W, n ,
Perhaps we can take a recess of ve minutes. We do have a fairly interesting report on fraud that we're going to deal with next, so i want to give some time for that. if we come back aer a recess of ve minutes, then i think we should be able to deal with that with sucient time available. So we'll recess for ve minutes.
e committee recessed from 1:14 p.m. to 1:21 p.m.
ralston in the chair.]
Ralston (Chair): e next item, and the nal item
today on our agenda, is another aspect of report no. 4, Aspects of Financial Management. is is the section en- titled "managing fraud risks in government." We'll hear a presentation from the auditor general and his sta and a response from mr. newton, the comptroller general.
i'll turn it over to the auditor general.
Auditor General Report: Aspects of Financial Management
J. Doyle: ank you, chair. "managing fraud risks in government" was, as you said, the nal report in the compendium that was recently published.
although auditing standards require me to consider the potential for fraud when i conduct a nancial audit of government and its organizations, the scope of my work does not guarantee that i will always detect all fraud. By its nature, fraud can be dicult to detect, so the question always is: can all fraud be prevented or de- tected? e honest answer is that in all likelihood, no, it can't, especially in an organization as large and as di- verse and complex as government.
however, that does not mean that fraud risks can be ignored. management is still responsible to ensure that it has set up an appropriate framework to manage its fraud risks. governing boards also have a role to play in ensuring that management is held accountable for the implementation and management of those frameworks.
What i expected to see was a strategic and well- coordinated approach within government. although there were checks and balances, we found some gaps compared to our good-practice framework. government has indicated that it agrees with our good-practice prin- ciples and will look forward to the guidance it prepares as we follow up on this work.
i plan to repeat this work in other parts of govern- ment. it's my view that all government organizations should have the same awareness of and appropriate re- sponses to managing their fraud risks.
With me today i have assistant auditor general Bill gilhooly, who is responsible for this piece of work, and Brent Blackhall, who is senior manager within the oce and who actually led the project. i'll now ask Brent to make a brief presentation.
b. blackhall: ank you, John. good aernoon again, chair and committee members. in this report we looked at how well central government is doing in managing the risk of fraud. government has a duciary responsibility to ensure public resources are protected from the and misuse. in order to manage this risk, it needs to ensure it has assessed the potential for fraud in its programs.
fraud can take place due to internal and external forces. While the vast majority of public sector employ- ees are likely honest and trustworthy, government, like any employer, is nonetheless exposed to internal risks, such as the of assets, falsifying expense claims and cre- ating ctitious suppliers for payment. outside parties can collude with employees on kickback and conict- of-interest schemes. ey can also act alone against the government by stealing services, falsifying eligibility claims and submitting bogus invoices for payment.
 our intention with this work was to use government's fraud risk guidance to assess whether the risks were be- ing eectively managed. Since government had not yet completed developing its own guidelines, we developed our own for the government context. We researched good practices and principles in other jurisdictions
such as the u.S., u.K., australia and new Zealand —
and used these to develop our principles.
in terms of our overall conclusion, we found that while there are certain embedded controls in place, gov- ernment could be doing a better job in managing fraud risks by taking a more strategic and comprehensive ap- proach. Some of the embedded controls in place include compliance and enforcement groups in several minis- tries, the corporate compliance and controls monitoring branch of the comptroller general's oce, the internal audit and advisory services group, and other things like the oath of oce and the standards of conduct.
We found that improvement could be made in hav- ing a more strategic or coordinated approach to manage fraud risks. a central fraud risk register would help government improve on its existing embedded con- trols and help in strategically designing appropriate risk mitigation steps. is centralized approach would help government ensure its resources are targeted at the highest risk levels.
We also found that preventative, deterrent and reporting measures could be improved. government's recently amended criminal record check policy is a measure that should help in this area as it is implemented. expanded fraud risk awareness training would also help.
another useful tool would be a governmentwide fraud hotline. e association of certied fraud examiners reports that over 50 percent of all detected frauds came from this type of risk mitigation activity. regular re- porting of detected frauds and sanctions would also help in establishing an anti-fraud culture.