Organisations are not immune to the devastating consequences of fraud and corruption. Nowadays, organisations are under threat from a host of risks including procurement fraud and cybercrime. Zaakir Mohamed, Director in the Dispute Resolution practice at Cliffe Dekker Hofmeyr (CDH), says that it is critical for organisations to fully understand the risks they face and to try proactively mitigate them.
One such risk is cybercrime, a rapidly growing risk for which many South African companies are ill-prepared. An independent global research study sponsored by cybersecurity company Sophos in late 2017, reveals that 54% of the South African organisations participating in the study were hit by ransomware in the previous 12 months.
Procurement fraud is another serious risk which affects organisations across a broad range of industries, in both the public and private sectors.
Mohamed says, “Organisations are often so focused on the risk competitors pose, that they fail to see the ‘enemy’ who is a lot closer, such as business partners, third-party service providers or employees. The growing endemic of corruption, locally and globally, means regulators are placing greater emphasis on companies getting to know the third parties with whom they transact a lot better.”
According to Mohamed, the key to understanding risks in the area of procurement is to first understand the organisation’s procurement cycle in order to identify the various risk areas. Then it is important to understand the different types of procurement fraud and methods used by fraudsters.
“Some of the red flags to look out for in the procurement cycle include the lack of segregation of duties in procurement and payment processes, lack of supporting documentation accompanying vendor payments, payment of round amounts, invoices with brief descriptions of goods/services rendered, price changes after awarding a tender, unjustifiable sole-source contracting as well as employees being excessively entertained by vendors,” he explains.
Once all the risks have been identified, adequate controls to detect and prevent a fraud incident from occurring should be implemented. Some of the preventative measures include having the appropriate checks and balances throughout the procurement cycle, ensuring supporting documents are always linked to all payments, detailed vendor vetting and having a central vendor database.
Mohamed says it is important to have good counsel on the complex regulatory landscape which aims to combat organisational corruption and fraud. Relevant legislation includes the Prevention and Combating of Corrupt Activities Act, the Companies Act as well as the Protected Disclosures Act, which was amended during 2017 and now places further obligations on both whistle blowers and employers.
For multinational companies, the US Foreign Corrupt Practices Act and UK Bribery Act (UKBA) may also be relevant. US and UK authorities are incredibly robust in enforcing compliance with these pieces of legislation and it is important for companies to determine the extent to which either of these are relevant. Failure to comply can have harsh consequences for an organisation as the penalties imposed for non-compliance are severe.
Another new piece of important legislation is the Cybercrimes and Cybersecurity Bill which must still be passed into law. Mohamed believes South African businesses need to be far more proactive in addressing the growing risk of cybercrime. This should include using technology to increase protection, or at least limit damage, as well as educating employees on the dangers of spear phishing emails and other methods used by cyber criminals.
Mohamed concludes: “Fraud and corruption can have dire consequences for an organisation. A good understanding of your organisation’s exposure to fraud and corruption, followed by proactive measures to reduce this exposure, should be at the top of any organisation’s agenda.”