MIMOS_2022_CRA v2 (1)_Workshop_Presentation

CORRUPTION RISK MANAGEMENT PLAN CRM 03

RISK Abuse Of Power In Approving Progress Payment RISK ID 01

Analysis of Risk ❑ Controlable ❑ On going Interconnect to other risk?
❑ Uncontrolable ❑ Discrete Project delay
❑ Combination

Risk Treatment Options: Risk Catagory: Project Management

 Terminate 8 Risik Owner: Telco
 Reduce Assesment Date:
 Accept Next Assesment Date:
 Pass on 3/2/2022 5/6/2022

Impact: MODERATE Likelihood: MODERATE Residual Risk: SIGNIFICANT
MODERATE
Targeted MODERATE Targeted Likelihood: UNLIKELY Targeted Risk:
Impact: TIMELINE

9 HIGH LEVEL ACTION PLAN TOR RESPONSIBILITY/ LEAD DEPT Q4 2022

1. To consider legal actions to enforce terms in the integrity pact 1,2,3 Procurement Department Q4 2022
(recovering costs and termination of contract)

2. To enhance the trustworthy of whistleblowing channel 4 Integrity Department

3. To set up a project technical team before project is allowed to 2 Project Management TELCO Q4 2022
start

© 2022 MIMOS Berhad. All rights reserved. 51

CORUPPTION RISK SUMMARY CRM 04

EFFECTIVENES OF CONTROL RISK ADDITIONAL CONTROLS
MITIGATIO
RISK EFFECTIVENES OF
ID CONTROL N
STRATEGY
RISK IMPACT
LIKELIHOOD
RESIDUAL
RISK
IMPACT
LIKELIHOOD
TARGETED
RISK

Abuse Of Power In

1 Approving Some Weaknesses Moderate Moderate Significant Reduce Moderate Unlikely Moderate
Progress Payment

© 2022 MIMOS Berhad. All rights reserved. 52

RISK MAP

Almost Significant Significant High High Extreme
certain

Likelihood of Occurrence Likely Moderate Significant Significant High High
High High
Moderate Low Moderate 1 High
Significant

Unlikely Low Low 1 Significant
Moderate

Rare Low Low Moderate Significant Significant

Insignificant Minor Moderate Major Catastrophic

Type of Corruption Risks Magnitude of Impact

1 Abuse of power in approving progress
payment

© 2022 MIMOS Berhad. All rights reserved. 53

SUMMARY OF CORRUPTION RISK MANAGEMENT PLAN

CRM 05

RISK PROCESS ASSOCATED ADDITIONAL CONTROLS TOR RESPONSIBILITY/ TIMELINE
ID TO CORRUCTION RISK LEAD DEPT Q4 2022

1 Abuse Of Power In 1. To consider legal actions to enforce 1,2,3 Procurement Q4 2022

Approving Progress terms in the integrity pact Department

Payment (recovering costs and termination

of contract)

2. To enhance the trustworthy of 4 Integrity
whistleblowing channel Department

3. To set up a project technical team 2 Project Q4 2022
before project is allowed to start Management
TELCO

© 2022 MIMOS Berhad. All rights reserved. 54

RISK DOCUMENTATION

THE DELIVERABLES

© 2022 MIMOS Berhad. All rights reserved. 55

GROUP ACTIVITY

© 2022 MIMOS Berhad. All rights reserved. 56

GROUP ACTIVITY – NO. 2

Identify And Analyse Corruption Risks

Based on the Group Activity No.1, on the same template,
identify Potential Corruption Risks of the key processes
and analyze the risk – causes / consequences, controls,
risk ratings and action plans.

In your group, discuss and present the following:
a) CRM 02 - Corruption Risk Register
b) CRM 03 - Corruption Risk Management Plan
c) CRM 04 - Summary Of Corruption Risks
d) CRM 05 - Summary Of CRM Action Plans
e) Risk Map

© 2022 MIMOS Berhad. All rights reserved. 57

THANK YOU

[email protected]

© 2022 MIMOS Berhad. All rights reserved.

APPENDICES

© 2022 MIMOS Berhad. All rights reserved. 59

TOP DOWN APPROACH TO CRM

1 Strategic Goals CRM 01

Increase public usage by 20% Enhance efficiency Product innovation Create an efficient and dynamic
p.a. Plan, design and by implementing ICT Develop new designs (2 new working environment with
(technology)-based processes
implement the development designs per year) through integrity and good governance
strategy with local research and development

government of a high projects
technology park

2 Key Processes (Linked To Strategic Goals)

Project Management ICT Management R & D Process Human Resource Financial Management
(Construction, Management
Procurement)

3 Potential Corruption Risks (Linked To Key Processes)

Abuse of power in Specification of ICT Leakage of R&D Misuse of discretion and Management over-write
approving progress equipment was information to authorization for offices for payment of
payments intentionally catered for competitors in foreign countries incomplete work
interest party
Collusion among site Bribery to government Hiring of “own” people to False claims
managers and Collusion with suppliers officials to register the smooth the tendering and
checkers to certify non- to supply low quality patents/ trademarks awarding of contracts
compliance structure parts

Bribery to government Use of middleman Waiver of job rotation for
officials for approval of key positions
unsafe building
designs

© 2022 MIMOS Berhad. All rights reserved. 60

CORRUPTION RISK REGISTER CRM 02

Risk ID: 01 Project Management 2

3Risk Title: Abuse Of Power In Approving Progress Company Name: ABC BERHAD
Payment Department: TELCO
Risk Owner:
Risk Description: Telco

Corrupt practices in progress payments. For example, 80% to 90% of project’s costs was
paid to contractor when it only had completed less than 40% of the project. Arising from
abuse of power and taking advantage in the weaknesses in VO procedures.

CAUSES 4a CONSEQUENCES 4b

1. Lack of monitoring and enforcement of the contract terms. Contractor was not 1. Project was delayed – for example a prison project where a 3-year project was
reprimanded for delay and incomplete work. Potentially, conflict of interest involved. delayed for 7 years, abandoned, and needed re-work.

2. Taking the opportunity when the project owner undergoing a shortage of technical 2. Financial loss – Prison Project: additional re-work costs of RM55 mil or 34% more
competency to properly inspect and verify the progress of the construction. (original costs 165 mil)

3. Taking advantage of the loopholes in VO claims – there is a lack of clear guidelines 3. Poor quality of the project –not fulfilling the safety and security requirements of a
as to the maximum amount of VO or number of times allowable. prison.

4. Corrupt practices were not reported as there is a lack of trust over the whistle 4. Project objective, for example, on providing prison services was delayed or not
blowing channel. achieve in time.

5a EXISTING CONTROLS 5b ADDITIONAL CONTROLS / ACTION PLANS AND TOR

1. Treasury guidelines on procurement – tender selection and awarding (3) 1. To consider legal actions to enforce terms in the integrity pact (recovering costs and
2. Whistleblowing channel for reporting malpractices (4) termination of contract) (1,2,3)
3. Guidelines on direct negotiations issued by MOF (1)
4. Integrity pact signed by contractor, but lack monitoring and enforcement (1,3,4) 2. To enhance the trustworthy of whistleblowing channel (4)
3. To set up a project technical team before project is allowed to start (2)

6 CONTROL EFFECTIVENES Some Weaknesses

Impact 7a Likelihood 7b Residual risk
MODERATE MODERATE SIGNIFICANT

© 2022 MIMOS Berhad. All rights reserved. 61

CORRUPTION RISK MANAGEMENT PLAN CRM 03

RISK Abuse Of Power In Approving Progress Payment RISK ID 01

Analysis of Risk ❑ Controlable ❑ On going Interconnect to other risk?
❑ Uncontrolable ❑ Discrete Project delay
❑ Combination

Risk Treatment Options: 8 Risk Catagory: Project Management

 Terminate Risik Owner: Telco Next Assesment Date:
 Reduce Assesment Date: 5/6/2022
 Accept
 Pass on 3/2/2022

Impact: MODERATE Likelihood: MODERATE Residual Risk: SIGNIFICANT
MODERATE
Targeted MODERATE Targeted Likelihood: UNLIKELY Targeted Risk:
Impact: TIMELINE
HIGH LEVEL ACTION PLAN TOR RESPONSIBILITY/ LEAD DEPT
9 Q4 2022
1,2,3 Procurement Department
1. To consider legal actions to enforce terms in the integrity pact Q4 2022
(recovering costs and termination of contract)

2. To enhance the trustworthy of whistleblowing channel 4 Integrity Department

3. To set up a project technical team before project is allowed to 2 Project Management TELCO Q4 2022
start

© 2022 MIMOS Berhad. All rights reserved. 62

EXAMPLE OF ANTI CORRUPTION CONTROL

Entity-Level Anti-Corruption-Controls

• A formal anti-corruption compliance program;
• An Anti-Corruption or Compliance Committee mandated to

review or receive updates on all high-risk transactions;
• Written standards (i.e., the code of conduct and anti-

corruption and other related policies);
• Anti-corruption training and communication for employees
• Tone from the top and the middle
• Employee background checks;
• Whistleblower system;
• Gift, entertainment, and hospitality request approval and

tracking;
• Conflict of interest certification/disclosure process;

(Source: "A Guide for Anti-Corruption Risk
Assessment" by UN Global Compact Office)

© 2022 MIMOS Berhad. All rights reserved. 63

EXAMPLE OF ANTI CORRUPTION CONTROL

Entity-Level Anti-Corruption Controls

• Third-party contract provision on compliance;
• A competitive bidding/selection process including RFP dissemination to

prospective vendors and proposal review;
• Risk tier classification system for third parties;
• Third party due diligence (in line with the designated risk tier);
• Multiple levels of vendor contract approval or internal sign-off (e.g.,

requiring approval from procurement, the legal and compliance functions,
and local management);
• Accounting controls on vendor invoice review, approval, and payment;
• An employee culture of ethics and knowledge assessment;
• Exit interview
• Mandatory anti-corruption audits on regularly recurring basis; and
• Mandatory rotation of key management level personnel in high risk
locations.

© 2022 MIMOS Berhad. All rights reserved. (Source: "A Guide for Anti-Corruption Risk
Assessment" by UN Global Compact Office)

64

EXAMPLE OF ANTI CORRUPTION CONTROL

Process-Level Anti-Corruption Controls

For example in the processes involving commercial enterprise sales reps providing
potentially inappropriate gifts, hospitality, and entertainment to prospects or
customers may include the following:
• Periodic gift and entertainment training and communication targeted to sales

personnel and their managers;
• Communication to customers about the enterprise’s gift, hospitality, and

entertainment policy;
• Tone from the middle: communication to sales personnel from supervisors or

market leadership;
• Periodic (e.g., annual) anti-corruption policy acknowledgement or certification

among sales personnel and supervisors;
• Mandatory use of the enterprise’s credit cards for any third party meals or other

entertainment by sales personnel;
• Sales representative rotation;
• Customer survey/interviews; and
• Hotline availability for customer personnel.

(Source: "A Guide for Anti-Corruption Risk
Assessment" by UN Global Compact Office)

© 2022 MIMOS Berhad. All rights reserved. 65

EXAMPLE OF ANTI CORRUPTION CONTROL

Preventive Anti-Corruption Controls

• Having a formal anti-corruption program in place with defined structure, ownership,
reporting lines, and planned activities, and periodic measurement for effectiveness;
Written standards (code, anti-corruption policies);

• Anti-corruption training and communication, including a resource library;
• Tone from the top and the middle: visible senior and mid-level managements

setting the expectations;
• A risk classification system for third parties, corporate locations, and business

activities (i.e., a tiered system whereby higher risk parties would be subjected to
a more robust due diligence and oversight than lower risk parties);
• Due care and due diligence, including personnel background checks, third party
initial due diligence, policy certification/acknowledgement;
• Gift, hospitality, and entertainment advance approval;
• Segregation of duties;
• Contract provisions on compliance with the law in general and anti-bribery
specifically;
• Incentives for proper conduct, ethics awards, and (to some extent) performance
evaluations with specific ethics and compliance provisions.

© 2022 MIMOS Berhad. All rights reserved. (Source: "A Guide for Anti-Corruption Risk
Assessment" by UN Global Compact Office)

66

EXAMPLE OF ANTI CORRUPTION CONTROL

Detective Anti-Corruption Controls

• Gift, hospitality, and entertainment tracking (after the fact);
• Expense report audit;
• Periodic third party monitoring (e.g., performance assessment, re-

certification);
• Whistleblower system, investigation process and case management;
• Exit interviews;
• Corporate audit, transaction audit, third party audit;
• Employee culture of ethics and compliance assessment, particularly if it

includes questions about pressure to commit misconduct, actual policy
violations, etc.
• Customer, vendor, or third party survey or interview.

© 2022 MIMOS Berhad. All rights reserved. (Source: "A Guide for Anti-Corruption Risk
Assessment" by UN Global Compact Office)

67

EXAMPLE OF ANTI CORRUPTION CONTROL

ISO 37001 ABMS - Financial Controls

▪ Segregation of duties
▪ Limit of authority (LOA) – payment approval
▪ Verification check over payee’s appointment and work/services by

authorized person
▪ At least 2 signatories on payment approval
▪ Supporting documents for payment approval
▪ Accurate and clear payment categorizations and descriptions in the

accounts
▪ periodic management review of significant financial transactions
▪ periodic and independent financial audits

© 2022 MIMOS Berhad. All rights reserved. 68

EXAMPLE OF ANTI CORRUPTION CONTROL

ISO 37001 ABMS – Operational Controls

▪ Using approved contractors/ sub-contractors/ suppliers/ consultants (or third
parties) with prequalification process

▪ Assess bribery risk exposure of these third parties
▪ Conduct anti-corruption due diligence
▪ Enforce anti-corruption contract terms
▪ Transparent and fair selection and awarding procedures
▪ 2 persons to evaluate tenders and approve the award of contracts
▪ Segregation of duties
▪ Limit of authority
▪ Management oversight
▪ Prevent leakage of information

© 2022 MIMOS Berhad. All rights reserved. 69