Corruption Matters - November 2014 - Issue 44

Corruption prevention: the ICAC’s complete, integrated approach

Line of visibility

For some organisations, a code of conduct, strict limits on gifts, risk assessment and risk treatments, and an effective complaint system are all in place, and yet corruption still happens. What have they missed? In many cases, it’s the design of the work itself.

The ICAC’s approach to corruption prevention considers the totality of the control environment. The control environment is made up of four, closely interrelated elements: operational arrangements, basic standards, risk management and design and oversight. Over-emphasising one of them at the expense of others will limit the effectiveness of corruption prevention.

Too often the ICAC sees organisations that have very tight governance controls, including strict codes of conduct, gift rules and risk management, but very loose operational controls. Budgets, information analysis, reporting lines, process design, and so on, are not being used to exert tight control over activities within the organisation. The single largest part of the control environment – the operations – remains loose, with the result that corruption opportunities and incentives can thrive in the workplace.

The impact of an unbalanced control environment was illustrated in Operation Jarek, an ICAC investigation into allegations that store staff from a number of councils accepted gifts in return for over-ordering, under-delivery and favouring of some suppliers. Even though policies at these councils limited gifts, set out procurement guidelines, financial delegations and segregation rules, store staff were still able to favour suppliers.

In one case, some 400 kilometres of construction fencing was ordered – 20 times the order of stock required! How could that happen? What sort of inventory system could allow for such gross over-ordering and for it to go unnoticed? Not only did some councils not have a strong inventory management system in place, but once processes were mapped by ICAC staff – based on what appeared to be well-considered policies and procedures – the basic weaknesses became obvious for some. The process in place gave the store person end-to-end control over the procurement and inventory processes. In some cases, those involved in risk assessment did not realise that the store person was in control of most of the council’s non-capital expenditure procurement.

Work processes that are measured, analysed and “owned” by accountable individuals have a strong impact on both the performance of the organisation and the control of corruption. An organisation’s divisional and hierarchical structure, reporting lines and chains of command, with accountabilities assigned to specific roles, will also strongly impact on control. Motivated and competent management and staff complete the operational control picture.

With operations tightened up, the other elements can be used to strengthen the overall control environment. Basic standards of expected behaviour, set with specific tools (such as the code of conduct and gifts and benefits policy), can be designed to support the business requirements particular to the organisation. Risk management treatments (such as limiting delegations or segregation of duties) are then used to plug any remaining gaps.

The overall effectiveness of operational controls, basic behavioural standards and risk treatments depends on the design and oversight function of the organisation. Senior management, audit, investigations, business improvement teams and so forth are responsible for the design and oversight of the control environment. How well design and oversight operate, in terms of integration, capability and balance, will ultimately drive the effectiveness of the organisation’s corruption control.

The ICAC's corruption prevention framework

back to menu page