AS 8001 Fraud and Corruption Control has provided benchmark fraud and corruption control guidance for Australian corporations since 2003. The third edition of the standard was released on 11 June 2021 as AS 8001-2021.
The objective of the standard is to:
“…provide minimum requirements and additional guidance for organizations wishing to develop, implement and maintain an effective fraud and corruption control system (FCCS) through initiatives aimed at —
- preventing fraud and corruption;
- detecting fraud and corruption; and
- responding to fraud and corruption events that have already occurred.”
FCX welcomes the release of the third edition.
As the standard notes, implementing the requirements and guidance set out in the standard cannot guarantee the risks of fraud and corruption are eliminated. However, organisations that build a ‘Fraud and Corruption Control System’ (FCCS) modelled on the standard will be far better-placed to prevent and detect fraud and corruption and to respond to fraud and corruption events as and when they do occur.
The main changes in the third edition relative to the second edition (published in 2008) are:
- Minor restructuring (Foundations – Prevention – Detection – Response)
- Introduction of the concept for minimum requirements – the new standard stipulates that organisations ‘shall’ do certain things in order to comply with the standard rather than the expression ‘should’ which was used in the 2008 edition
- Fraud and Corruption Control System (FCCS) in place of a Fraud and Corruption Control Plan ( Clause 2.10)
- Harmonizing AS 8001 with AS/ISO 37001-2019 Anti-bribery Management Systems (1.2)
- Introduction of normative references – other standards issued by Standards Australia, ISO or IEC that must be complied with in order to comply with AS 8001 (1.3)
- Updated definitions for fraud / corruption (notably to include conduct that is not necessary illegal) (1.4)
- Updated guidance in relation to preventing, detecting and responding to external attack particularly cyberborn attack (3.9)
- Inclusion of a requirement for an ‘Information Security Management System’ (ISMS) consistent with ISO / IEC 27001 Information technology – Security techniques – Information Security Management Systems – Requirements (2.13)
- Upgraded guidance on the role of ‘Governing Body’ and ‘Top Management’ in controlling the risks of fraud and corruption (2.2, 2.3)
- Introduction of the concept of ‘pressure testing’ for internal control systems (3.5.3)
- Upgraded guidance in relation to whistleblower protection and misconduct reporting channels (4.6, 4.7)
- Supplier vetting has been redefined as screening and management of business associates (3.8)
- Risk Assessment guidance has been removed from AS 8001 – now requires reference to AS/ISO 31000 (2.8)
- Introduction of requirements and guidance in relation to immediate action on discovery of a fraud or corruption event (5.2)
- Introduction of a clause requiring a consideration of the safety of investigators tasked with conducting an investigation into an alleged fraud or corruption event (5.3.4)
- Introduction of requirements and guidance in relation to the capture and analysis of digital evidence (5.3.7)
- Introduction of requirements and guidance in relation to immediate action on discovery of a fraud or corruption event including Digital Evidence First Response (5.2)
- Introduction of guidance in relation to consideration of impact of fraud and corruption on third parties and whether to inform affected third parties (5.12)
- Introduction of requirements and guidance in relation to consideration of disruption as a satisfactory outcome of an investigation into fraud and corruption (5.13)
AS 8001-2021 is available for purchase from SAI Global at: https://infostore.saiglobal.com/en-au/standards/as-8001-2021-121078_saig_as_as_2968801/
Please feel free to contact FCX if you would like to discuss any aspect of the standard or how it could be leveraged to help prevent fraud and corruption in your organisation.