our ndings suggest that government could im- prove its management of fraud risk by adopting the
ve good-practice principles we developed. is
formed the basis for our only recommendation in the report.
is slide shows the principles, the rst one being
assessing the risk. e second one is assigning respon- sibility. e third one is implementing appropriate deterrent and preventative measures. e fourth one is implementing appropriate detective, investigative and sanctioning measures and then, nally, regularly re- porting on performance.
as John mentioned, this is the rst phase of work we're going to do in this area. in the next phase we're going to examine how the rest of the government re- porting entity is doing in managing fraud risk relative to these ve principles or alternative suitable ones that are implemented by government.
as also noted earlier, our work on this project re- sulted in a sole recommendation to government to adopt and implement the ve good-practice princi- ples. government responded to our recommendation by noting that they agree with the intention of the ve principles, and we understand that they are currently developing some guidance.
at concludes the presentation.
Ralston (Chair): ank you. en over to Stuart as
S. Newton: ank you, chair and members, for the opportunity to respond on behalf of government. first, what i'd like to do is just provide a bit more informa- tion on the existing controls. as the auditor general has mentioned, we do have embedded controls in our con- trol framework, and i just want to go over those with you at this point.
all employees are required to take an oath of of-
ce, which includes a requirement for them to follow
the standards of conduct. in the standards of conduct there are requirements in relation to reporting loss and requirements in relation to conict of interest. also, in the financial administration act is a requirement for an obligation to report to my oce transactions that gov- ernment employees feel aren't meeting the requirements of the act.
our existing transaction controls are built with fraud and error in mind. ey have more than one person undertaking the work. ey also have supervisory review and periodic review. as mentioned, there is a corporate compliance and controls monitoring group within the oce of the comptroller general that takes a risk-based approach to expenditures and reviews the background in detail and support to ensure that the control frame- work is operating appropriately.
W, n ,
ey also are doing work on more real-time and more
complete review of payment card transactions to get a complete review using data that has embedded checks to look for specic fraud types.
Various ministries have compliance and enforcement groups. ose have been around for quite some time, es- pecially in areas where high risk is noted and a ministry has a concern. mSP audit is an example. ere's also audit of assistance payments. Various other ministries have their own groups that have been working on be- ing able to deal with the high-fraud-risk areas that they experience.
my former oce, internal audit and advisory services, three years ago put together an investigative group with two certied fraud examiners, as well as sta, to be able to put more focus on fraud, both the fraud risk aware- ness as well as being able to follow up on areas where we have noted concerns.
as mentioned, there's the new security-screening policy, which gets to one of the areas that are in the principles — along with good reference checks, security checks for people in key designated positions.
We also have a series of management assertions in relation to year-end, where ministries are providing as- sertions back to our oce in relation to a number of things, in which fraud is included.
We are looking through the detail in the report's recommendations, but in principle, we agree with the principles that are put forward. a number of them we have been working with.
currently what we're doing within my oce is taking the lead on developing a fraud risk management strat- egy for government. it's pulling together the elements that already exist and improving on some of them that are weaker.
i'm just going to briey run through some of the things that we're working on in relation to that strategy.
currently we have a loss policy in the core policy manual that does not explicitly deal with fraud. We are looking at updating that policy. in doing that, we're also looking at what other jurisdictions have in place for our fraud policy.
Key to any sort of cultural change or awareness in relation to fraud is training, so it's ensuring that em- ployees within government have adequate training to understand or, i guess, notice something that's inappro- priate, to know to dig a little bit further to see if there is a potential fraud. We're also looking at, potentially, more detailed training so that ministry sta can dig a little bit further when they do nd a problem and assess whether there's fraud.
Prior to the start of the auditor general's report one of the things that we had been toying with at in- ternal audit and that we're currently having on our audit plan this year is a fraud risk assessment across government.