80/20 principle of assessments
This week, I’ve been building three assessment tools (more are in the works). The first of which is about fraud. Why this topic, and why now?
The UK’s Economic Crime and Corporate Transparency Act 2023 has gone under the radar (outside the UK), but it’s starting to get the attention of Western European firms. Why? Fraud remains a pervasive risk, often an afterthought (in my view), as people focus on scary topics like sanctions, corruption, and supply chain sustainability.
In most business integrity assessments I have conducted for investors into proposed portfolio companies (around 20 in the past 12 months), fraud is as significant a risk as any other. But until this UK act brought fraud offences on par with the UK Bribery Act, it didn’t get the attention (regulatory or corporate).
The 2023 Act applies to companies, subsidiaries, partnerships and not-for-profits. It introduces a “failure to prevent fraud” offence and captures organisations (and parent companies) with:
👉 More than 250 employees
👉 More than £36 million turnover
👉 More than £18 million in total assets
“Associated person” extends beyond employees to subsidiaries and those acting on behalf of the company. Like the Bribery Act, it is extraterritorial, and companies must take “reasonable steps” to prevent fraud.
Brief case study: The image below is a visual representation of key risks for a sustainability-focused extractives firm, from a project a few years back. Fraud, and conflicts of interest (also ‘fraud’ in some people’s definition) are and were ~40% of their key risks.
Drafting this assessment tool isn’t easy. Fraud issues span false representations, failing to disclose information, abuse of position, dishonestly obtaining services, possession (making or supply) of “articles” used in frauds, false accounting, participating in fraudulent business, and conspiracy to defraud.
I’ve sometimes questioned whether creating an assessment covering such a broad field of risks is possible. But then I remember the 80/20 principle. I’m not trying to identify 100% of issues or fully test a program’s robustness. I am trying to find those 20% of issues, activities, or controls where 80% of risk resides. Once we’re clear on that, the real work begins.
I’ve yet to come across an assessment that covers every issue. So, if you’re building one, give yourself a break. An assessment is a leverage tool—sorting through the noise to identify priorities—not a solution.
If you’re interested, you can access the Fraud Prevention Tool here.