Continue the topic of the most important chapter 8, of ISO 37001 (item 8.3 Financial control)
There ‘s exactly one sentence in it.
The organization must exercise financial control to manage the risks of bribery.
It ‘s easy to say, but how do you understand what that control is? Financial controls are various systems and processes designed to record a financial transaction, helping to reduce the risks of bribery in full and on time.
Some examples of financial control are segregation of duties. This is a basic principle that clearly works. Segregation of duties should ensure that the same person cannot initiate and approve a financial transaction or payment.
For example, if a company employee approves work with a new vendor and also approves payments to that vendor, then the risk of bribery may be more than low. Large transactions require greater control and detailed approval of payments. The organization must decide what amounts are beyond which payments require approval by multiple individuals. The organization must also determine who is responsible for approving such payments. As a rule, these are several persons who must check and make sure that the company receives a clear and complete justification for the works, goods or obligations performed. It ‘s important to check what the bill is for. It ‘s not easy for a company that gets a lot of bills, but it has to be done.
Maybe you heard a scandal about a guy from Lithuania who cheated Facebook and Google on about $120 million. Evaldas Rimashauskas sent these companies false bills, and they paid them for a long time! A 50-year-old Lithuanian citizen organized an illegal scheme, for which he registered a company with a fixed capital of 1 euro in an apartment in the Latvian city. Its name coincided with that of a major manufacturer of computer equipment and components from Taiwan. “Super-Businessman” engaged in correspondence with Facebook and Google, demanded that for real deliveries of equipment, they pay to the accounts of the Latvian company in banks of Latvia and Cyprus. And the scheme worked! In 2013 Google paid about $23 million, in 2015 Facebook transferred about $98 million. One Latvian bank noticed suspicious transactions back in 2013. The information came to the police, the investigation began. In 2017, Lithuania issued Rimashauskas at the request of the law enforcement agencies of the United States. The Lithuanian pleaded guilty to the fraud. He faces up to 30 years in prison.
Organizations are encouraged to consider restrictions on the use of cash. Also clearly monitor urgent or permanent payments that are processed outside of the normal company account approval system.
For example, in Europe, it is common to transfer the right for a firm or operator bank or tax authority to withdraw monthly agreed amounts from the account in order to save time and ensure timely payment.
It is recommended to avoid payments to offshore jurisdictions as much as possible, except in cases where there are sharp and legitimate grounds for using these payment places.
Periodic review of operations by senior management, plus regular financial audit and regular change of auditor or audit organization, are also effective financial means of management.
These are just some examples…
A company can have much more control.
The purpose of the requirement of this paragraph of the standard is to enable the organization to think and find the most appropriate tools and controls to avoid the possibility of bribery and fraud.
Again, the basic principle remains – everything must take place within a reasonable and proportional framework.
Financial control should not turn into something so bureaucratic and so complex that it will negatively affect the company ‘s activities and stop the whole business.
Another example that deserves special attention!
It is often found when responsible persons in the organization trust the business partner so much that elementary do not read documents. Just put their signatures in them or put those signatures because they benefit from doing it.
Let ‘s take another example.
As a basis, as an example, we will take the signed agreement, already familiar to you and evaluated by the non-financial control of the business partner of LLC “International Management Service,” which won the tender on certification services of management systems in accordance with ISO standards with the Ukrainian state enterprise NAEK “Energoatom.” The contract is publicly available and is publicly available on the tender procurement platform
Source Prozzoro.
The total cost estimate consists of three Annexes (2.1.1.; 2.1.2.; 2.1.3) to the Contract.
Each of these applications consists of the following tables:
No. 1 – objects of expenditure; No. 2 – calculation of labour costs of auditors and experts; No. 3 – labor costs; No. 4 – overhead costs.
Note that Table 2 is used in Table 3 and Table 4 is used in Table 1. Table No. 1 also uses Table No. 3.
We analyze Appendix No. 2.1.1.Table No. 3. Labor costs
Cost estimate “estimated cost” of services for recertification of the integrated management system of “NAEK” Energoatom, “as a single legal entity (directorate and 15 OP) in the areas of the company ‘s activities in compliance with the requirements of international standards ISO 9001, ISO 14001, ISO 45001 and issuance of certificates.
In this case, the supplier, with carrying out such arithmetic manipulations, increased the cost by 303 168.00 UAH..
The analysis of Table 1 shows us the following:
That is, the supplier entered into the calculation from Table No. 3 false figure 637 032.96 UAH. Instead of UAH 369 864.86, which was to be taken into account, re-counted the single contribution 22% thus increasing the total cost of services, which led to a price disagreement to UAH 622,704, 65. In favor of the supplier.
We turn to the analysis of Annex No. 2.1.2. Table 3. Labor costs
Cost of “estimated cost” of services for the first annual post of certification audit of the integrated management system of “NAEK Energoatom,” as a single legal entity (directorate and 15 OP) in the company ‘s activities to comply with the requirements of international standards ISO 9001, ISO 14001, ISO 45001 in order to renew the validity of certificates.
In this case, the supplier increased the cost by UAH 241,236.00 with such arithmetic manipulations.
That is, the supplier, having entered into the calculation from Table No. 3 the false figure 535 543.92 UAH instead of 294 307.92 UAH, which was to be taken into account, re-counted the single contribution 22%, thus increasing the total cost of services, which led to a price disagreement to 495,496, 81 UAH in favor of the supplier.
We turn to the analysis of Appendix No. 2.1.3. From Table # 3. Labor costs
Cost estimate “estimated cost” of services for carrying out the second annual post of certification audit of the integrated management system “NAEK Energoatom,” as a single legal entity (directorate and 15 OP) in the directions of the company ‘s activities in compliance with the requirements of international standards ISO 9001, ISO 14001, ISO 45001 in order to renew the validity of certificates.
In this case, the supplier increased the cost by UAH 241,236.00 with such arithmetic manipulations.
That is, the supplier, having entered into the calculation from Table No. 3 false figure 535 543.92 UAH. Instead of UAH 294,307.92, which was to be taken into account, re-counted the single contribution of 22%, thus increasing the total cost of services, which led to disagreement to UAH 495,496, 81 in favor of the supplier.
Let’s sum up the results of the financial analysis of the Contract of 08.08.2019 between the state enterprise “National Nuclear Energy Generating Company “Energoatom”” and LLC International Management Service:
On November 19, 2019.
The identified financial fraud by International Management Service LLC, lack of proper control by TUV NORD BULGARIA and TUV-NORD Cert and negligent attitude to the performance of functional duties of responsible personnel in NAEK Energoatom, resulted in the loss of Ukrainian budgetary funds in the amount of UAH 1,613,698, 19!
Today it is difficult to trust brands, news, people. Everyone can make a mistake. But not everyone wants to admit and correct their mistakes. I hope this example of basic careful control (financial analysis), I have shown that compliance with the rules of the tender procedure process is not the fact that your organization is immune from loss of funds. And here it ‘s not just about losing finances. The results of the fact may be the basis for much serious possible negative consequences for all parties involved in the project.
And returning to the requirements of ISO 37001 and to control systems – I can state with confidence – if you follow and comply with all the requirements and recommendations of this document, such cases can be avoided!
VIDEO VERSION OF THIS LESSON:
SUBSCRIBE TO OUR CHANNEL!
If you liked this article (or did not like it) or you do not agree with me, write, I will be glad to comments. Ask Your questions, I will answer them.