The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> LUBNA AL MOHAMMEDI: My name is Lubna Al Mohammedi.
I'm the -- of a supply chain, CIPS. Today we have critical
subject regarding ethics. Under the title of ethics,
Ethical Procurement in the Digital Age we have Mr. Sam
Achampong, regional director of Asia, Middle East, and
Africa. Let's start the presentation.
Thank you.
>> SAM ACHAMPONG: Welcome to you all. A pleasure to be online of
course. From CIPS, we work globally on procurement and supply chain
matters. Today we're going to talk about ethics.
Why are we talking about ethics? We realise there is a perception
that technology provides transparency that eradicates issues of ethics
or corruption. Because we have a system and you take away the human
element thereby's a perception that eradicates that behavior. And of
course you do. There's a lot of good things in relation to technology
and the Internet that allow us to provide transparency around
transactions.
Especially in procurement. Because procurement is when you are
buying things for your company.
However, what I'm going to point out, some of the ways in which we
can try and avoid those ethical situations or certainly mitigate
against them.
So and the reason why we're attacking this subject is -- is basically
this comment saying: Does technology by itself prevent unethical
behavior?
And we as a institute know that actually it doesn't entirely, because
as this quote at the top there says, 80% of fraud within procurement,
within buying things is carried out at what we call the specification
stage. In other words, before you input your specification or your
procurement into a purchase order and things along those lines, those
behaviors can have already taken place.
So it's still very important that we understand some of the issues.
As an introduction this here we talk about the fact that despite
digital interventions the issues of fraud and corruption unfortunately
are growing. So social media, technology platforms are not eradicating
that. It's actually growing. And what COVID, the pandemic pointed
out, was that actually there are additional vulnerabilities due to the
fact that people are using more and more digital platforms.
So it's not less, it's more. Which is -- which is quite surprising.
So out of this what we're going to cover are these main points.
We're going to talk about -- first we're going to define what fraud and
corruption is. Because many people think -- have different views. But
we're going to define what I mean by fraud and corruption first. One
of the implications, but importantly how to -- the practical steps in
prying to avoid that. -- what are the --
Fraud and corruption itself costs 6% of global GDP. We're talking
about trillions of dollars, that's what the implications of fraud cost
to us as human beings across the world. And almost half of the people
who were surveyed in -- in the survey that we carried out, almost half
of these people acknowledged that they had experienced fraud or
corruption in the last two years.
Which is quite staggering.
As well as more than 10% people -- of people saying that these kind
of scenarios of fraud and corruption are normal place in areas that
they're aware about. That's the scale of the problem. Let's define
what I mean by fraud. That's the important thing. Fraud ask when you
mislead another party for financial gain -- is when you -- that's the
definition of fraud. Bribery is when you give something of value to
somebody because you want to influence them. Okay? So we're -- been
quite straight here. And corruption is when you use your position to
gain credibility or -- to gain advantage, an unfair advantage. Those
are the three definitions. Just so we're all on the same page here.
Those are the definitions of fraud and -- fraud, corruption and
bribery.
To mitigate against fraud and corruption, there are lots of laws and
legislations around the world. So here in the Kingdom, there is the --
the royal decree, that's the latest decree related to fraud and
corruption that's here to mitigate it. If you look at other parts of
the world, in the UK, from where I'm from, you have the UK bribery act.
The acts that are here to protect people and mitigate against some of
the issues that are happening. That's what happening around the world.
There are a lot of other pieces of legislation to also help combat some
of these issues.
And when you look at the actual types of fraud in relation to
procurement -- now what I mean procurement, I'm specifically talking
about when you are buying things, buying goods or services for your
company. So whenever I say procurement, I'm specifically saying that.
When you're buying goods or services for your company. So procurement
fraud can happen in many different ways. These are some of the
examples. And the definition of those examples are for example
personal interest. What does that mean?
That means that I'm purchasing items for my organisation for my own
use. So I use the company money to buy -- instead of buying a laptop,
I buy an Apple iMac. That's for me. I know it's not for the company.
And undisclosed interests. So maybe you have an interest in an
organisation and you then give that organisation a contract. That's
undisclosed interest. You have to -- there's nothing wrong with doing
that but you just have to be clear to acknowledge that, yes, I have an
interest in this company. So everybody is aware.
Receiving gifts, undeclared gifts, travel, entertainment, et cetera,
where suppliers work with each other to allow each other to win
contracts, that's also another issue. And variation of abuse is
interesting. Variation of abuse is where companies bid for a contract
at a very low price and throughout the course of the contract, they
will keep issuing variations to get more money out of it. Okay?
So they won't declare the initial compliance document, keep saying --
and if you want this, okay, you order the pen. But if you want ink,
that's more money, right? That sort of thing. Right? That's
variation abuse. And contract specification, contract specification
abuse is where an organisation -- or an individual will ensure that the
specification favored a specific company.
So your company have asked you to buy a car, but the special occasion
you put out says it has to be a BMW, has to have these wheels, only BMW
can provide that car. That's specific case abuse, when you say we will
buy a car, has to be able to go at this speed. But that specification,
that's specification abuse.
So what do we do? So there are few ways to get over that. And -- to
assess the risk in your own organisation. And there are various steps.
And by the way, these slides will become available to everybody. So
you won't digest everything now. But there are seven steps in which
you can assess the risk within your organisation to prevent some of
these things happening.
First is to establish the process. You need to have a workshop, you
need to set up what's called an anticorruption policy, and within --
with all the people within your organisation, so that everybody
understands some of the things I'm talking about today.
Once you've done that, when you're identifying the risks, these are
some of the kinds of questions you will ask. What arrangements to you
have in place, how could corruption occur in your organisation? That's
all you need to assess.
Where does the risk lie, and which locations within the organizations
are these issues likely to happen? Is it in the warehouse, is it in
HR, these sorts of things are what you need to think about at that
point.
And then you need to rate something called the inherent risk. This
is quite detailed. I won't go into too much detail. The inherent risk
is the risk relating to the impact it could have. There's a tool
that's provided within the CIPS insight, you can go to www.CIPS.org,
what you look at is if you look at for example bribery of tax
authorities. If you want to assess how important it is to deal with
this, what you do is you say, what's the probable impact? If someone
in your organisation bribed the tax authorities, the impact is very
high. Okay? But what is the probability of it happening?
Very, very low.
Okay, so what you will do is you would say, right, its a he very,
very low; the chance of it happening. Right? Because that is very
unlikely that somebody can bribe the tax authorities. You know, go
sees a cat is very unlikely. If it did happen, in that particular
thing the inherent risk is yellow. That's how you make the assessment
as you go along. As an example.
And then you need to look at the controls, what do you have in place
to prevent certain things happening? So what you do is you calculate
what's called the residual risk.
So what that means is if there is -- if there is a medium -- when you
look at the controls you have in place, the controls will be medium.
If the residual risk is medium. However, if that changes, if you have
strong mitigating controls, then the residual risk, the risk remaining,
the risk of it happening, will then be low. If you have strong
controls.
But if your controls are very weak, then the residual risk or
remaining risk becomes high. That's the kind of framework you use.
All right? And that kind of brushes it over in quite a high -- in
quite a speedy fashion. However, that's the principle behind it all.
And of course you can go into detail on this week, we can share that
with you.
So once you've done that, you need to develop an action plan or
response plan. So any risk that has not been dealt with within your
organisation, you have to say we haven't dealt with this, what's our
action plan? What are we going to do about it at that point?
And then once you've done that you need to make sure that you have a
monitoring plan to make sure that you're monitoring all these risks,
identifying any -- and also what the risk -- importantly, what the risk
tolerance of your organisation is. That's the important thing. Okay?
How tolerant are you of risk in the organisation?
Or a risk occurrence or fraud occurrence in your organisation? And
different organizations will have different tolerance levels. And
that's important. It all depends on your organisation and what you do.
Okay? If you're a government institution, your tolerance level will
be very, very high. Why? Because it's public money you're dealing
with. Okay?
So if you're a private organisation, that may be slightly different.
So the tolerance level is very, very important.
Also, your organisational culture will play a big part in -- in
preventing risks happening. Okay?
So obviously it -- in this subject in terms of fraud, senior
leadership and their culture are very, very key to what happens in your
organisation and what the residual risk is.
Which country you're in will also define what the residual risks are
as well. Because the framework of the country you're in may either
help or hinder how you're dealing with ethical issues. And that can
differ around the world.
Your organisation, if you provide it regular compliance training,
regular auditing and ensure that all individuals can report
inappropriate behavior in an appropriate way, then that will also
influence how your organisation deals with it.
Okay?
So if for example there's a lot of inappropriate behavior happening
in organisation, but there's no way that people can report it, then
that's going to influence how often these kind of things happen.
And recruitment. Their is quite interesting. Because every time you
bring someone into your organisation, that's good, but it's also a
risk. Okay? Because you don't know these people yet. Right? So
recruitment becomes an area that you actually need to ensure is very,
very stringent in terms of mitigating risk. So company checks, not
just on the character of the individual, but what undisclosed holdings
do these people have? It.
If you operate had a car company and you bring somebody in who
actually -- their father owns a company that provides parts for cars,
you need to know that. Okay? Because that's an undisclosed holding.
And that could be a problem further down the line. So these things are
important to know.
Obviously reference checks and criminal record checks are important.
These are basic, but let's be honest, you have to do these things
because otherwise you're leaving yourself open to risk. Training is
essential obviously, you can't assume that people are aware of some of
the issues we're talking about. Ethics, fraud, corruption are very
sensitive subjects. Because if you say to anybody will you commit
fraud of course they're going to say no. But you haven't trained them
about anything. You have to actually define what you mean by fraud.
It could be -- it could be conflict of interest. Okay?
No one -- not many people deliberately go out and defraud a company,
actually. The majority of people it's really a conflict of interest.
It's undisclosed holdings, things along those lines. You have to train
people as to what exactly you're speaking about to make sure you don't
get in that situation. And as it says there, in some countries,
training is actually a legal requirement for employees.
For certain things. Certainly in the UK, it's a legal requirement to
train people on these things and on some other things. Legal
requirement. Which means the company will be in trouble if they
haven't trained people.
So there are other areas when you putting together your policy and
procedure, you need to look at any legislation that applies in whatever
country. If you have a company walk working across the world you need
to look at every country you work in to make sure you're complying with
the legislation in that regard. It needs to be clear who the policy
applies to. It may not apply to some employees. People need to know
what their duties are. The company needs to have a statement that
there's zero tolerance around whistle-blowing, if somebody reports
something, how will it be dealt with?
That's the important thing as well. We spoke about reporting, spoke
about gifts. There's nothing wrong with receiving gifts from -- from
suppliers. Actually that itself is not fraud. There just needs to be
rules about what you can do. And if you're in the process of
purchasing something from a company, and on that day when they give --
your price -- they price, they also give you a gift, that's obviously a
bit of an issue. Because whether you like it or not, as human beings,
psychologically that makes a difference to how you're going to evaluate
that. It just needs to be trained. These things have to be explicit
so that everybody is aware of what the implications are.
Conflict of interest we mentioned and monitoring as well are issues.
So once all those things have been taken into account, these things
will definitely avoid any misunderstanding of what we're talking about
when we talk about fraud, corruption. Okay?
It's not just people wanted to take money. There are areas that can
get people in trouble when you do the investigation later. It's best
to avoid them and avoid innocent transactions being constituted as
fraud.
So as far as procurement is concerned, there is -- as an
organisation, you need to make sure you have things like segregation of
duties, the same person doesn't award contracts. As the same person
awards contracts can't be the same person who pays the contractor.
Things along those lines. That may sound obvious, but in some
organizations that happens. So I select the supplier, I also pay them.
I also approve their payment. These kind of things shouldn't happen.
That's called segregation. Again, all these things need to be looked
into very -- in a very detailed manner. That is a detailed section of
what we call the contract management cycle that looks at the risks that
happen in every single stage of when you're buying something.
And it becomes quite can complicated because fraud and corruption can
happen when you're defining a business need, it can happen when you're
putting a strategy together. It can happen when you're putting
tendered documents together. Can happen when you're managing the
supplier's performance. It happen in several ways. So again, it's
worth having that in front of you to understand where these issues can
occur.
So to -- in the event that it is found out or there's a suspicion
that there is fraud within your organisation, there needs -- everyone
needs to understand exactly what's going to happen. That can't be a
surprise. The process for reporting suspected fraud is there. The
steps that will be taken. In other words, if there's an investigation,
how does that investigation happen?
We can't make it up afterwards. These steps need to be written.
Who's going to carry out that investigation? Who's the person within
the organisation or people who will investigate these things? Are they
independent enough to do that. And also finally, if allegations are
proven, what happens?
What is the sanction for somebody who is found guilty of fraud or
investigation -- fraud or corruption in an organisation? That needs to
be clear. Are there any sanctions? Is it disciplinary, is it gross
misconduct. Is it a warning? That needs to be clear in your
organisation before you do that.
So those are the main things. All organizations need to have a
response plan. It needs to be independent. People need to be trained.
And there needs to be support for whistle blowers, people who are
willing to report things anonymously. You can't encourage people to
report these things and then disclose their name. Say this guy told me
you did this. That disrupts the integrity of the whole process. To
summarize, some quick questions for you guys, there are some questions
for everybody. Pay attention.
Going through that, you will be able to define exactly what fraud,
bribery and corruption is. Right? What are the implications, what are
the steps?
And finally, what the key elements of fraud, bribery and corruption
are and what the response plan is. Okay?
These are bits we went through. But just to check that everybody has
been paying attention on this whistle stop presentation, we are going
to have some questions.
Little bit of a quiz.
And to be transparent, there's no prize. There's no money. There's
no chocolates. Just questions. Right?
(Chuckling)
>> SAM ACHAMPONG: Just to be clear. I can't be accused of bribing
you to get the right question. Right? So let's just go through them.
So question, which of the following points describes how you evaluate
and prioritise stages of anticorruption risk assessment? What a
difficult question, I know. But what do you reckon? What does anyone
thing? 1, 2, 3, or 4? I'll give you some time.
Anyone want to just hazard a guess?
Okay. The risk factors, likely bit -- and potential impact. Good
one. Anyone else before I check?
Same.
Very close.
Very close. By the way, for what I've been through in the last 20
minutes, this is quite difficult. This is the actual extract from the
ethics examination. It's not been changed. So you're doing very well.
And they're quite tricky these questions.
You know, people that go through that receive the ethical -- the
global ethical mark. These are real extracts. They're not easy. And
each answer is quite similar. So just bear in mind. A director
working for a public health organisation has just returned from a
disciplinary hearing regarding a member of staff. Which step of a
response plan should a director now pursue to help prevent
reoccurrence? What would they do to stop this issue happening again?
Two things.
Okay. Three, ensure. Yep. And another one?
Okay. So 2 and 3? Okay. Cool.
Anyone else?
2 and 3?
Quite so. So basically what we're saying is the two important things
are once the case has happened, look at what happened, review the case,
and read your risk assessment to try and see it's not going to happen
again. 2 and 3 actually are correct. Right? But very, very similar.
But basically what you're talking about is what the two most important
things to look at. So again as I say, very, very close. Very, very
tricky.
These are tricky questions, right?
Okay.
Okay. So which organisation launched the set of anticorruption
initiatives to help countries address corruption? I did talk about
this in the presentation, by the way. So you can have a guess at this
in case you know this yourself. It's the MSF, Medecins Sans
Frontieres. Which organisation launched the anticorruption initiative
to help countries address corruption? 3?
Information commission? Anyone else? MSF? Okay.
Any others? Back to the World Bank. Yeah. The so I guess the clue
here is globalization. So it's, you know, I guess we're talking about
corruption, we're talking about the world. So the difficulty here is
that this is a -- this is a UK based one. This is a U.S. based one.
It's not global. That's global, but they're more medical. They're
more medical. The World Bank is the one that looks at banking issues.
Question 4. Part of the risk assessment for fraud includes the
following. Which is the relevant step? What a difficult one. Go
through that.
Rate the inherent risk. We spoke about this in the course. But
actually it's not very clear. But the most relevant step is to rate
the inherent risk. Inherent risk is what the risk is left after you've
taken all the actions that you need to take. This is the risk that
remains, having done what you need to do.
Five more. What's the best method for mitigating risks within an
organisation?
Okay. So -- so you need to choose one. If you say 1, okay.
Okay. 2?
Anyone else either 1 or 2? 4?
1, 2, 4. It's 3 -- no, 4, there you go.
Yeah. I think what we're saying here is that look if you have -- if
you don't have this culture from the top, then it's not going to work.
It doesn't make any difference. This culture has to come from the very
top of the organisation. Which of the following statements explains
the term conflict of interest? Is.
Conflict of interest.
2. Any others for 2?
2? Absolutely. The longest statement. Which organizations should
have a formal whistle-blowing policy? Whistle blowing policy is where
you encourage people to report things anonymously. What type of
organisation should have a whistle-blowing policy? It.
Sorry. Why should an organisation have a whistle-blowing policy?
Sorry. Why should they?
1, 2, 3, 4? Anybody?
4? Okay.
4?
Okay.
No. 8. A procurement person is carrying out a review to look at
antibribery policies. Which two statements are correct in relation to
bribery?
Two statements. Which of two statements relate to bribery?
Anyone?
Two statements. 1 and -- 1 and 4? 1 and 4, anybody?
1 and 4?
There you go. Is and 4. There you go. No. 9, contractor submits
multiple invoices for work they only did once. They've done work once
but they sent four invoices.
A -- somebody internally could help them to do this. What kind of
procurement fraud is this defined as?
So a contractor sends multiple invoices for something they've done
once. What type of fraud is that?
Okay. 1. Anybody else?
4?
Sorry. 5, yeah? 1, 5?
Okay.
We have a procurement person in here.
(Chuckling)
>> SAM ACHAMPONG: So, yes. In this case, yes, they sent the
invoice, and it's billing fraud. Right?
You bill once. You done work once, you bill once.
Which of the two are implications of unethical practices? Things
that can actually happen when you have unethical practice?
Two things.
Does it affect money, does it affect your brand?
Does it make your organisation grow too fast?
Or does it make you have more job applicants?
Which of the two things happen when you have unethical practices in
your organisation?
First two. 1 and 2. 1 and 2?
1 and 2?
1 and 2?
1 and 2. There you go.
Fantastic, oh, we have another one. Pretty sure the following
defines fraud. We have 12 questions, apology.
How would you define fraud?
So personal and corporate rules.
Deception.
Dishonest and fraudulent conduct by those in power.
Or offering incentive for somebody to act improperly.
1, 2, 3, 4.
2.
2. There you go. I think we're unanimous on 2. And 12, you're a
member of evaluation team, so you have a bid coming in. You are part
of a team who are deciding who's involved in that bid.
Which is correct in terms of your conflict of interest?
Okay?
So your best friend works in a bidding organisation, they're no
relation. But it still needs to be reported. Do you still need to
report that your friend is the bidder?
Or you're a director in one of the organizations, or a very distant
cousin who works in the bidding organisation. Do you have to report
that? Or your next door neighbor?
So which statement is correct in terms of how you need to deal with
conflicts of interest? Anyone? 1, 2, 3, 4?
First one? Had anyone else? No. 1? No. 1?
There you go. Cool. Okay. We do have 14. Sorry.
A procurement officer works for a small company... ah. Been supplied
with a laptop. You get a laptop from your company and you sell it and
take the money.
How is that defined? Ethics, kickbacks, fraud or bribery?
1? 4? Poor ethics. Fraud. It's also poor ethics by the way.
These are quite close. There you go.
So thank you very much, guys. That was not a test. Nobody -- not a
real test. We did it together. I hope you found it interesting. As I
said, you can get full details from our website. That's a very quick
overview of what a detailed global test that people take and they
get -- thanks for listening. Hope you enjoyed it. Enjoy the rest of
the day. Thank you.
Thank you guys, thank you very much. Thanks very much.
Thank you so much.
>> They can hear my voice in the online session now?
You can hear me? You can?
Okay. Anyone is still there in the workshop, you can participate in
the survey at the barcode. If you can scan the barcode, we will
appreciate that. Thank you very much.