Fraud risk assessment

Report: 7
Date: 10 October 2011
By: Director of Audit, Risk and Assurance

Summary

The Directorate of Audit, Risk and Assurance (DARA) has conducted an analysis of fraud risks in the MPA and MPS. This report presents the risk analysis and sets out the future use of the assessment.

A. Recommendation

Members are asked to note the fraud risk analysis and endorse its use within the MPA and MPS.

B. Supporting information

Anti-Fraud and Good Conduct Policy

1. The MPA has set out its opposition to the loss of public funds allocated for policing London to fraud and corruption in an Anti-Fraud and Good Conduct Policy. This policy forms part of the standing orders of the Authority. The policy statement is that:

The Metropolitan Police Authority is committed to a culture that is one of honesty, integrity and propriety in the holding of public office and the use of public funds. The Authority will not tolerate fraud and corruption in the administration of its responsibilities from inside or outside the Authority.

Anti-Fraud Strategy

2. Members received and approved a joint MPA and MPS anti-fraud strategy at their meeting on 2 December 2010. The approach of the strategy was endorsed and one element of the supporting implementation plan was the conduct of a fraud risk analysis. This report presents that analysis and proposals for its future use.

Fraud Risk Analysis

3. The analysis is a systematic review of fraud risks within the MPA and MPS, which has involved examining business systems in a consistent way. The analysis is shown in the Appendix to this report which includes an explanation of the methodology adopted in conducting the review.

4. The fraud risk analysis involved examining over two hundred business systems in the MPA and MPS for risks of potential fraud and weighting the risk according to a number of criteria, as defined in the DARA audit needs assessment. These criteria for each system included the level of expenditure per year, level of income per year, other funds affected by the system, sensitivity of system or data, expected quality of control within the system, impact on operational objectives, likelihood and time since the area had been last audited. Two additional criteria were added for the analysis - the number of staff who have access to the system and the level of reputational damage that would be sustained if a fraud occurred. The results were then plotted on to a pie chart for ease of presentation.

5. For the current year only, the potential risk to one business system has been escalated in the analysis - false or inflated claims against the MPA/MPS (which encompasses riot damage claims). Experience of public bodies is that insurance type claims contain a high level of error and fraud. In the absence of a history of claims on the scale of the 2011 disturbances on which to base an assessment and the anticipated value of claims, a judgement has been made to score this area which includes riot damage claims in the analysis as a high risk.

6. Fraud is a dynamic crime and evolves as fraudsters react to counter fraud activity. In order to tackle it effectively the anti-fraud strategy and the fraud risk analysis will need to be updated on an annual basis and we intend to report the outcome of this work to any future Audit Committee established under the MOPC arrangements.

Use of the Fraud Risk Analysis going forward

7. The overall joint aim with the MPS is to minimise the risk of fraud, losses to fraud and strengthen the overall control environment. The anti-fraud strategy and fraud risk analysis also form part of the approach set out in the agreed strategy for the Directorate of Audit, Risk and Assurance.

8. The fraud risk analysis will be used to:-

• Develop, in conjunction with the MPS, the fraud advisory activity that takes place in DARA to support those business areas containing the highest levels of fraud risk.
• Inform anti-fraud and fraud prevention contributions to MPS organisational learning.
• Develop, in conjunction with the MPS, fraud prevention and fraud awareness activity.
• Inform the annual DARA work programme, highlighting areas for risk based reviews.
• Select areas of the business in which to deploy dedicated and specialist audit resources (e.g. procurement).
• Identify systems for pro-active research by the DARA analytical resource.
• Prioritise areas for counter fraud investigations by the DARA specialist resource.
• Select MPS projects, boards etc for representation to enable DARA to offer advice on the control environment.

9. The fraud risk analysis is also intended to form part of the overall risk management arrangements of the MPA and MPS. The assessment will be used to ensure business areas highlight their fraud risks and have put in place appropriate mitigating action.

10. The National Fraud Authority (public sector team) has indicated they are adopting the approach to fraud risk analysis as set out in our assessment and we are advising on the process.

C. Other organisational and community implications

Equality and Diversity Impact

1. The anti-fraud strategy and the fraud risk analysis do not target individuals and do not contain any profiles for targeting any of the equality strands.

2. Any individual identified as a result of counter fraud activity will be investigated in accordance with the established procedures of the MPA or MPS to ensure that they are dealt with fairly and proportionately.

Consideration of Met Forward

3. Responding appropriately to fraud will be in-line with Met Support and Met People to maintain the integrity of the MPS and make available for policing London the maximum amount of the police fund.

Financial Implications

4. The Audit Commission report Protecting the Public Purse, highlights authorities are facing severe financial pressures and that as a result of the recession fraud is likely to increase as:-

• Economic distress can increase the incentive to commit fraud.
• Controls to prevent and detect fraud can come under pressure as authorities seek to reduce their costs.

5. Funds lost to fraud and corruption are not available for the policing of London and the arrangements set out in this report seek to minimise such losses.

6. There are no specific financial implications from this report as the cost of the work is contained within existing budgets.

Legal Implications

7. No specific legal implications arise from this report. The arrangements put in place support the governance arrangements of the Authority.

Environmental Implications

8. No specific environmental implications arise from this report.

Risk Implications

9. The fraud risk analysis forms part of the overall risk management arrangements of the Authority. No specific risks arise from this report.

D. Background papers

• Anti-Fraud and Good Conduct Policy
• Audit Commission Report – Protecting the Public Purse (October 2010)
• MPA/MPS Anti Fraud Strategy and Implementation Plan

E. Contact details

Report author: Ken Gort, MPA Head of Counter Fraud,

For information contact: Gillian Hayman, Fraud Prevention Manager

MPA general: 020 7202 0202
Media enquiries: 020 7202 0217/18

Appendix MPA/MPS fraud risk analysis

Background

The analysis highlights the potential fraud risks that the Metropolitan Police Authority (MPA) and the Metropolitan Police Service (MPS) may be exposed to. The Audit Commission’s report on Protecting the public purse indicates that instances of fraud in the public sector are showing an increasing trend and that the possible impacts of fraud ‘…include financial loss, reputational loss, breakdown of trust, political fall-out, impact on morale and risk of litigation.’ The MPA and MPS are committed to identifying fraud risk, assessing the likelihood and impact, and working towards minimising the risk to the organisation of the occurrence of fraud. Taking a strategic approach to understanding and managing the risk of fraud helps improve the control environment and drive out potential waste and abuse.

Methodology

The initial stage of the analysis was to identify the fraud risks within the MPA and MPS. This was achieved by evaluating business areas for fraud risks, reviewing findings of audit reports, consulting MPA and MPS staff, using information on historic cases of fraud known to the DARA Counter Fraud Unit and knowledge of generic fraud risks in public sector organisations. The results were later verified against the output from the joint Audit Commission/MPA/MPS fraud awareness events.

The next stage was to establish the likelihood and potential effect of the identified fraud risks should they occur. Over 200 systems audited by DARA were matched against the potential fraud risks identified at the initial stage. The risks were then weighted using the scoring methodology within the DARA Audit Needs Assessment (ANA).

The risk criteria for scoring each system in the ANA includes the level of expenditure per year, level of income, other funds affected, sensitivity of system or data, expected quality of control, impact of the system on operational objectives and the time elapsed since last audited. To reflect that this was a fraud risk analysis, two additional criteria were added to the scoring system - staff accessibility and reputation. An overall fraud risk score for each system was subsequently determined.

The fraud risks were then ranked to give a range and determine if they fell into a high, medium (split into upper and lower) or low risk level. The results have then been plotted on to a pie chart for ease of visual presentation.

Diagram 1 illustrates the potential fraud risks in the MPA/MPS colour coded by their by risk score (red being the higher risks).

Diagram 2 illustrates the proportionality of fraud risk within the areas MPA/MPS business.

Table A places individual fraud risks in the MPA and MPS into business area categories and colour codes each individual risk according to its score.

Send an e-mail linking to this page

Feedback