?  But what is the probability of it happening?

    Very, very low.

    Okay, so what you will do is you would say, right, its a he very,

  very low; the chance of it happening.  Right?  Because that is very

  unlikely that somebody can bribe the tax authorities.  You know, go

  sees a cat is very unlikely.  If it did happen, in that particular

  thing the inherent risk is yellow.  That's how you make the assessment

  as you go along.  As an example.

    And then you need to look at the controls, what do you have in place

  to prevent certain things happening?  So what you do is you calculate

  what's called the residual risk.

    So what that means is if there is -- if there is a medium -- when you

  look at the controls you have in place, the controls will be medium.

  If the residual risk is medium.  However, if that changes, if you have

  strong mitigating controls, then the residual risk, the risk remaining,

  the risk of it happening, will then be low.  If you have strong

  controls.

    But if your controls are very weak, then the residual risk or

  remaining risk becomes high.  That's the kind of framework you use.

  All right?  And that kind of brushes it over in quite a high -- in

  quite a speedy fashion.  However, that's the principle behind it all.

  And of course you can go into detail on this week, we can share that

  with you.

    So once you've done that, you need to develop an action plan or

  response plan.  So any risk that has not been dealt with within your

  organisation, you have to say we haven't dealt with this, what's our

  action plan?  What are we going to do about it at that point?

    And then once you've done that you need to make sure that you have a

  monitoring plan to make sure that you're monitoring all these risks,

  identifying any -- and also what the risk -- importantly, what the risk

  tolerance of your organisation is.  That's the important thing.  Okay?

  How tolerant are you of risk in the organisation?

    Or a risk occurrence or fraud occurrence in your organisation?  And

  different organizations will have different tolerance levels.  And

  that's important.  It all depends on your organisation and what you do.

    Okay?  If you're a government institution, your tolerance level will

  be very, very high.  Why?  Because it's public money you're dealing

  with.  Okay?

    So if you're a private organisation, that may be slightly different.

  So the tolerance level is very, very important.

    Also, your organisational culture will play a big part in -- in

  preventing risks happening.  Okay?

    So obviously it -- in this subject in terms of fraud, senior

  leadership and their culture are very, very key to what happens in your

  organisation and what the residual risk is.

    Which country you're in will also define what the residual risks are

  as well.  Because the framework of the country you're in may either

  help or hinder how you're dealing with ethical issues.  And that can

  differ around the world.

    Your organisation, if you provide it regular compliance training,

  regular auditing and ensure that all individuals can report

  inappropriate behavior in an appropriate way, then that will also

  influence how your organisation deals with it.

    Okay?

    So if for example there's a lot of inappropriate behavior happening

  in organisation, but there's no way that people can report it, then

  that's going to influence how often these kind of things happen.

    And recruitment.  Their is quite interesting.  Because every time you

  bring someone into your organisation, that's good, but it's also a

  risk.  Okay?  Because you don't know these people yet.  Right?  So

  recruitment becomes an area that you actually need to ensure is very,

  very stringent in terms of mitigating risk.  So company checks, not

  just on the character of the individual, but what undisclosed holdings

  do these people have?  It.

    If you operate had a car company and you bring somebody in who

  actually -- their father owns a company that provides parts for cars,

  you need to know that.  Okay?  Because that's an undisclosed holding.

  And that could be a problem further down the line.  So these things are

  important to know.

    Obviously reference checks and criminal record checks are important.

  These are basic, but let's be honest, you have to do these things

  because otherwise you're leaving yourself open to risk.  Training is

  essential obviously, you can't assume that people are aware of some of

  the issues we're talking about.  Ethics, fraud, corruption are very

  sensitive subjects.  Because if you say to anybody will you commit

  fraud of course they're going to say no.  But you haven't trained them

  about anything.  You have to actually define what you mean by fraud.

  It could be -- it could be conflict of interest.  Okay?

    No one -- not many people deliberately go out and defraud a company,

  actually.  The majority of people it's really a conflict of interest.

  It's undisclosed holdings, things along those lines.  You have to train

  people as to what exactly you're speaking about to make sure you don't

  get in that situation.  And as it says there, in some countries,

  training is actually a legal requirement for employees.

    For certain things.  Certainly in the UK, it's a legal requirement to

  train people on these things and on some other things.  Legal

  requirement.  Which means the company will be in trouble if they

  haven't trained people.

    So there are other areas when you putting together your policy and

  procedure, you need to look at any legislation that applies in whatever

  country.  If you have a company walk working across the world you need

  to look at every country you work in to make sure you're complying with

  the legislation in that regard.  It needs to be clear who the policy

  applies to.  It may not apply to some employees.  People need to know

  what their duties are.  The company needs to have a statement that

  there's zero tolerance around whistle-blowing, if somebody reports

  something, how will it be dealt with?

    That's the important thing as well.  We spoke about reporting, spoke

  about gifts.  There's nothing wrong with receiving gifts from -- from

  suppliers.  Actually that itself is not fraud.  There just needs to be

  rules about what you can do.  And if you're in the process of

  purchasing something from a company, and on that day when they give --

  your price -- they price, they also give you a gift, that's obviously a

  bit of an issue.  Because whether you like it or not, as human beings,

  psychologically that makes a difference to how you're going to evaluate

  that.  It just needs to be trained.  These things have to be explicit

  so that everybody is aware of what the implications are.

    Conflict of interest we mentioned and monitoring as well are issues.

  So once all those things have been taken into account, these things

  will definitely avoid any misunderstanding of what we're talking about

  when we talk about fraud, corruption.  Okay?

    It's not just people wanted to take money.  There are areas that can

  get people in trouble when you do the investigation later.  It's best

  to avoid them and avoid innocent transactions being constituted as

  fraud.

    So as far as procurement is concerned, there is -- as an

  organisation, you need to make sure you have things like segregation of

  duties, the same person doesn't award contracts.  As the same person

  awards contracts can't be the same person who pays the contractor.

  Things along those lines.  That may sound obvious, but in some

  organizations that happens.  So I select the supplier, I also pay them.

  I also approve their payment.  These kind of things shouldn't happen.

  That's called segregation.  Again, all these things need to be looked

  into very -- in a very detailed manner.  That is a detailed section of

  what we call the contract management cycle that looks at the risks that

  happen in every single stage of when you're buying something.

    And it becomes quite can complicated because fraud and corruption can

  happen when you're defining a business need, it can happen when you're

  putting a strategy together.  It can happen when you're putting

  tendered documents together.  Can happen when you're managing the

  supplier's performance.  It happen in several ways.  So again, it's

  worth having that in front of you to understand where these issues can

  occur.

    So to -- in the event that it is found out or there's a suspicion

  that there is fraud within your organisation, there needs -- everyone

  needs to understand exactly what's going to happen.  That can't be a

  surprise.  The process for reporting suspected fraud is there.  The

  steps that will be taken.  In other words, if there's an investigation,

  how does that investigation happen?

    We can't make it up afterwards.  These steps need to be written.

  Who's going to carry out that investigation?  Who's the person within

  the organisation or people who will investigate these things?  Are they

  independent enough to do that.  And also finally, if allegations are

  proven, what happens?

    What is the sanction for somebody who is found guilty of fraud or

  investigation -- fraud or corruption in an organisation?  That needs to

  be clear.  Are there any sanctions?  Is it disciplinary, is it gross

  misconduct.  Is it a warning?  That needs to be clear in your

  organisation before you do that.

    So those are the main things.  All organizations need to have a

  response plan.  It needs to be independent.  People need to be trained.

  And there needs to be support for whistle blowers, people who are

  willing to report things anonymously.  You can't encourage people to

  report these things and then disclose their name.  Say this guy told me

  you did this.  That disrupts the integrity of the whole process.  To

  summarize, some quick questions for you guys, there are some questions

  for everybody.  Pay attention.

    Going through that, you will be able to define exactly what fraud,

  bribery and corruption is.  Right?  What are the implications, what are

  the steps?

    And finally, what the key elements of fraud, bribery and corruption

  are and what the response plan is.  Okay?

    These are bits we went through.  But just to check that everybody has

  been paying attention on this whistle stop presentation, we are going

  to have some questions.

    Little bit of a quiz.

    And to be transparent, there's no prize.  There's no money.  There's

  no chocolates.  Just questions.  Right?

                (Chuckling)

    >> SAM ACHAMPONG:  Just to be clear.  I can't be accused of bribing

  you to get the right question.  Right?  So let's just go through them.

    So question, which of the following points describes how you evaluate

  and prioritise stages of anticorruption risk assessment?  What a

  difficult question, I know.  But what do you reckon?  What does anyone

  thing?  1, 2, 3, or 4?  I'll give you some time.

    Anyone want to just hazard a guess?

    Okay.  The risk factors, likely bit -- and potential impact.  Good

  one.  Anyone else before I check?

    Same.

    Very close.

    Very close.  By the way, for what I've been through in the last 20

  minutes, this is quite difficult.  This is the actual extract from the

  ethics examination.  It's not been changed.  So you're doing very well.

  And they're quite tricky these questions.

    You know, people that go through that receive the ethical -- the

  global ethical mark.  These are real extracts.  They're not easy.  And

  each answer is quite similar.  So just bear in mind.  A director

  working for a public health organisation has just returned from a

  disciplinary hearing regarding a member of staff.  Which step of a

  response plan should a director now pursue to help prevent

  reoccurrence?  What would they do to stop this issue happening again?

    Two things.

    Okay.  Three, ensure.  Yep.  And another one?

    Okay.  So 2 and 3?  Okay.  Cool.

    Anyone else?

    2 and 3?

    Quite so.  So basically what we're saying is the two important things

  are once the case has happened, look at what happened, review the case,

  and read your risk assessment to try and see it's not going to happen

  again.  2 and 3 actually are correct.  Right?  But very, very similar.

  But basically what you're talking about is what the two most important

  things to look at.  So again as I say, very, very close.  Very, very

  tricky.

    These are tricky questions, right?

    Okay.

    Okay.  So which organisation launched the set of anticorruption

  initiatives to help countries address corruption?  I did talk about

  this in the presentation, by the way.  So you can have a guess at this

  in case you know this yourself.  It's the MSF, Medecins Sans

  Frontieres.  Which organisation launched the anticorruption initiative

  to help countries address corruption?  3?

    Information commission?  Anyone else?  MSF?  Okay.

    Any others?  Back to the World Bank.  Yeah.  The so I guess the clue

  here is globalization.  So it's, you know, I guess we're talking about

  corruption, we're talking about the world.  So the difficulty here is

  that this is a -- this is a UK based one.  This is a U.S. based one.

  It's not global.  That's global, but they're more medical.  They're

  more medical.  The World Bank is the one that looks at banking issues.

    Question 4.  Part of the risk assessment for fraud includes the

  following.  Which is the relevant step?  What a difficult one.  Go

  through that.

    Rate the inherent risk.  We spoke about this in the course.  But

  actually it's not very clear.  But the most relevant step is to rate

  the inherent risk.  Inherent risk is what the risk is left after you've

  taken all the actions that you need to take.  This is the risk that

  remains, having done what you need to do.

    Five more.  What's the best method for mitigating risks within an

  organisation?

    Okay.  So -- so you need to choose one.  If you say 1, okay.

    Okay.  2?

    Anyone else either 1 or 2?  4?

    1, 2, 4.  It's 3 -- no, 4, there you go.

    Yeah.  I think what we're saying here is that look if you have -- if

  you don't have this culture from the top, then it's not going to work.

  It doesn't make any difference.  This culture has to come from the very

  top of the organisation.  Which of the following statements explains

  the term conflict of interest?  Is.

    Conflict of interest.

    2.  Any others for 2?

    2?  Absolutely.  The longest statement.  Which organizations should

  have a formal whistle-blowing policy?  Whistle blowing policy is where

  you encourage people to report things anonymously.  What type of

  organisation should have a whistle-blowing policy?  It.

    Sorry.  Why should an organisation have a whistle-blowing policy?

  Sorry.  Why should they?

    1, 2, 3, 4?  Anybody?

    4?  Okay.

    4?

    Okay.

    No. 8.  A procurement person is carrying out a review to look at

  antibribery policies.  Which two statements are correct in relation to

  bribery?

    Two statements.  Which of two statements relate to bribery?

    Anyone?

    Two statements.  1 and -- 1 and 4?  1 and 4, anybody?

    1 and 4?

    There you go.  Is and 4.  There you go.  No. 9, contractor submits

  multiple invoices for work they only did once.  They've done work once

  but they sent four invoices.

    A -- somebody internally could help them to do this.  What kind of

  procurement fraud is this defined as?

    So a contractor sends multiple invoices for something they've done

  once.  What type of fraud is that?

    Okay.  1.  Anybody else?

    4?

    Sorry.  5, yeah?  1, 5?

    Okay.

    We have a procurement person in here.

                (Chuckling)

    >> SAM ACHAMPONG:  So, yes.  In this case, yes, they sent the

  invoice, and it's billing fraud.  Right?

    You bill once.  You done work once, you bill once.

    Which of the two are implications of unethical practices?  Things

  that can actually happen when you have unethical practice?

    Two things.

    Does it affect money, does it affect your brand?

    Does it make your organisation grow too fast?

    Or does it make you have more job applicants?

    Which of the two things happen when you have unethical practices in

  your organisation?

    First two.  1 and 2.  1 and 2?

    1 and 2?

    1 and 2?

    1 and 2.  There you go.

    Fantastic, oh, we have another one.  Pretty sure the following

  defines fraud.  We have 12 questions, apology.

    How would you define fraud?

    So personal and corporate rules.

    Deception.

    Dishonest and fraudulent conduct by those in power.

    Or offering incentive for somebody to act improperly.

    1, 2, 3, 4.

    2.

    2.  There you go.  I think we're unanimous on 2.  And 12, you're a

  member of evaluation team, so you have a bid coming in.  You are part

  of a team who are deciding who's involved in that bid.

    Which is correct in terms of your conflict of interest?

    Okay?

    So your best friend works in a bidding organisation, they're no

  relation.  But it still needs to be reported.  Do you still need to

  report that your friend is the bidder?

    Or you're a director in one of the organizations, or a very distant

  cousin who works in the bidding organisation.  Do you have to report

  that?  Or your next door neighbor?

    So which statement is correct in terms of how you need to deal with

  conflicts of interest?  Anyone?  1, 2, 3, 4?

    First one?  Had anyone else?  No. 1?  No. 1?

    There you go.  Cool.  Okay.  We do have 14.  Sorry.

    A procurement officer works for a small company... ah.  Been supplied

  with a laptop.  You get a laptop from your company and you sell it and

  take the money.

    How is that defined?  Ethics, kickbacks, fraud or bribery?

    1?  4?  Poor ethics.  Fraud.  It's also poor ethics by the way.

  These are quite close.  There you go.

    So thank you very much, guys.  That was not a test.  Nobody -- not a

  real test.  We did it together.  I hope you found it interesting.  As I

  said, you can get full details from our website.  That's a very quick

  overview of what a detailed global test that people take and they

  get -- thanks for listening.  Hope you enjoyed it.  Enjoy the rest of

  the day.  Thank you.

    Thank you guys, thank you very much.  Thanks very much.

    Thank you so much.

    >>  They can hear my voice in the online session now?

    You can hear me?  You can?

    Okay.  Anyone is still there in the workshop, you can participate in

  the survey at the barcode.  If you can scan the barcode, we will

  appreciate that.  Thank you very much.