AS 8001:2021, Fraud and corruption control, has been updated to provide minimum requirements for organisations wishing to develop, implement and maintain an effective fraud and corruption control system (FCCS).
It includes a requirement for information security management systems consistent with ISO/IEC 27001, Information technology – Security techniques – Information Security Management Systems – Requirements.
The updates also include guidance on the roles of governing bodies and top management, and whistleblower protection.
Fraud and corruption are significant issues for Australian businesses, government and not-for-profit organisations, often resulting in negative financial impacts that can adversely affect reputation. These effects can also have a knock-on consequence of disturbing the Australian economy.
Managing the fraud and corruption risk to business is a governance issue. As such, the recently published updates to AS 8001:2021 seek to provide conforming guidance for organisation governing bodies. It addresses both internal and external fraud and corruption in relation to organisations and businesses, not individuals.
AS 8001:2021, Fraud and corruption control, supersedes the previous version, AS 8001:2008 and includes notable inclusions of requirements to enable users to claim conformance to the standard. Initiatives outlined in this standard are aimed at preventing and detecting fraud and corruption, as well as guidance on how to respond to those events that have already occurred. Organisations wishing to develop and implement a fraud and corruption control system are provided guidance by this standard around early detection of such events, and effective responses to them for optimal outcomes.
“AS 8001 has had a significant impact on fraud and corruption control in Australian organisations since 2003. It is widely regarded as a benchmark for preventing and detecting fraud and corruption and for responding to fraud and corruption events if and when they occur. It not only considers fraud and corruption risks where the organisation itself is the target but also where the organisation, or someone believing they are acting in the organisation’s best interest, is the perpetrator,” remarked drafting leader, Australian Institute of Professional Investigators’ Director, Dean Newlan.
“This third edition of the standard recognises and responds to an alarming increase in cyber-attack and technology-enabled fraud and provides upgraded guidance on the accountabilities of boards and senior management in controlling organisational fraud and corruption risk,” concluded Mr Newlan.
The committee responsible for this revision, QR-017, Organisational Governance, mirrors ISO/TC 309. This committee worked on the development of ISO 37000 series which provide international standardisation in the field of governance in relation to direction, control and accountability of organisations. The following ISO standards were particularly relevant to the development of the updates to AS 8001:2021:
ISO 37001, Anti-bribery management systems
ISO 37002, Whistleblowing management systems
ISO 37301, Compliance management systems
ISO 37007, Corporate governance – guidelines for efficiency measurement
“Australian organisations and businesses will benefit from this standard. The updates and revisions are comprehensive and the committee has done a thorough job of allocating guidance that is inclusive of the technology updates we’ve experienced over the past ten years,” affirmed Roland Terry-Lloyd, Head of Standards Development at Standards Australia.
This recently published standard, AS 8001:2021, Fraud and corruption control, is intended to apply to all organisations operating in Australia, both for profit and not-for profit.