The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> LUBNA AL MOHAMMEDI: My name is Lubna Al Mohammedi. I'm the head of the Chartered Institute of Procurement a supply chain, CIPS. Today we have critical subject regarding ethics. Under the title of ethics, Ethical Procurement in the Digital Age we have Mr. Sam Achampong, regional director of Asia, Middle East, and Africa. Let's start the presentation.
Thank you.
>> SAM ACHAMPONG: Welcome to you all. A pleasure to be online of course. From CIPS, we work globally on procurement and supply chain matters. Today we're going to talk about ethics.
Why are we talking about ethics? We realise there is a perception that technology provides transparency that eradicates issues of ethics or corruption. Because we have a system, and you take away the human element there's a perception that eradicates that behavior. And of course you do. There's a lot of good things in relation to technology and the Internet that allow us to provide transparency around transactions.
Especially in procurement. Because procurement is when you are buying things for your company.
However, what I'm going to point out, some of the ways in which we can try and avoid those ethical situations or certainly mitigate against them.
So ‑‑ and the reason why we're attacking this subject is ‑‑ is basically this comment saying: Does technology by itself prevent unethical behavior?
And we as a institute know that actually it doesn't entirely, because as this quote at the top there says, 80% of fraud within procurement, within buying things, is carried out at what we call the specification stage. In other words, before you input your specification or your procurement into a purchase order and things along those lines, those behaviors can have already taken place.
So it's still very important that we understand some of the issues.
As an introduction this here we talk about the fact that, despite digital interventions, the issues of fraud and corruption unfortunately are growing. So social media, technology platforms are not eradicating that. It's actually growing. And what COVID, the pandemic, pointed out was that actually there are additional vulnerabilities due to the fact that people are using more and more digital platforms.
So it's not less, it's more. Which is ‑‑ which is quite surprising.
So out of this what we're going to cover are these main points. We're going to talk about ‑‑ first we're going to define what fraud and corruption is. Because many people think ‑‑ have different views. But we're going to define what I mean by fraud and corruption first. One of the implications, but importantly how to ‑‑ the practical steps in trying to avoid that.
What are the ‑‑ fraud and corruption itself costs 6% of global GDP. We're talking about trillions of dollars. That's what the implications of fraud cost to us as human beings across the world. And almost half of the people who were surveyed in ‑‑ in the survey that we carried out, almost half of these people acknowledged that they had experienced fraud or corruption in the last two years. Which is quite staggering.
As well as more than 10% of people saying that these kind of scenarios of fraud and corruption are normal place in areas that they're aware about. That's the scale of the problem.
Let's define what I mean by fraud. That's the important thing. Fraud is when you mislead another party for financial gain ‑‑ is when you ‑‑ that's the definition of fraud.
Bribery is when you give something of value to somebody because you want to influence them. Okay?
So we're ‑‑ been quite straight here. And corruption is when you use your position to gain credibility or ‑‑ to gain advantage, an unfair advantage.
Those are the three definitions. Just so we're all on the same page here. Those are the definitions of fraud and ‑‑ fraud, corruption, and bribery.
To mitigate against fraud and corruption, there are lots of laws and legislations around the world. So here in the Kingdom, there is the ‑‑ the royal decree, that's the latest decree related to fraud and corruption that's here to mitigate it.
If you look at other parts of the world, in the UK, from where I'm from, you have the UK Bribery Act, the acts that are here to protect people and mitigate against some of the issues that are happening. That's what happening around the world. There are a lot of other pieces of legislation to also help combat some of these issues.
And when you look at the actual types of fraud in relation to procurement ‑‑ now what I mean procurement, I'm specifically talking about when you are buying things, buying goods or services for your company. So whenever I say procurement, I'm specifically saying that. When you're buying goods or services for your company.
So procurement fraud can happen in many different ways. These are some of the examples. And the definition of those examples are, for example, personal interest. What does that mean?
That means that I'm purchasing items for my organisation for my own use. So I use the company money to buy ‑‑ instead of buying a laptop, I buy an Apple iMac that's for me. I know it's not for the company. And undisclosed interests. So maybe you have an interest in an organisation, and you then give that organisation a contract. That's undisclosed interest. You have to ‑‑ there's nothing wrong with doing that, but you just have to be clear to acknowledge that, yes, I have an interest in this company, so everybody is aware.
Receiving gifts, undeclared gifts, travel, entertainment, et cetera, where suppliers work with each other to allow each other to win contracts, that's also another issue. And variation of abuse is interesting. Variation of abuse is where companies bid for a contract at a very low price and throughout the course of the contract, they will keep issuing variations to get more money out of it. Okay?
So they won't declare the initial compliance document, keep saying ‑‑ and if you want this, okay, you order the pen. But if you want ink, that's more money; right? That sort of thing; right? That's variation abuse.
And contract specification, contract specification abuse is where an organisation ‑‑ or an individual will ensure that the specification favored a specific company.
So your company have asked you to buy a car, but the special occasion you put out says it has to be a BMW, has to have these wheels, only BMW can provide that car. That's specific case abuse, when you say we will buy a car, has to be able to go at this speed. But that specification, that's specification abuse.
So what do we do? So there are few ways to get over that. And ‑‑ to assess the risk in your own organisation. And there are various steps. And by the way, these slides will become available to everybody. So you won't digest everything now. But there are seven steps in which you can assess the risk within your organisation to prevent some of these things happening.
First is to establish the process. You need to have a workshop, you need to set up what's called an anticorruption policy, and within ‑‑ with all the people within your organisation, so that everybody understands some of the things I'm talking about today.
Once you've done that, when you're identifying the risks, these are some of the kinds of questions you will ask. What arrangements do you have in place, how could corruption occur in your organisation? That's all you need to assess.
Where does the risk lie, and which locations within the organizations are these issues likely to happen? Is it in the warehouse; is it in HR? These sorts of things are what you need to think about at that point.
And then you need to rate something called the inherent risk. This is quite detailed. I won't go into too much detail. The inherent risk is the risk relating to the impact it could have. There's a tool that's provided within the CIPS insight, you can go to www.CIPS.org. What you look at is if you look at, for example, bribery of tax authorities. If you want to assess how important it is to deal with this, what you do is you say, what's the probable impact?
If someone in your organisation bribed the tax authorities, the impact is very high. Okay? But what is the probability of it happening?
Very, very low.
Okay. So what you will do is you would say, right, it's very, very low; the chance of it happening. Right? Because that is very unlikely that somebody can bribe the tax authorities. You know, go sees a cat is very unlikely. If it did happen, in that particular thing the inherent risk is yellow. That's how you make the assessment as you go along, as an example.
And then you need to look at the controls, what do you have in place to prevent certain things happening? So what you do is you calculate what's called the residual risk.
So what that means is if there is ‑‑ if there is a medium ‑‑ when you look at the controls you have in place, the controls will be medium. If the residual risk is medium. However, if that changes, if you have strong mitigating controls, then the residual risk, the risk remaining, the risk of it happening will then be low. If you have strong controls.
But if your controls are very weak, then the residual risk or remaining risk becomes high. That's the kind of framework you use. All right? And that kind of brushes it over in quite a high ‑‑ in quite a speedy fashion. However, that's the principle behind it all. And of course you can go into detail on this week, we can share that with you.
So once you've done that, you need to develop an action plan or response plan. So any risk that has not been dealt with within your organisation, you have to say, we haven't dealt with this; what's our action plan? What are we going to do about it at that point?
And then once you've done that, you need to make sure that you have a monitoring plan to make sure that you're monitoring all these risks, identifying any ‑‑ and also what the risk ‑‑ importantly, what the risk tolerance of your organisation is. That's the important thing. Okay? How tolerant are you of risk in the organisation?
Or a risk occurrence or fraud occurrence in your organisation? And different organizations will have different tolerance levels. And that's important. It all depends on your organisation and what you do.
Okay? If you're a government institution, your tolerance level will be very, very high. Why? Because it's public money you're dealing with. Okay?
So if you're a private organisation, that may be slightly different. So the tolerance level is very, very important.
Also, your organisational culture will play a big part in ‑‑ in preventing risks happening. Okay?
So obviously it ‑‑ in this subject in terms of fraud, senior leadership and their culture are very, very key to what happens in your organisation and what the residual risk is.
Which country you're in will also define what the residual risks are as well. Because the framework of the country you're in may either help or hinder how you're dealing with ethical issues. And that can differ around the world.
Your organisation, if you provide it regular compliance training, regular auditing, and ensure that all individuals can report inappropriate behavior in an appropriate way, then that will also influence how your organisation deals with it.
Okay?
So if, for example, there's a lot of inappropriate behavior happening in organisation, but there's no way that people can report it, then that's going to influence how often these kind of things happen.
And recruitment. This is quite interesting, because every time you bring someone into your organisation, that's good, but it's also a risk. Okay? Because you don't know these people yet. Right?
So recruitment becomes an area that you actually need to ensure is very, very stringent in terms of mitigating risk. So company checks, not just on the character of the individual, but what undisclosed holdings do these people have?
If you operate had a car company and you bring somebody in who actually ‑‑ their father owns a company that provides parts for cars, you need to know that. Okay? Because that's an undisclosed holding. And that could be a problem further down the line. So these things are important to know.
Obviously reference checks and criminal record checks are important. These are basic. But let's be honest, you have to do these things, because otherwise you're leaving yourself open to risk.
Training is essential obviously; you can't assume that people are aware of some of the issues we're talking about. Ethics, fraud, corruption are very sensitive subjects. Because if you say to anybody will you commit fraud, of course they're going to say no. But you haven't trained them about anything. You have to actually define what you mean by fraud. It could be ‑‑ it could be conflict of interest. Okay?
No one ‑‑ not many people deliberately go out and defraud a company, actually. The majority of people, it's really a conflict of interest. It's undisclosed holdings, things along those lines. You have to train people as to what exactly you're speaking about to make sure you don't get in that situation. And as it says there, in some countries training is actually a legal requirement for employees.
For certain things. Certainly in the UK, it's a legal requirement to train people on these things and on some other things. Legal requirement. Which means the company will be in trouble if they haven't trained people.
So there are other areas when you are putting together your policy and procedure, you need to look at any legislation that applies in whatever country. If you have a company working across the world, you need to look at every country you work in to make sure you're complying with the legislation in that regard. It needs to be clear who the policy applies to. It may not apply to some employees.
People need to know what their duties are. The company needs to have a statement that there's zero tolerance around whistle‑blowing, if somebody reports something, how will it be dealt with?
That's the important thing as well. We spoke about reporting, spoke about gifts. There's nothing wrong with receiving gifts from suppliers. Actually, that itself is not fraud. There just needs to be rules about what you can do. And if you're in the process of purchasing something from a company, and on that day when they give ‑‑ your price ‑‑ they price, they also give you a gift, that's obviously a bit of an issue. Because whether you like it or not, as human beings, psychologically that makes a difference to how you're going to evaluate that. It just needs to be trained.
These things have to be explicit so that everybody is aware of what the implications are.
Conflict of interest we mentioned, and monitoring as well are issues. So once all those things have been taken into account, these things will definitely avoid any misunderstanding of what we're talking about when we talk about fraud, corruption. Okay?
It's not just people wanted to take money. There are areas that can get people in trouble when you do the investigation later. It's best to avoid them and avoid innocent transactions being constituted as fraud.
So as far as procurement is concerned, there is ‑‑ as an organisation, you need to make sure you have things like segregation of duties, the same person doesn't award contracts as ‑‑ the same person awards contracts, can't be the same person who pays the contractor. Things along those lines.
That may sound obvious, but in some organizations that happens. So I select the supplier, I also pay them. I also approve their payment. These kind of things shouldn't happen. That's called segregation. Again, all these things need to be looked into very ‑‑ in a very detailed manner. That is a detailed section of what we call the contract management cycle that looks at the risks that happen in every single stage of when you're buying something.
And it becomes quite complicated because fraud and corruption can happen when you're defining a business need, it can happen when you're putting a strategy together. It can happen when you're putting tendered documents together. Can happen when you're managing the supplier's performance. It happen in several ways.
So again, it's worth having that in front of you to understand where these issues can occur.
So to ‑‑ in the event that it is found out, or there's a suspicion that there is fraud within your organisation, there needs ‑‑ everyone needs to understand exactly what's going to happen. That can't be a surprise. The process for reporting suspected fraud is there, the steps that will be taken. In other words, if there's an investigation; how does that investigation happen?
We can't make it up afterwards. These steps need to be written. Who's going to carry out that investigation? Who's the person within the organisation or people who will investigate these things? Are they independent enough to do that? And also, finally, if allegations are proven, what happens?
What is the sanction for somebody who is found guilty of fraud or investigation ‑‑ fraud or corruption in an organisation? That needs to be clear. Are there any sanctions? Is it disciplinary, is it gross misconduct. Is it a warning? That needs to be clear in your organisation before you do that.
So those are the main things. All organizations need to have a response plan. It needs to be independent. People need to be trained. And there needs to be support for whistle‑blowers, people who are willing to report things anonymously. You can't encourage people to report these things and then disclose their name.
Say this guy told me you did this. That disrupts the integrity of the whole process. To summarize, some quick questions for you guys, there are some questions for everybody. Pay attention.
Going through that, you will be able to define exactly what fraud, bribery, and corruption is. Right? What are the implications, what are the steps?
And finally, what the key elements of fraud, bribery, and corruption are, and what the response plan is. Okay?
These are bits we went through. But just to check that everybody has been paying attention on this whistle stop presentation, we are going to have some questions.
Little bit of a quiz.
And to be transparent, there's no prize. There's no money. There's no chocolates. Just questions. Right?
(Chuckling)
>> SAM ACHAMPONG: Just to be clear. I can't be accused of bribing you to get the right question. Right? So let's just go through them.
So question: Which of the following points describe how you evaluate and prioritise stages of anticorruption risk assessment?
What a difficult question, I know. But what do you reckon? What does anyone thing? 1, 2, 3, or 4?
I'll give you some time.
Anyone want to just hazard a guess?
Okay. The risk factors, likely bit ‑‑ and potential impact. Good one. Anyone else before I check?
Same.
Very close.
Very close. By the way, for what I've been through in the last 20 minutes, this is quite difficult. This is the actual extract from the ethics examination. It's not been changed. So you're doing very well. And they're quite tricky, these questions.
You know, people that go through that receive the ethical ‑‑ the global ethical mark. These are real extracts. They're not easy. And each answer is quite similar. So just bear in mind.
A director working for a public health organisation has just returned from a disciplinary hearing regarding a member of staff. Which step of a response plan should a director now pursue to help prevent reoccurrence? What would they do to stop this issue happening again?
Two things.
Okay. Three, ensure. Yep. And another one?
Okay. So 2 and 3? Okay. Cool.
Anyone else?
2 and 3?
Quite so. So basically what we're saying is the two important things are once the case has happened, look at what happened, review the case, and read your risk assessment to try and see it's not going to happen again. 2 and 3 actually are correct. Right? But very, very similar.
But basically what you're talking about is what the two most important things to look at. So again, as I say, very, very close. Very, very tricky.
These are tricky questions, right?
Okay.
Okay. So which organisation launched the set of anticorruption initiatives to help countries address corruption?
I did talk about this in the presentation, by the way. So you can have a guess at this in case you know this yourself.
It's the MSF, Medecins Sans Frontieres.
Which organisation launched the anticorruption initiative to help countries address corruption? 3?
Information commission? Anyone else? MSF? Okay.
Any others? Back to the World Bank. Yeah. So I guess the clue here is globalization. So it's, you know, I guess we're talking about corruption, we're talking about the world. So the difficulty here is that this is a ‑‑ this is a UK‑based one. This is a U.S.‑based one. It's not global.
That's global, but they're more medical. They're more medical. The World Bank is the one that looks at banking issues.
Question 4. Part of the risk assessment for fraud includes the following. Which is the relevant step? What a difficult one. Go through that.
Rate the inherent risk. We spoke about this in the course. But actually, it's not very clear. But the most relevant step is to rate the inherent risk. Inherent risk is what the risk is left after you've taken all the actions that you need to take. This is the risk that remains, having done what you need to do.
Five more. What's the best method for mitigating risks within an organisation?
Okay. So ‑‑ so you need to choose one. If you say 1, okay.
Okay. 2?
Anyone else either 1 or 2? 4?
1, 2, 4. It's 3 ‑‑ no, 4, there you go.
Yeah. I think what we're saying here is that, look, if you have ‑‑ if you don't have this culture from the top, then it's not going to work. It doesn't make any difference. This culture has to come from the very top of the organisation.
Which of the following statements explains the term "conflict of interest"?
Conflict of interest.
2. Any others for 2?
2? Absolutely. The longest statement. Which organizations should have a formal whistle‑blowing policy? Whistle‑blowing policy is where you encourage people to report things anonymously. What type of organisation should have a whistle‑blowing policy?
Sorry. Why should an organisation have a whistle‑blowing policy? Sorry. Why should they?
1, 2, 3, 4? Anybody?
4? Okay.
4?
Okay.
No. 8. A procurement person is carrying out a review to look at antibribery policies. Which two statements are correct in relation to bribery?
Two statements. Which of two statements relate to bribery?
Anyone?
Two statements. 1 and ‑‑ 1 and 4? 1 and 4, anybody?
1 and 4?
There you go. 1 and 4. There you go.
No. 9, contractor submits multiple invoices for work they only did once. They've done work once, but they sent four invoices.
A ‑‑ somebody internally could help them to do this. What kind of procurement fraud is this defined as?
So a contractor sends multiple invoices for something they've done once. What type of fraud is that?
Okay. 1. Anybody else?
4?
Sorry. 5, yeah? 1, 5?
Okay.
We have a procurement person in here.
(Chuckling)
>> SAM ACHAMPONG: So, yes. In this case, yes, they sent the invoice, and it's billing fraud. Right?
You bill once. You done work once, you bill once.
Which of the two are implications of unethical practices? Things that can actually happen when you have unethical practice?
Two things.
Does it affect money, does it affect your brand?
Does it make your organisation grow too fast?
Or does it make you have more job applicants?
Which of the two things happen when you have unethical practices in your organisation?
First two. 1 and 2. 1 and 2?
1 and 2?
1 and 2?
1 and 2. There you go.
Fantastic. Oh, we have another one. Pretty sure the following defines fraud. We have 12 questions. Apology.
How would you define fraud?
So personal and corporate rules.
Deception.
Dishonest and fraudulent conduct by those in power.
Or offering incentive for somebody to act improperly.
1, 2, 3, 4.
2.
2. There you go. I think we're unanimous on 2. And 12, you're a member of evaluation team, so you have a bid coming in. You are part of a team who are deciding who's involved in that bid.
Which is correct in terms of your conflict of interest?
Okay?
So your best friend works in a bidding organisation, they're no relation. But it still needs to be reported.
Do you still need to report that your friend is the bidder?
Or you're a director in one of the organizations, or a very distant cousin who works in the bidding organisation. Do you have to report that? Or your next door neighbor?
So which statement is correct in terms of how you need to deal with conflicts of interest? Anyone? 1, 2, 3, 4?
First one? Had anyone else? No. 1? No. 1?
There you go. Cool. Okay. We do have 14. Sorry.
A procurement officer works for a small company... ah. Been supplied with a laptop. You get a laptop from your company, and you sell it and take the money.
How is that defined? Ethics, kickbacks, fraud or bribery?
1? 4? Poor ethics. Fraud. It's also poor ethics by the way. These are quite close. There you go.
So thank you very much, guys. That was not a test. Nobody ‑‑ not a real test. We did it together. I hope you found it interesting. As I said, you can get full details from our website.
That's a very quick overview of what a detailed global test that people take and they get ‑‑ thanks for listening. Hope you enjoyed it. Enjoy the rest of the day. Thank you.
Thank you, guys. Thank you very much. Thanks very much.
Thank you so much.
>> They can hear my voice in the online session now?
You can hear me? You can?
Okay. Anyone is still there in the workshop, you can participate in the survey at the barcode. If you can scan the barcode, we will appreciate that. Thank you very much.