Risk assessment is critical to the development of your Prevention of Financial Wrongdoing policy.  An honest and accurate assessment of your organisational activities and operations will identify your strengths and weaknesses in being able to prevent financial wrongdoing.  Having a full understanding of the risks that you face in your work will also help to determine the extent of mitigation strategies and depth of processes that you require.

• Review all activities and operations of your organisation and the potential they pose for financial wrongdoing.  This could be achieved through team workshops, establishing a multi-disciplinary working group to consider risks and existing controls, or possibly by engaging an external expert to contribute to this assessment.
• In all areas identified as providing the potential for financial wrongdoing, determine how your policy and the strengthening or development of procedures and systems will address and reduce any identified risk.  Ensure that any higher risk areas are noted for additional management and monitoring.  Higher risk activities such as responding to humanitarian emergencies, operating in regions with recent terrorist incidents and working in countries with high corruption ratings, are likely to require more comprehensive procedures to be developed and linked to the Prevention of Financial Wrongdoing policy.
• During this stage, be aware of trends of new or emerging risks of financial wrongdoing.  For example, electronic funds transfer is considered a safer way to distribute money than handing over cash, however it opens up the possibility for new and different types of fraud and diversion of funds.  This is where external consultation and research are very important.
• Make sure you consider all elements of financial wrongdoing when identifying and assessing risk, even if you think that they are unlikely to happen.  When completed your financial wrongdoing policy and the organisational culture the policy should be trying to reinforce can appear as a mitigation in your risk plan.
• Consider how financial wrongdoing may play out in your implementation partners and other third parties, such as contractors and suppliers.  This should take into account the sophistication of their organisation in so far as their ability to manage the risk and their operating environments.  This will help you determine the level of due diligence you need to apply and the extent of assurances and controls expected from the third party.  These would at least include the extension of the Code’s financial wrongdoing requirements to implementing partners.

It is important to engage stakeholders from across the organisation to ensure that your Prevention of Financial Wrongdoing policy is robust and effective.  This will help to create awareness of potential financial wrongdoing across the organisation which in turn is an important strategy in the prevention and detection of financial wrongdoing.

• Identify key stakeholders for participation in the policy development process.  Ideally participation will include staff from across the organisation (for example, Finance, HR and programs).  This will of course depend on the size and nature of your organisation.  It may make sense to have a working group with key staff that develop the policy then lead its implementation across the organisation.
• Work together to define the objectives and purpose of the Prevention of Financial Wrongdoing policy for your organisation.  Consider the issues to be addressed within the policy document as well as the process for developing it.
• Depending on the governance arrangements at your organisation, it may be appropriate to have involvement from your governing body or relevant subcommittee (for example an audit or risk committee) in the development phase of your policy, instead of just at the review and approval stage.  Governance members are affected by policies in the prevention of financial wrongdoing suite (for example, conflict of interest), and can also have a keen interest in the prevention of the particular risks encompassed in financial wrongdoing.  They may also be involved in other organisations that have good practice examples of ways to address these risks that can be shared.
• Engage with your overseas staff and/or implementation partners to gain an insight into cultural understandings of the different aspects of financial wrongdoing. Consider their practices and capacity to implement the policy to the standards required.

Consulting with external stakeholders helps to gain an understanding of good practice, legislative requirements, support systems and compliance standards. 

• Consult widely to inform your Prevention of Financial Wrongdoing policy development, for example, other NGOs, your external and internal auditors, insurance brokers, bankers, other affiliates of your international networks and regulators.
• Include consideration of funders in the development of your policy to ensure compliance with their standards.  Remember to include back donors if you receive funds that you manage on behalf of or in conjunction with another agency. 
• Discuss potential risks, requirements and practical implementation with members of your international networks that you both receive funds from or provide funds to for further disposition.  Consider how appropriate risk management will be demonstrated and how incidents would be managed in these situations where there could be differing requirements across different legal entities and legal jurisdictions.

Back donors

The funders of the organisations that give you money when that money is specifically for your project. E.g. Agency A may implement a project with grant funding from Agency B.  Agency B has specifically sought its own funding for that project from DFAT.  DFAT is therefore the back donor, and will most probably have a contract with Agency B that requires subcontractors (Agency A) to comply with its requirements.

When developing your Prevention of Financial Wrongdoing policy, it is important to review existing policies, procedures and systems.

• Review your existing policies, procedures and systems to identify what is already in place that contributes to the prevention of financial wrongdoing and identify any gaps or weaknesses that can increase risk.  Many standard finance processes that form part of a good practice internal control system form a solid foundation for the prevention of financial wrongdoing.
• As far as possible, assess the effectiveness of the controls that are already in place, and any barriers to them operating well in practice.
• Ensure that your policies, procedures and systems are actually being applied.  For example, processes you have in place to verify and validate transactions undertaken by your organisation, implementing partners and any other third parties such as contractors and suppliers.

A Prevention of Financial Wrongdoing policy should be developed based on the above-mentioned risk assessment process and reflect the organisation’s size, nature, functions, program delivery structure and countries of operation.  During this process it will be important to think about roles and responsibilities for implementing the policy and your organisation’s values around the prevention, monitoring, incident management and learning of financial wrongdoing.

• Consider your stakeholder groups when designing the format of your policy.  For example, some sections may need to be translated or converted to images.  Prevention of Financial Wrongdoing policies tend to be quite formal, but consider how this formal language will translate over to other countries and cultures.
• Make sure the final policy document is signed off by management.  The nature of the risks addressed by a Prevention of Financial Wrongdoing policy also means that it is usually appropriate for this policy to be signed off by your governing body.  This also shows that the policy is expected to be embedded in the culture of your organisation.

After finalising your Prevention of Financial Wrongdoing policy, it will be important to consider how best to share it with your key stakeholders.  The approach to this will vary depending on the nature of your operations.  You might consider some of the following mechanisms:

• Staff / Contractors / Governing Body members / Volunteers: Recruitment screening explained as part of the interview process, include relevant clauses in employment or engagement agreements / Codes of Conduct, key aspects of the policy and procedures included as part of induction training for new people, incorporated into regular training thereafter (eg part of an annual training package).  Provide easy access to staff to key operational aspects of the policy (for example, whistleblowing hotline details on staff intranet, on posters in office, or key internal controls such as validation and verification of transactions in procurement procedures and in implementing partner tender and acquittal procedures).
• Consultants / Suppliers with contracts or terms and conditions: include relevant clauses in contracts with explanations, screening explained to consultants as part of engagement process.  Depending on nature of consultancy, consider providing consultants with some orientation training.
• Implementing Partners: Include financial wrongdoing checking as part of any partner due diligence and communicate expectations at this stage (including around screening), include financial wrongdoing clauses as part of any contracting / partnership agreements and provide a copy of the Prevention of Financial Wrongdoing Policy at the outset of the relationship, with appropriate tailoring to the context.  Where applicable, based on the relationship with the partner, provide training to key partner staff on the policy and expectations.
• Affiliates in International Networks that receive funding: include financial wrongdoing clauses as part of any contracting / partnership agreements and provide a copy of the Prevention of Financial Wrongdoing policy at the outset of the relationship, with explanations on the policy and expectations.
• Donors that provide restricted funds: Provide copy of the Prevention of Financial Wrongdoing policy and other relevant policies (for example, Ethical Receipt of Donations), including explanation of applicable areas, where relevant or requested.
• Supporters / General Public: Consider publishing the Prevention of Financial Wrongdoing Policy on the organisation’s website.

Having a Prevention of Financial Wrongdoing policy in place is important, but monitoring its application and reviewing it for required changes is also critical.  Formal external and internal audits will monitor some aspects of financial wrongdoing prevention, however further steps should be undertaken both as part of routine financial cycle processes and on an ad hoc basis.  Checklists can be useful for periodic monitoring of both Australian and overseas operations, provided that there is a clear action plan and follow up of any identified issues.  The Prevention of Financial Wrongdoing policy should have a set review schedule (eg every two years) to take into account any updated regulations, learnings from any incidents and changed ways of working, for example.

See Annex 1 for how to undertake a financial wrongdoing risk assessment of your organisation.