Collin Greenland | Subject FLA to fraud risk test
The ill-fated matters currently dominating the media attention surrounding the nation's Firearm Licensing Authority (FLA), provides a textbook case of an organisation in desperate need of a structured fraud risk assessment (FRA) exercise tailored to its size, complexity, industry, and goals.
In carrying its mandate as stipulated on its website, the FLA is charged to "streamline and standardise the granting, renewal and revocation of firearm licences and all the attendant processes thereof". Interestingly, in doing so, it is also mandated to "modernise and regulate the licensing of firearms in Jamaica in keeping with worldwide standards".
This requires that our national bastion of licensing and administering ballistic affairs protect itself and its stakeholders effectively and efficiently from the horrendous scenarios to which it is now being associated with. To do so requires that the authority not only understand fraud risk in general, but also the specific risks that directly, or indirectly, apply to any self-respecting centralised, administrative body and database repository of firearms.
The most effective methodology recommended by eminent professional organisations such as the Institute of Internal Auditors, the Association of Certified Fraud Examiners, and the International Federation of Accountants is an effective FRA exercise. They point out: "Only through diligent and ongoing effort can an organisation protect itself against significant acts of fraud. One of the key principles for proactively establishing an environment to effectively manage an organisation's fraud risk (as part of an organisation's governance structure) is the implementation of a fraud risk management programme, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk."
Ideally, an FRA exercise is designed for identifying potential fraud threats and weaknesses in controls that create opportunities to create fraud, focusing specifically on control measures aimed at deterring, preventing or detecting the types of ills now associated with the FLA.
If conducted effectively, the areas to be assessed are determined, potential schemes and scenarios identified, the likelihood of fraud assessed, the significance of risks also evaluated, the anti-fraud controls linked, and continuous update/maintenance provided to the organisation.
Had such an effective FRA been carried out in the FLA periodically, the schemes/suspects that are now being discussed could have been potentially identified and preventative measures put in place to mitigate their effects. After all, if an organisation does not know what risks to expect, how can it strategise to deter, prevent and detect them? Case in point, licensed gun owners being allowed to retain their licences despite extended periods of outstanding inspections that provide glaring red flags and are inexcusable weaknesses that reflect badly on the FLA's monitoring mechanisms.
In addition to more enlightened corporate governance, maybe organisations like the FLA should be subjected to legislative sanctions similar to those found in international regulations such as the US Foreign Corrupt Practices Act of 1977, the 1997 Organization for Economic Cooperation and Development Anti-Bribery Convention, the US Sarbanes-Oxley Act of 2002, the US Federal Sentencing Guidelines of 2005, and similar legislation throughout the world that has increased management's responsibility for fraud risk management.