Setting the Tone at the Top:
Is there a written Code of Conduct?
Is the Code of Conduct disseminated to all employees at time of hire?
Is there at least annual refresher training on the code of conduct for every employee?
Is there a method of determining that employees understand the contents of the code of conduct?
Do employees have a communication avenue for asking questions when ethical situations arise?
Is there a Confidential Reporting Mechanism for employees to use to report suspected or possible fraud without fear of reprisal?
Is the Confidential Reporting Mechanism contact widely advertised so that all employees are aware of it?
Is there a protocol for handling all Confidential Reporting Mechanism activity?
Is activity of the Confidential Reporting Mechanism reported to executive management and the board?
Creating a Positive Workplace Environment:
Is there an employee recognition and reward system or compensation program?
Is there a whistleblower policy, a system for employees to obtain advice internally before making decisions that have significant legal or ethical implications, and/or a process to encourage employees to communicate or report, on a confidential or anonymous basis, without fear of retribution, concerns related to wrongdoing or violations?
Hiring and Promoting Appropriate Employees:
Are background checks, both criminal and work, performed on employees, especially those in positions of trust?
Is there a mechanism for tracking employee training and understanding of the code of conduct?
Notification and Confirmation:
Are employees held accountable for proactively addressing the potential of fraud in the discharge of their assigned duties?
Are awareness of fraud and the management of fraud risks included in every managers (perhaps employees) personnel evaluation?
Are there consequences for employees who commit fraud and are those consequences consistent and fair?
Are consequences pre-determined, that is defined in a fraud policy?
Is there a formal procedure for documenting the consequences of each proven fraud?
Implementing and Monitoring Appropriate Internal Controls:
Is risk assessment performed by each division, location, or segment separately?
Are possible misconduct schemes, fraud scenarios, fraud categories, and applicable business activity or process identified?
Were consequences posed by each scheme and were management’s tolerance for risks considered? (e.g Reputation damage, Financial damage - Monetary loss; Legal damage – Criminal or civil sanctions)
Were they documented?
Were red flags of fraud considered in the evaluation? Personal characteristics or situational
pressures that can lead to fraud; Agency opportunities that can lead to fraud; Opportunities that allow or encourage management fraud
Was the likelihood that each particular fraud will occur evaluated? Remote; Reasonably possible; Probable
Were direct or indirect controls applicable to above-documented scenarios identified? Basic controls include: Segregation of duties relating to authorization, custody of assets, and recording and reporting of transactions; Supervisory reviews, verifications,
reconciliation; Automated edit checks and system controls; Physical and logical security of assets; Embedded audit checks; Fraud detection software
Commission or Board of Directors:
Is there a communication mechanism by which executive management and the board is made aware of antifraud programs, controls, and results?
Are they advised of the potential fraud risks in the agency?
Are they made aware of the elements of the agency’s antifraud programs and controls?
Are they advised of all actual frauds and the actions taken to mitigate future similar frauds?
Are they advised of activity to the Confidential Reporting Mechanism?
Is there a member of executive management designated as the responsible party or point of contact for the fraud prevention?
Is this person the liaison with the Office of the Inspector General?
Does this person provide continuous reinforcement of the antifraud programs to all employees?
Is this person responsible directly to executive management and the board for the antifraud programs of the agency?