United Nations: Menace of fraud deserves serious attention, says JIU report
Published in SUNS #8284 dated 18 July 2016

Geneva, 15 July (Chakravarthi Raghavan*) -- "Fraud is a menace that deserves serious attention and immediate action by both the United Nations system organizations and the legislative and/or governing bodies," according to the Joint Inspection Unit (JIU), the UN watchdog agency.

In a comprehensive report, after a nine-month investigation of "fraud detection, prevention and response" in the 28 organisations of the United Nations system, the JIU says that there is a "state of near denial" among some of the organizations about the theft of their goods, money and services, and inertia and "a perceived sense of impunity for fraud perpetrators" in many of the organizations.

The Joint Inspection Unit (JIU) is a United Nations unit, established in 1976 by the UN General Assembly (UNGA Resolution 31/192 of December 22, 1976), as the .independent external oversight body of the UN system mandated "to conduct evaluations, inspections and investigations system-wide." The Inspectors, are elected by the UNGA, serve in their personal capacity and are appointed for a term of five years, renewable once. The Chairperson and Vice-Chairperson are elected each year by the Unit, and report to the UNGA. They are independent of the UN Secretary-General, draw up their own programme, take up investigations of UN system organisations and subjects, report to UNGA. The current report has been prepared by two of the Inspectors, George A Bartsiotas and Achamkulgare Gopinathan. Bartsios is a US national and has held senior management positions in US public sector and in its missions, and as management consultant for several UN systems organisation. Gopinathan, an Indian national , is a former Indian diplomat and has represented his country in various positions, including as ambassador.

The report has not dealt with any individual cases of fraud, but addressed a systems-wide problem, and says that the impact of fraud in the United Nations system can be significant. In addition to substantial monetary losses, fraud has damaging effects on an organization's reputation, placing at risk the ability to implement programmes effectively, establish partnerships and receive contributions. Effective fraud prevention, detection and response mechanisms, therefore, play a key role in safeguarding organizations' interests against these negative impacts. Anti-fraud measures play an equally important role in enhancing the accountability and effectiveness of the United Nations system and in promoting appropriate oversight and the responsible use of resources.

The report says that while it is difficult to establish with reasonable certainty the global amounts lost due to fraud in the United Nations system, external and internal oversight bodies have repeatedly highlighted that the level of reported fraud is unusually low, considering the scale and complexity of the United Nations system operations and the high-risk environments in which these operations take place. Compared with fraud statistics reported by professional associations, national government entities, the private sector and academia, the level of fraud reported by the United Nations system is indeed unusually low. In broad terms, the public and private sector average is in the range of 1 to 5 per cent of total revenue, whereas it is in the range of 0.03 per cent for the United Nations system.

"In other words," comments the report, "under-reporting and/or non-detection in the United nations system could be significant and endemic."

The report addresses concerns voiced by Member States and oversight bodies alike regarding the status of anti-fraud efforts in the UN system, examines fraud prevention, detection and response in the UN system at the conceptual and operational levels, and advocates the adoption of a fraud management framework that seeks to provide guidance on ways of dealing with fraud. The report builds on the significant work done by the oversight bodies of the United Nations system in recent years, and past JIU reports.

The approach and intensity of managing the risk of fraud, says this report, differ from one organization to another. Also, the nature of fraudulent activities varies widely and the levels of fraud committed by staff members and/or by external parties differ considerably among organizations. As such, there can be no "one-size-fits-all" approach to tackling fraud in the United Nations system; rather, there is the need to adapt the proposed fraud management framework to the requirements and specificities of each organization. While the report does not examine in detail cases of actual fraud, it looks at the subject of fraud holistically and provides information on the approaches taken by organizations to address fraud. Special attention was paid to most fraud-prone activities and high risk environments. This includes fraud related to procurement, contract management, staff recruitment, entitlements, project management, and the selection and management of third parties such as implement ing partners. Thus, the report identifies areas of common challenges and makes recommendations based on leading practices in the public and private sector and the experiences of the multilateral organizations reviewed.

The report however does not propose entirely new structures with serious financial implications for combating fraud. Rather, it advocates using the existing ones more effectively and applying proportionality to address fraud based on risk. Additionally, it emphasizes that putting in place robust fraud prevention measures would be far less costly compared to the costs of having to detect and subsequently respond to fraud that has already been perpetrated.

Fraud prevention, it says, does not require armies of people to do it; rather it requires a different focus and mindset on the part of all stakeholdrs and particularily senior management. However, as neither can all fraud be prevented, nor can all of it be detected, a balanced approach that includes both prevention and detection is required.

The report contains 16 formal recommendations, one of which is addressed to the legislative and governing bodies and 15 to the executive heads. In addition, it contains 31 informal or "soft" recommendations, in the form of suggestions to improve policies and practices in dealing with fraud.

Among others, it calls for clear rules and provisions for "whistle-blowers" and their adequate protection both in terms of victimisation and disciplinary actions, as well safeguards that their future career prospects are not affected, and views this as of major importance, since most frauds are brought to light by internal whistle-blowers, and is most cost-effective against fraud.

It emphasises however that much more needs to be done to combat fraud in the UN system, most of whose entities are under pressure to address fraud not only for its direct negative impact on the internal workings of the organization, but also on account of a number of external factors: startling disclosures in the media alleging fraud; recommendations by internal and external oversight bodies; and, above all, intense pressure from the major contributors who, in turn, are subjected to similar pressure from their own supreme national audit authorities, parliaments, media, civil society and the public at large.

In such an environment, a number of UN system organizations have been making concerted efforts in recent years to strengthen their anti-fraud policies and strategies. Progress has been made but challenges remain. The present review, the Inspectors say, revealed that organizations need to do much better in understanding the threat of fraud and improving ways to tackle fraudulent activities and malfeasance.

The challenges are manifested in several ways. The most important among them are: the absence of a strong "tone at the top" in dealing with fraud; no promotion of an encompassing anti-fraud culture; no systematic assessments to determine the level of fraud risk exposure; calling for "zero tolerance to fraud" without ever attempting to give it an operational content; the absence of a commonly understood definition of fraud; the absence of a clear policy and/or strategy to fight fraud; the lack of business process ownership and serious governance deficits in dealing with fraud; delays in investigations of alleged fraud compounded by shortages of trained and qualified forensic investigators; the lack of proportionate resources dedicated to anti-fraud activities; weak implementation of multilateral frameworks for common debarment of third parties and other sanctions regimes; the lack of systematic follow-up to investigations, especially with national enforcement authorities; and the abs ence of a robust disciplinary regime to deal with employees engaging in fraudulent activities.

"Some organizations continue to remain in a state of near denial with regard to fraud. Their inability and/or unwillingness to acknowledge and deal with the threat of fraud at the appropriate level is also reflected in comments they provided in the context of the present report."

These organizations have chosen to characterize some of the main findings of the report as not relevant or applicable to their operations. Yet, while these organizations appear to be content with the systems they have in place to combat fraud, the review found these systems to be deficient in many respects. There is need for the management of these organizations to have a serious look at their fraud risk profile, acknowledge their level of exposure to fraud, and devise an effective anti-fraud programme to protect the assets, integrity, and reputation of their organizations.

Most of the recommendations of the present report reflect leading practices in the anti-fraud arena and should be taken into account.

The report says, there is an essential need for clear understanding of fraud and presumptive fraud to avoid ambiguity and support effective anti-fraud activities. There is however no UN system-wide definition of the term "fraud". How fraud is defined and interpreted differs widely across organizations.

In this connection, it makes pointed reference to a committee of the UN System organizations chiefs that set out in 2005 to work out common fraud definition, but the work was discontinued, and the Inspectors got no explanations or reasons why it was discontinued. The inspectors make no reference, but that was the year when the UN's "oil-for-food" programme and frauds burst into the open, implicating many senior UN staff and several high officials in member governments. It even reached up to the UN SG Kofi Annan's office, because of the involvement of his son and his firm, Geneva-based Cotecna, resulting in the Paul Volcker led inquiry, that however cleared UNSG himself.

In some cases, says the report, there is lack of a common understanding of what fraud is even within the same organization. The lack of a clear definition gives rise to ambiguity and can jeopardize the effective implementation of anti-fraud activities. There is a risk that staff and managers are not aware of the kind of conduct that constitutes fraud. Especially, the entities and functions entrusted with anti-fraud mandates, such as investigators, auditors, finance departments, program managers, etc. cannot perform effectively without a clear definition of the term itself. The definition of fraud also has legal implications and affects the required level of proof and evidence for investigations, as well as the disciplinary proceedings against staff members and the sanction proceedings against third parties. Furthermore, a common definition across the UN system is needed to ensure compatibility and comparability of fraud data across organizations and improve transparency.

There is also no official definition of presumptive fraud in most organizations covered by this review. The lack of clarity and a common understanding of presumptive fraud impede accurate and proper reporting in the financial statements of the organizations. In order to provide a structured approach to realizing the objectives of the report, JIU developed the Fraud Management Framework comprising eight pillars that address prevention, detection and response to fraud in the UN system. Under each pillar it has addressed the state of affairs, in some under-stated language to bring out huge holes in the UN system, including lack of what it calls "tone" at the top levels of management.

Many respondents to a JIU fraud survey conducted across the system did not perceive a clear commitment on the part of the senior management to tackle fraud in their organizations. They were also not aware of any communication or effort from management to reinforce the "tone at the top" against fraud.

It is imperative that the executive heads of organizations set a clear, unambiguous and sufficiently strong "tone" and utilize every opportunity to reiterate the organization's determination in dealing with fraud. This will have a demonstration-cum-deterrent effect. It should be made clear, internally and externally to the organization, that senior management is championing the anti-fraud policy and the related anti-fraud activities.

The leadership and commitment of the executive head and the senior management is essential to combatting fraud by setting the example for ethical conduct and creating an anti-fraud culture throughout the organization. Such commitment is demonstrated by putting in place a robust anti-fraud programme that includes fraud awareness initiatives and the necessary anti-fraud training, aligned with the organization's accountability and compliance framework. Commitment of proportionate resources to reflect and deal with the level of assessed fraud risk should be present to facilitate and ensure success.

Currently the responsibility for dealing with fraud-related matters is dispersed across different parts of the organization. The report calls for the designation of a senior person or team as the "business process owner" of all fraud-related activities within the organization to coordinate all such activities and oversee the ownership and responsibility structure cascading down throughout the organization.

Effective anti-fraud efforts are dependent on a comprehensive anti-fraud policy and governance structure that allocates clear responsibility and accountability for the prevention and detection of and response to fraud and form part of the organization's accountability framework.

Only a number of United Nations system organizations have developed specific anti-fraud policies that bring together all relevant documents and procedures to guide the anti-fraud efforts. In several organizations, anti-fraud related policies and procedures are fragmented over several rules, guidelines, policies and administrative issuances, with different policy owners and different entities responsible for their implementation. This fragmentation often creates duplication of work, loopholes and inconsistences, and jeopardizes the effective implementation of the organization's anti-fraud efforts.

The review found that, even in organizations that have a corporate stand-alone anti-fraud policy, a clear definition of roles, responsibilities and accountabilities is missing and there is lack of clear guidance on how to operationalize the policy.

Anti-fraud training is a major component in building an organization's fraud awareness and anti-fraud culture. While most organizations have in place mandatory ethics training, the review found that the majority of United Nations system staff has not had any specific fraud-related training in recent years. Very few organizations offer dedicated training on anti-fraud aspects, in particular for risk-prone functional areas such as procurement, and none has provided evidence of a specific anti-fraud training strategy to systematically raise awareness and address capacity and knowledge deficits on anti-fraud issues among all staff.

The present report recommends that organizations enhance awareness and impart training on fraud, based on a comprehensive needs assessment and an anti-fraud training strategy. At a minimum, dedicated anti-fraud training should be incorporated into existing training plans/strategies, and staff in risk-prone functional areas should be required to take frequent refresher courses on the subject.

The report calls for measures for "Fraud Risk Assessments" (Pillar 2), addressing the concepts of "risk appetite" and "zero tolerance to fraud" and the imperative of investing them with solid operational content so that they can be brought from the level of rhetoric to that of reality, the report points to the need for addressing residual fraud risks with bilateral and other donors and partners to come up with a common understanding and work out risk-sharing arrangements between organizations and contributors.

Also called for, and grouped under Pillar 3, are Anti-fraud Strategies and Action Plans.

Under pillar 4, the report says, internal controls are a basic element of an effective accountability framework. Oversight bodies of the UN system have repeatedly underscored that the complex and risk-prone environment in which some organizations operate demands robust internal control frameworks with strong focus on fraud controls. The review found that only a few organizations have developed a formal and comprehensive internal control framework, and most organizations did not include formally documented processes and controls to address fraud risks. UN System organizations need to assess the effectiveness of their existing controls to counter fraud, identify any gaps, and give high priority to updating internal control frameworks as necessary to ensure that organization-wide anti-fraud controls are an integral part of these framework.

A staff member or third party should be subject to systematic scrutiny for indications of past or present fraudulent behaviour. Such due diligence is based on the understanding that it is more cost-effective to take the necessary precautions and conduct adequate screening prior to engaging a potentially fraudulent candidate as staff, or to formalizing a partnership with a third party, so as to avoid challenges afterwards, including lengthy and costly legal processes. Good practice calls for due diligence not to stop at the point of engagement, but to be extended, on a risk-basis, to continuous scrutiny and screening, at regular intervals. The report found that United Nations system organizations need to put more emphasis on anti-fraud measures such as strengthening the monitoring of high risk programmes and activities, conducting spot checks, reviews and audits, and using data-mining and data-matching techniques for preventing and detecting fraud.

Transferring the implementation of programmes and funds to implementing partners, especially in unstable and conflict environments, generates additional fraud risks. To safeguard the interests of the UN system, concomitant control and mitigation measures are necessary, which include robust legal instruments, i. e. implementing partner agreements and memoranda of understanding.

Information technology-based measures that automate internal controls are especially effective in improving fraud detection. Rules-based filters help to identify potentially fraudulent transactions and behaviour, data analysis supports the detection of anomalies and abnormal patterns, predictive models identify potential fraud risks, and social network analysis helps to detect cases by systematically analysing links between people and transactions. A number of United Nations system organizations have basic forms of automated controls integrated in their enterprise resource planning (ERP) systems. The present report calls upon organizations to ensure that fraud prevention and detection capabilities are an integral part of automation systems functionalities, inclusive of automated activity reporting and data-mining modules in their respective ERP systems.

The report underscores the need for comprehensive whistle-blower policies as key to an effective anti-fraud programme. The review found that whistle-blowers alone account for the uncovering of more fraud and corruption than all other measures of fraud detection combined. However, while most organizations have adopted at least basic provisions that govern whistle-blowing, instructions on hotlines and other fraud reporting mechanisms were fragmented and not easily accessible. In the majority of cases, they were neither readily available on external websites nor comprehensive and clear enough.

Most organizations have multiple channels through which a whistle-blower could report a suspected fraud case. However, there is a lack of clarity among these multiple reporting venues on how they relate to each other, which types of complaints are to be received by which office, and how cross-referencing allegations and/or informing on fraud actions should be undertaken. Furthermore, in most cases, the rules for preliminary assessment of allegations and pre-screenings are not clear or not formalized at all.

The present report advocates the establishment of a central intake mechanism managed by the investigation function. At a minimum, organizations with a decentralized intake mechanism should establish an obligation for management and staff to report to a designated central authority any allegations received, ongoing cases under investigation, and action taken on closed cases. Failure to report shall be considered a violation of their staff rules and regulations.

Calling for adequate protection of whistle-blowers against retaliation, the report says it is clear that most staff suspecting fraud would not come forward if they did not feel protected from retaliation. The review found that fear of retaliation ranks high among UN system staff. Retaliation can take either an active form, such as demotion and firing, or a passive form, such as the failure to renew an employment contract, exclusion from training etc. Despite the value of whistle-blowing, not all UN system organizations have in place comprehensive provisions for protection against retaliation. Even when policies do exist, protection provisions in many instances contain loopholes and exceptions in their coverage.

The report, under Pillar 6, calls for strengthening the investigation processes, and for review of existing processes and changes to remove the perceived sense of impunity for fraud perpetrators within the UN system organizations, resulting in perpetrators not being deterred from committing fraud and staff being uninclined to report fraud. The present report calls for the establishment of key performance indicators and other measures to address these issues.

The review also found that, in most organizations, information on fraud allegations is fragmented and systems in place do not allow for effective management of cases and proper documentation and reporting. The report also calls for follow-up on the investigation reports, including disciplinary measures, sanctions and referrals of cases to national law enforcement authorities for criminal and civil procedures and asset recovery. The present report calls upon organizations to establish a case management system based on the volume, frequency and complexity of cases to support their operations.

Under Pillar 7, it says, determination and will on the part of management are necessary to follow up on investigation reports and take action to punish fraud perpetrators, internally and externally. Without the effective enforcement of a sanctions regime, there cannot be an effective anti-fraud programme. A related issue involves the referral of cases to national enforcement authorities for prosecution. Such referrals have been mostly ineffective throughout the United Nations system. They raise many legal and political questions and need careful consideration; however, the review found that organizations do not have effective procedures in place to guide them in this respect. It is imperative to strengthen the protocols and procedures for referrals to national enforcement authorities and courts for criminal and civil proceedings, as well as for asset recovery.

The report underscores the importance of collecting, verifying and collating information relating to fraud in a thorough and systematic manner from the corporate levels, regional and country offices and other field presences. It also recommends that the task of fraud disclosure and reporting should not be left only to reports by the internal oversight bodies or be unceremoniously hidden in the pages of financial statements that are presented to external auditors. There is need to put in place mechanisms and procedures for enhancing cooperation and coordination among the UN system organizations to address fraud in a comprehensive manner and on a system-wide basis. The report has listed some 14 recommendations, including one to the UN legislative bodies.

The report lists 16 recommendations, one specifically addressed to the legislative organs. The full report can be found at: <

[* Chakravarthi Raghavan, Editor-emeritus contributed this comment] +