Defined decision-making powers

Clearly define decision-making powers to increase transparency and reduce the opportunity for fraud and corruption.

This control targets internal fraud risks.

Examples

Examples of this control include:

financial delegations, e.g. requiring international travel to be approved by a senior employee
human resource delegations, e.g. approving leave and entitlements
procedures that define who can make decisions, e.g. requiring managerial approval to change a vendor’s bank account
clear responsibility for decision making in joint or multiagency programmes.

A lack of clarity for decision-making powers can lead to:

high levels of non-compliance or errors due to inconsistent practices
common use of shortcuts and workarounds
a lack of transparency over actions and decisions
poor management of fraud and corruption risks
fraudsters not obtaining approval or obtaining approval from someone who is not the appropriate decision maker
fraud or corrupt activity going unnoticed or unchallenged
unknown and unaddressed systemic fraud or corruption.

Methods to evaluate the effectiveness of this control include:

confirming that delegation documents exist, are current and comply with relevant legislation[EW3.1][JD3.2], policies and guidelines
undertaking testing or a process walkthrough to confirm that processes cannot be avoided[RR4.1] or bypassed when subjected to pressure or coercion
reviewing a sample of approval decisions to determine whether processes and workflows are followed on all occasions
identifying how the requirement to follow specified decision-making processes are communicated to employees.

Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:

Types of behaviour this control is designed to mitigate:

Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.