This week, Deloitte published One Step Ahead, its 2017 bribery and corruption report. It provides insights from Deloitte’s survey of Australian and New Zealand risk leaders, asking about their perception and experiences of domestic and foreign bribery and corruption.
International NGOs operate in some of the most high-risk jurisdictions in the world, often in the bottom half of the Transparency International (TI) Corruption Perceptions Index. So what are the implications of the report’s insights for such organisations? This article suggests four key questions for your internationally-operating NGO.
Do you recognise the reputational risk – and how to manage it?
There is a disconnect between the perception of reputational risk and the action taken to manage it.
Deloitte’s report notes rising public scrutiny and political concern in Australia, with a number of recent initiatives including a review of Australia’s legislative and policy framework on corruption, the consideration of Deferred Prosecution Agreements, proposed changes to whistleblower protection and beneficial ownership legislation, and a proposed new corporate offence of failing to prevent foreign bribery. These measures arise as Australia slips down TI’s index, and survey respondents overwhelmingly saw reputational impact as the most serious consequence of incidents.
And yet despite this dizzying acceleration, Deloitte’s survey actually implies a slowdown in the progress of organisations. Detection rates and the perception of the risk were broadly consistent with 2015, and almost half of respondents did not even intend to upgrade their anti-corruption frameworks in the next five years.
International NGOs will recognise the reputational dimension, often perceived to impact upon fundraising. But they may also recognise the slowdown. There’s a paradox here and it begs the question – are you best managing the risk? Considering reputational risk after an incident has occurred is too late – it needs to be a driver for investing in meaningful prevention and detection systems.
What does ‘risk assessment’ mean to you?
One of the report’s most surprising findings was the under-use of risk assessment. This might not surprise NGOs, however; my counter-fraud colleagues and I have found the quality and extent of risk assessment in the sector to be patchy at best.
The problem is often in how it is seen. Is it a dry, bureaucratic, tick-box activity carried out for donor proposals and then forgotten about – or a powerful and creative tool for building resilience, evidencing stewardship, and quality-assuring your NGO’s anti-corruption approach?
The narrative we create around risk assessment, and the space we make for it, is critical. For example, I have delivered fraud and corruption training all over the world and people love risk assessment exercises – being invited to think about how they might defraud their organisation, and what could stop them! We can harness that intelligence. For example, consider proper risk workshops, horizon-scanning, ‘red-cell’ thinking, and reflect on how risk management is framed to your staff.
How effectively are you managing conflicts of interest?
The biggest proportion of incidents reported were conflicts of interest, with personal favours not far behind. This may resonate with NGO managers; anecdotally, conflicts of interest in procurement and recruitment can be a real issue.
There is often scope for improvement in how conflicts of interest are identified and managed. Because the process is often reliant on self-declaration by those who are not necessarily incentivised to declare, compliance is not automatic. Good conflicts of interest frameworks need to be simple, well-communicated, focused on heightening transparency, and subject to ongoing reinforcement.
What do you say, and what do you incentivise?
Respondents most frequently declared organisational culture and tone-at-the-top as the greatest preventative factors. I have written about the link between culture and corruption for NGOs before (here and here), but in my experience most NGO managers believe they do set the right tone and have the right culture. The problem here is that by culture and tone, we don’t just mean what you say and how you say it, we also mean what you incentivise and are perceived to permit. In my book, I describe how tone at the top is about not just words, but actions. For example:
- Did you take the right action over that manager who might have given a contract to his sister’s company?
- Did you ask the right questions about that mysteriously rapid movement of humanitarian equipment into that high-risk jurisdiction when other agencies were held up at customs?
- Do you include anti-corruption objectives into personnel appraisals and job descriptions?
- Are the objectives and timelines for projects and programmes set at such an ambitious level that you inadvertently incentivise corruption?
Your staff, volunteers, institutional donors, private supporters are watching. Crucially, so are your beneficiaries.
To read more about how to deter, prevent, detect and respond to fraud and corruption in humanitarian and global development work, make sure you pick up a copy of my book, Fighting Fraud and Corruption in the Humanitarian and Global Development Sector (Routledge, 2016). It’s out now and packed with relevant material!
Fraud and corruption has, historically, not been well understood in this sector. Your Board may have a low or rudimentary understanding of the risk and how to respond to it. This means starting at a basic level, making no assumptions, taking the time to address myths and misconceptions and playing a longer game. ‘Educate as you go,’ Willie Oelofse from Deloitte Kenya told NGOs at 
Civil society is under attack the world over, and the issue of their fraud and corruption exposure can be something that sends Board members running for their shields and helmets – especially if it is perceived to come from an 
People make decisions differently and on the basis of different values. For example, I am a big fan of the 
Fraud and corruption, especially at a strategic level, can be abstract concepts. Help the Board to connect by painting a picture of the risk with case studies. If you don’t have any in your own organisation, then perhaps partners, donors or other organisations have some they will let you use? If not, then find cases in the public space affecting comparable organisations. If you’re really struggling, consider using fictional examples – but remember to state that they’re fictional!
NGO Boards are often allergic to anything with a whiff of extra expense, especially if it is 
NGO Boards manage a lot of risks, only some of which materialize. Using evidence helps them to appreciate how fraud and corruption sits, whether that evidence is perception-based, representative sampled, or from other diverse sources. Cast the evidence net wide – consider staff surveys (especially anonymous surveys), risk assessments, project and programme evaluations, audit reports, security reports, academic research and open source. This may mean that you need to start by 
Just as is the case with private and public sector organisations, the counter-fraud agenda needs to directly support the organisation’s mission. This needs to be clearly elucidated so that Boards can see that counter-fraud is a mainstream activity, rather than a distraction.
In March’s 
A ten-minute agenda item at a Board meeting is not enough to ensure that a Board truly embraces counter-fraud and corruption. Obtain regular meetings with each member to explore their own position and build their buy-in – especially before key decisions are to be made. Similarly, the counter-fraud agenda needs to align not just to the organisation’s mission but to the agendas of those individual Board members. How does countering fraud help, not hinder, the aims of the person in front of you?
This presents a very challenging issue for NGOs that work in high-risk areas, and one with significant tensions at its heart. These include the tension between minimising the risk of diversion versus disrupting the delivery of aid, competing obligations on the ground, and the wider balancing act between regulation and enforcement versus guidance and capacity building.
Audit is a helpful process that 
In 
In 2015, the UK government issued guidance describing the risk of a prosecution for a terrorism offence as a result of involvement in humanitarian efforts or conflict resolution as ‘
Implied assurance of non-prosecution is always caveated, is not always made by those with the correct authority, and might not relate to that which is perceived. The British guidance note, for example, does not indicate whether it is referring to placing resources in the hands of terrorists (potentially s15-18 Terrorism Act offences), failing to have sufficient systems to prevent sanctions breaches (potentially a s34 Terrorist Asset Freezing Act offence of neglect), failing to report a suspected funding offence (s19 Terrorism Act), or some of those, or none – and so on. In any event, any decisions would be made on the basis of the prevailing circumstances of the case and it is worth noting that Save the Children International were investigated by the Metropolitan Police for 
But there is a tension. Case studies such the UN’s experience in Somalia support a perception amongst many in the sector that, generally speaking, working with local partners represents an elevated fraud and corruption risk. A range of reasons are commonly cited for this, but the most common perhaps is where partners carry lower capacity and capability in finance and wider management by comparison to that of the international agencies, or donor expectations.
The first is the very reason international agencies often work with them in the first place – they understand their local environment. They know where the risks are, and are in a strong position to evaluate how to reduce them. This can mean more informed planning (how long does it take to get that permit without paying a bribe?) and risk management, if the space is given to it.
Whether in remote programme management or not, local partners are often physically closer to project delivery or able to more efficiently move around and interact. This is a substantial advantage for monitoring, and the detection of red flags.
Development expert Jennifer Lentfer tells 
The global coverage of telecommunications is expanding as fast as its costs are declining, meaning that much humanitarian and development work is happens underneath its umbrella. This means that innovative software and hardware solutions to manage and monitor programming are increasingly available and affordable.
There are corrupt local organisations out there, of course, who have the sole or corollary aim of gaining access for their principals to international agencies’ funds. But the vast majority of local organisations whom I have encountered have been full of passionate people doing amazing work in difficult circumstances. Robust selection processes are needed to ensure that these are the partners who are taken on.
Another way to think of this concealed drainage is like corrosion under your car – unless you go looking for it, you won’t ever realise its presence, scale and danger… until your car falls apart in the middle of the motorway. You may fear the consequences (e.g. costs involved) of detecting the corrosion and needing to deal with it, but these costs in the long run are less than those that the motorway incident might involve.
As public scrutiny of the sector rises, together with increased recognition of the scale of fraud and corruption risk facing such organisations, we need to move to a virtuous circle, fuelled by a desire to secure donor, public and staff trust by evidencing accountability and transparency. A virtuous circle might look like this:
Firstly, fraud and corruption are designed to hide and masquerade, like chameleons, stonefish or those 
Don’t just seek two employment references – after all, what self-respecting fraudster volunteers damaging referees? Consider:
Having a culture of trust does not mean having no, or inadequate, controls. Neither, of course, does it mean an onerous filing cabinet’s worth of policies, procedures and systems (in fact evidence suggests that too many, or too demanding, controls reduces compliance). It means having just enough to manage the risks – an ongoing cycle of design, implementation and review of proportionate internal controls. It also, of course, means having an effective organisational counter-fraud and corruption framework.
Instead, to feel safe, secure and successful, we all need to know where the boundaries are, and we all need feedback on our performance. After all, if we are mission-oriented, then ‘oversight’ is about colleagues working together to maximise our effectiveness and efficiency in delivering that mission, right?
One of the things we can do to reduce the perception that having and following rules represents a failure to trust, is to re-frame activities like due diligence and monitoring. We need to be clear with managers and staff about our expectations, and explain that following policies, procedures and systems is about:
management framework – would not have significantly reduced the chances of it happening. An example might be World Vision’s 
Ironically, of course, a driver behind the flawed narrative is a desire to see good stewardship in NGOs. But in the same way that it would not represent good stewardship for a fire department to send firefighters into burning houses without protective clothing, it does not represent good stewardship for charities to move resources around without sufficient protective systems clothing those resources. Although there is, of course, a balance to strike – enormous overhead, administrative and support costs are a red flag – under-investment in prevention, and the infrastructure that makes prevention happen, is a key enabler of fraud and corruption for NGOs.
Second Marshmallow 