2. Hey, there!
LET'S WORK WITH INTEGRITY.
"Having strong integrity helps build a strong leader"
Mohd Zahari Mohd Alias is an experienced and certified
professional with certifications such as Certified Integrity
Officer (CeIO), Certified Fraud Examiners (CFE),
Chartered Member Institute of Internal Auditor (CMIIA),
Chartered Accountant (CA (M)), ABMS Lead Auditor and
Lead Implementer. He has extensive experience in fraud
prevention, internal audit, and risk management, and
provides guidance to organizations on how to manage
risks and ensure compliance while improving internal
control.
3. Corruption Risk Assessment
Process of identifying, evaluating and prioritizing corruption risks that an organization may face.
Establish
Context
Identify Risk
Risk
Analysis
Risk
Monitoring &
Reporting
Risk
Evaluation
4. Corruption Risk Assessment
Establishing Context: By establishing context at the beginning of the risk management process, organizations can
ensure that the risk management process is aligned with the organization's objectives and is designed to address
the specific risks that are relevant to the organization's operations and environment.
What is your
functional areas
and objectives?
Who is
your Internal and
External
Stakeholders
What is their
needs and
expectation?
Voluntary
Commitment
Mandatory
Requirement
Non-Mandatory
Expectation
Establishing effective
complaint channel Receiving
and conducting verification
of whistleblowing report
Warga LPPSA and
Public
Transparent and
fair verification
process
Mandatory Requirement
Conduct verification process
in accordance with the WB
Policy and SOP
Risk Identification
Example:
Establishing the context: Integrity & Compliance Department
5. Corruption Risk Asessment
Identifying the bribery/corruption risk and scheme
Risk
1. Receiving and soliciting
for bribery
2. Giving/offering bribery
3. Abuse of Power
4. Falsifying document
Scheme with the
implicated party
for personal gain
Schemes
The Integrity officer received or
requested a bribe from the
implicated party in exchange for not
conducting the verification process.
Or
The implicated party gave or offered
a bribe to the integrity officer with
the aim of preventing an
investigation into the incident
Risk analysis
Inherent Risk.
The objective is to
priortise the risk that
have more than low
risk (Risk that is
above the
acceptable level)
Determine the commodity that
can be exchange for personal
gain/bribery/gratification
Example: authority,
confidential Information
Inherent risk is the risk that exists in a
process, activity, or system in its
natural state, without any controls or
mitigation measures in place. In other
words, it is the risk that would be
present if there were no efforts to
manage or reduce it.
6. Corruption Risk Asessment
Analyse the Risk
Risks/Schemes
The Integrity officer received or requested a bribe from the implicated party in exchange for not conducting a fair and transparent verification process.
or
The implicated party gave or offered a bribe to the integrity officer with the aim of preventing an investigation into the incident
Root-causes
1. Lack of accountability: There may be a lack of accountability and
oversight for integrity officers, which can make it easier for them to
engage in corrupt behavior.
2. Lack of transparent process: Only Integrity Officer is allowed to receive
the WB report,
3. Lack of transparent process: Only the Integrity Officer is responsible to
conduct the verification process
4. Lack of training: Integrity Officer is not competent to handle the WB
report
5. Weak Governance Structures: Top management to exert undue
influence over the integrity officer or other employees.
6. Power dynamic: The power dynamics between the top management
and the integrity officer may make it difficult for the officer to resist the
pressure to engage in corrupt behavior.
Existing Controls
1 List the root-causes
2 List the existing controls
3
Match the existing controls with
the root-causes
7. Corruption Risk Asessment
Analyse the Risk
Adequate
Guidelines on Control Effectiveness level
Point to Ponder:
Are the controls are designed effectively, are being implemented and operated correctly if they are achieving their intended purpose and is the control is
cost effective?
Satisfactory (Above Reasonable):
The current controls are fully effective in addressing the root causes of risks, and incidents are unlikely to occur as a result of these6 risks.
Some Weaknesses (Partially Reasonable):
The current controls are partially effective in addressing the root causes of risks, but there are one or more remaining areas where improvements are
needed to fully address the risks.
Poor (Below Reasonable):
• The current control is inadequate in addressing the root causes of risks, and incidents have occurred as a result of this inadequacy.
• There is a high likelihood that future incidents may occur unless significant improvements are made to the control.
4 Determine the control
effectiveness
The current controls have not tackled certain underlying reasons for the
issue
2. Lack of transparent process: Only Integrity Officer is allowed to receive
the WB report.
3. Lack of transparent process: Only the Integrity Officer is responsible to
conduct the verification process
8. Corruption Risk Asessment
Evaluate the Risk
1 Determine the Residual Risk
Accept : Acknowledge and proceed despite potential negative
consequence
Reduce: Minimize likelihood or impact of risk through controls or
countermeasures
Avoid: Eliminate or withdraw from activity or project posing the
risk altogether
Risk Treatment : Reduce
2 Determine the Risk Treatment:
Accept Reduce Avoid
1. Appoint more WB handling officers to receive the complaint (2)
2. Enhance the Handling of Misconduct SOP: Appoint more than one (1)
investigation officer or establish a Fraud Investigation Team (FIT) (3)
3 Design the risk action plan or identify opportunity
for improvement
Root-causes
2. Lack of transparent process: Only Integrity Officer is allowed to receive
the WB report.
3. Lack of transparent process: Only the Integrity Officer is responsible to
conduct the verification process
RISK MAP
Low
1
Medium
Low
2
Medium
High
3
High
4
Unlikely
2 2 4 6 8
Accetable Level
(Risk Appetite)
16
3 6 9
1 2
12
4
3
12
Certain
4
Possible
3
Rare
1
4 8
Likelihood
Impact
Inherent Risk
Residual Risk
9. Corruption Risk Asessment
Evaluate the Risk: Risk Action Plan
1 Determine the Residual Risk
Important Note to the Risk Owner!
RISK ACTION PLAN ARE REQUIRED FOR RISK/SCHEMES THAT
HAS BEEN RATED MORE THAN LOW.
MORE THAN LOW : RESIDUAL RISK RATING OTHER THAN THE
ACCEPTABLE LEVEL (RISK APPETITE)
2 Determine the Risk Action Plan
RISK MAP
Low
1
Medium
Low
2
Medium
High
3
High
4
Unlikely
2 2 4 6 8
Accetable Level
(Risk Appetite)
16
3 6 9
1 2
12
4
3
12
Certain
4
Possible
3
Rare
1
4 8
Likelihood
Impact