Misconduct Resistance Framework - Corruption and Crime ...

More documents

Recommendations

Info

THE RIGHT RISkS Misconduct risk identification and assessment are part of the wider corporate risk management planning process and include all of your agency’s functions and operational areas. FOCuS QuESTIONS w w w w w w w w w w Does your agency understand what misconduct is and what it might look like in your agency? Is your agency aware of all misconduct risks, including those which are unique to the core business of your agency, and those that are prevalent across the public sector? Have specific misconduct risks been linked to specific types of behaviours? Has your agency implemented a comprehensive risk identification process that involves consultation with all stakeholders, and identifies potential misconduct risks from internal and external sources in all areas? Does your agency use the information obtained from misconduct and complaint reports and from reviews of systems and procedures to update its risk identification and assessment processes? Does your agency use a customised risk identification approach and language to identify misconduct risks within your particular agency? Does your agency understand the impact of specific misconduct risks on business outcomes, and can this impact be measured? Have your agency misconduct risks been evaluated against corporate risk criteria and prioritised for treatment as part of the corporate risk management plan? Does your agency use tailored criteria which reflect its business environment to ensure that the priority assessment is accurate in terms of the impact of misconduct risks on business outcomes (e.g. the dollar value may not be the best criterion for determining the damage caused by loss of public trust)? Is there a designated person, group or committee responsible for coordinating the assessment of misconduct risks and integrating it with corporate risk management planning processes? SignS of SuccESS Your agency has drawn on all stakeholder viewpoints to develop a comprehensive understanding of its misconduct risks, both those inherent to core business and those common across the sector. Your agency periodically reappraises its current misconduct risks and emerging threats in all work areas and across all operational and administrative functions. All identified risks are analysed, evaluated against your agency risk criteria and their impact on business outcomes quantified using relevant measures. You have included a prioritised list of misconduct risks requiring further treatment in the corporate risk management plan. Responsibility for the implementation and monitoring of misconduct risk assessment and planning processes has been allocated to a person or group who are also represented on the corporate risk management committee (or equivalent body). Your agency’s methodology for misconduct risk management meets recognised best practice standards and uses a customised process and language to address misconduct. 10
THE RIGHT TREATmENT Your misconduct treatment programme is commensurate with the level and nature of risk you face, comprehensive and adequately resourced, and is subject to ongoing monitoring and review. FOCuS QuESTIONS w w w w w w w w w w w w w w w w w Has your agency evaluated and developed treatment plans for those misconduct risks that have been identified as high priority? Do your misconduct treatment plans cover all aspects of business activities, service delivery and ‘corporate health’, not just financial operations? Does your agency misconduct treatment programme have a dual focus? That is, does it both eliminate and restrict factors which increase the likelihood of misconduct; and encourage and increase factors which inhibit misconduct? Do your misconduct treatment strategies cover the areas of prevention, detection and response? Does each misconduct treatment strategy clearly allocate responsibilities, resources and timeframes for implementing and monitoring mechanisms? Does your agency have an ongoing process for detecting misconduct, and if so, how does it do this (e.g. external audits, analysis of business data for indicators of misconduct or reporting systems)? Is there a regular audit programme that independently reviews the adequacy of your misconduct treatment strategies and assesses compliance with the misconduct treatment programme throughout your agency? Does your agency have a management information system that captures and tracks all reportable incidents of misconduct from the initial complaint, throughout the notification and investigation process, and through to collation for analysis purposes, and for performance and external reporting? Is there an internal misconduct reporting system available to your staff and stakeholders that extends beyond normal communication channels and provides anonymity? Do your staff and other stakeholders use the internal reporting system; and is the system evaluated to determine its effectiveness and the protection it affords complainants? Does your agency have a policy and procedure for responding to misconduct, supported by a complaint and notification handling system? Does your agency have an effective internal investigation process with a clear accountability structure for response to and escalation of misconduct investigations? Are there established protocols and procedures for reporting matters to external authorities; and are they followed and measured? Does your agency review the results of misconduct investigations to identify systems issues and underlying causes, and does it amend misconduct controls accordingly (e.g. emerging threats, policy and procedural gaps and areas for improvement)? Has the treatment programme been reviewed following updated risk reassessments and changes in your agency’s operational systems to determine whether the strategies are still relevant and address your agency’s day-to-day issues at this point in time? Does your agency use available performance data such as complaints information, customer surveys, compliance audits, etc. to monitor and evaluate the effectiveness of the misconduct treatment programme? Does your agency ‘cost’ or quantify the impact of reported misconduct (e.g. resources allocated to the investigation and management of misconduct incidents, loss of resources, impact on service delivery and productivity, damage to agency reputation and staff morale, etc.)? Is this information used for the cost-benefit analysis of your agency’s misconduct treatment programme? 11
Page 1 and 2: An Integrated Governance Approach t
Page 3 and 4: “[Misconduct management is] essen
Page 5 and 6: OUTCOME: THE RIGHT AGENCY CULTURE A
Page 7 and 8: HOW DOES MISCONDUCT RESISTANCE FIT
Page 9 and 10: An IntegrAted governAnce ApproAch t
Page 11 and 12: What is the integRation guide? The
Page 13 and 14: THE RIGHT AGENCY CULTURE AGENCY CUL
Page 15 and 16: the right values Your agency’s co
Page 17 and 18: The RIGhT woRkplACe behAvIouR Your
Page 19 and 20: THE RIGHT AGENCY OPERATIONAL STRATE
Page 21: THE RIGHT POLICIES Your policy plat
Page 25 and 26: THE RIGHT uNdERSTANdING Your staff
Page 27 and 28: THE RIGHT AGENCY MANAGEMENT ENVIRON
Page 29 and 30: THE RIGHT pRIORITY Misconduct resis
Page 31 and 32: the right mindset Misconduct consci
Page 33 and 34: THE RIGHT COMMuNICATION Your agency
Page 35 and 36: REFERENCES and RESOURCES In the fol
Page 37 and 38: KPMG 2004, Forensic Fraud Survey 20
Page 39 and 40: NOTES 27
Page 41 and 42: ACKNOWLEDGMENTS The Misconduct Resi
Page 43 and 44: WhaT iS MiSConduCT ReSiSTanCe? Misc
Page 45 and 46: The healTh CheCk RepoRT This report
Page 47 and 48: Who Should Take ReSponSibiliTy foR
Page 49 and 50: An IntegrAted governAnce ApproAch t

Misconduct Resistance Framework - Corruption and Crime ...

Create successful ePaper yourself

Delete template?

Save as template?