Fraud Control Policy
Page 1 of 18
� Table of Contents
1 INTRODUCTION
1.1 PURPOSE
1.2 Definitions
1.3 Policy Objective and Scope
2- GOVERNANCE AND PROFESSIONAL
ETHICS STATEMENT
2-1 Code of Conduct
2.2 Roles and Responsibilities
2.2.1 Board of Directors
2.2.2 Audit Committee
2.2.3 CEO
2.2.4 Management
2.2.5 Staff
2.2.6 Legal Department
2.2.7 Internal Audit
3. FRAUD PREVENTION
3.1 Fraud Control Capacity Assessment
3.2 Fraud Risk Assessment
3.3 Fraud Prevention Control
3.3.1 Affirmation Process (Declaration)
3.3.2 Disclosure of Conflict of Interest
Page 2 of 18
� Table of Contents
3.3.3 Human Resources Procedures
3.3.4 Authority Limits
3.3.5 Fraud Awareness and Training
4. FRAUD DETECTION
4.1 Fraud Detection Procedures
5. FRAUD REPORTING PROCESS
6. INVESTIGATION PROCESS
6.1 Reporting the Results
6.2 Corrective Actions
6.3 Recovery of the Proceeds of Fraudulent
Activities
REVIEW OF FRAUD CONTROL
7.
ARRANGEMENTS
Appendix (A) Sample of Declaration Form
Page 3 of 18
� 1 INTRODUCTION 1
1.1 Purpose
This document outlines El Sewedy Electric
hereafter the Company policy concerning
Fraud and provides guidelines for the
implementation and enforcement of the
Company
Board of Directors (Board)
will approve this Policy and any future
amendments to it.
1.2 Definitions
After taking into consideration the legal
provisions of the Egyptian laws and any
other relevant law in the Country, the word
refer to all acts of: fraud, breach of trust,
misappropriation, wasting, embezzlement,
bribery, causing harm to , and
what is deemed as public property also every
illegal act that could affect the public
financial interest for the company.
Fraud can take many forms that are normally
characterized by some form of deliberate
deception to facilitate or conceal the
misappropriation of assets, whereas
corruption involves a breach of trust in the
performance of official duties. Additionally, .
misconduct has a broad concept, generally
referring to violations of law, regulations and
internal policies and procedures.
For the purpose of this Policy, fraud,
misconduct, and corruption will be
1.3 Policy Objective and Scope
The Policy is designed to ensure the
following:
protect Company funds and other assets;
maintain the highest standard of ethics,
professional conduct and fiduciary .
responsibility;
maintain integrity of the Company;
Page 4 of 18
� secure the businesses;
protect reputation of the Company, and its
employees;
maintain the highest level of services to
the community, and the individuals
Communicate the Company commitment
to best practice.
This Policy has been established to outline
the requirement for the development of
controls that will assist in the detection,
prevention and response of Fraud against the
Company. It is the intention of the Company
to promote consistent organizational
behavior by providing guidelines and
assigning responsibility for the development
of controls and conduct of Fraud
investigations.
This Policy must be applied to any Fraud, or
suspected Fraud, involving the
Board of directors, , Executive Management,
Management or staff as well as all those who
conduct business with the Company, such as
any third party agents, representatives,
including stakeholders, consultants,
contractors, suppliers, vendors,
subcontractors and agent (collectively,
Stakeholders
Investigations shall be conducted irrespective
Company.
2. GOVERNANCE AND PROFESSIONAL
ETHICS STATEMENT
The Company is committed to promote
honesty and opposition to Fraud, and does
not permit Fraud to be tolerated or
perpetuated.
The Company is committed to the highest
ethical moral standards and accountability.
All employees at all levels are expected to
share this commitment and to lead by
example, ensuring adherence to all
appropriate regulations, procedures, practices
and codes of conduct. The Board expects
individuals and organizations with whom it
comes in contact, to act with honesty and no
intent to commit Fraud against it.
Page 5 of 18
� 2.1 Code of Conduct
The company Code of Conduct establishes
clear, ethical guidelines that define its
culture and standards of ethical behavior and
reflects the Board and Executive
Management
commitment to Fraud Risk Management. All
Employees and Stakeholders are required to
adhere to the standards set out in the Code of
Conduct of the Company.
2.2 Roles and Responsibilities
The Company policies, job descriptions,
charters and delegations of authority define
roles and responsibilities related to Fraud
Risk Management.
2.2.1 Board of Directors
The Board shall ensure that Management
designs effective Fraud Risk Management
documentation to empower employees and
to encourage ethical behavior of customers
and vendors, to meet these standards every
day.
The Board shall:
Obtain a clear understanding of Fraud
risk.
Maintain oversights of Fraud Risk
Management and address when general
risk to the Company is considered.
Monitor the reports on Fraud
risk, policies and control activities.
Establish mechanisms to ensure receiving
accurate and timely information from
employees, internal and external auditors
and other Stakeholder regarding potential
Fraud occurrences.
Oversee the internal control function
established by Management for
prevention, detection and response to
Fraud.
Page 6 of 18
� Ensure that Management has adequate
resources at its disposal to enable the
Department to achieve its Fraud Risk
Management objectives.
Set appropriate tone at the top through the
CEO of the Company, job descriptions,
hiring, evaluations, and succession
planning process.
Issue a statement to be acknowledged by
the Employees and
Stakeholders stressing the importance of
the Fraud risk mitigation, acknowledging
the potential vulnerability to
Fraud and establish the responsibility for
each person within the Company to
support Fraud Risk Management.
2.2.2 Audit Committee
The Audit Committee shall:
Adopt a proactive approach to Fraud Risk
Management.
Assess, monitor, and influence the tone at
the top and reinforcing a zero-tolerance
Policy for Fraud.
Maintain an active role in the oversight of
the assessment of Fraud risk
and uses internal auditors, or other
designated personnel, to monitor Fraud
risks.
Meet frequently enough, for long enough
periods, and with sufficient preparation to .
reasonably assess and respond to the risk
of Fraud.
Appoint legal, accounting and other
professionals when deemed necessary.
Seek the advice of internal and/or external
counsels whenever dealing with issues of
Fraud allegations; provide specific
consideration, oversight of this exposure
when reviewing the work of Management
and internal auditors, and require them to
be alert for and report any such exposure
as they carry out their duties.
Receive regular reports on the status of
reported Fraud.
Evaluate the processes and
procedures for screening potential
employees, including performance of
background check.
Page 7 of 18
� Compare the reasonableness of financial
reporting results with prior or forecasted
results and considering quarterly analysis
of applicable areas.
Establish procedures for employees and
others to report concerns about fraud and
unethical behavior, and implementing a
detailed process for the Audit Committee
to monitor and follow through on these
communications.
Provide other insight into and guidance on
implementing or strengthening antifraud
measures.
Evaluate Management's approach and
documentation with respect to the
processing of manual journal entries and
the reporting cycle closing process.
Provide oversight to the Company's
internal control over financial reporting
and contemplating the potential for
Management override of or inappropriate
influence over those controls.
2.2.3 CEO
The CEO shall take overall responsibility for
the prevention, detection and response of
Fraud, and is liable to be called to account by
the Board of the Department for specific
failures. However, the above responsibility
fall directly on Management and may involve
all employees.
2.2.4 Management
The Department Management shall be
responsible for the development and
implementation of the Fraud Risk
responsibility for each employee for
detecting Fraud or related dishonest activities
in their areas of responsibility.
Page 8 of 18
� Management shall:
Establish and implement adequate internal
controls to prevent and detect fraud.
Be familiar with the types of Fraud that
might occur in their area and be alert to
them.
Create a culture through words and actions
where it is clear that Fraud is not tolerated,
that any such behavior is dealt with swiftly
and decisively, and that disclosures will not
suffer retribution.
Report to the Board of the Company on
what actions have been taken to manage
Fraud risk and regularly report on the
effectiveness of the Fraud Risk
Management Program. This includes
reporting any remedial steps that are
needed, as well as reporting actual Fraud
instances.
Ensure that the Company performs
background checks on new and existing
suppliers, customers, and business partners
to identify any issues of financial health,
ownership, reputation, and integrity that
may represent an unacceptable risk to the
business.
2.2.5 Staff
All levels of staff, including Management,
shall:
Have a basic understanding of Fraud and
be aware of the red flags.
Understand their roles within the internal
control framework and how their job
procedures are designed to manage Fraud
risk and when non-compliance may create
an opportunity for Fraud to occur or go
undetected.
Read and understand policies and
procedures (e.g. the Fraud Policy, code of
conduct, and disclosure procedures), as
well as other operational policies and
procedures, such as procurement manuals.
Participate in the process of creating a
strong control environment, designing and
implementing Fraud control activities, as
well as participate in monitoring these
activities.
Page 9 of 18
� Cooperate in investigations.
Acting with propriety in the use of the
Company resources and in the handling
and use of funds whether they
are involved with cash or payment systems,
receipts or dealing with contractors,
suppliers or customers.
Report immediately according to the Fraud
Reporting Process if they suspect or
believe that there is evidence of irregular or
improper behavior or that a fraud or
misconduct may have been committed.
Refrain from further investigation of the
incident, confrontation of the alleged
violator, or further discussion of the
incident with anyone unless requested to by
Audit Committee, Internal Audit, Legal
Affairs and/or law enforcement personnel.
Take
right to report any Fraud or suspected
Fraud case, he must be committed to the
requirements of the Code of Conduct and
the required respect to the public
occupation, as his report should be done
using proper language and not based on
hearsay or false allegation not supported
with sufficient evidence.
2.2.6 Legal Department
Legal Department shall:
Supervise and conduct investigations for
the alleged or suspected Fraud cases
Seek the advice of internal or external
Auditors whenever dealing with issues of
suspected Fraud cases and provide specific
consideration and oversight of this
exposure.
Determine the type of error and whether it
has been occurred or there may be
dishonesty or fraud.
Implementing and ongoing monitoring of
this policy.
Page 10 of 18
� Registering and comparing Fraud incidents
reports by maintaining a log of the reported
Fraud cases and any other matters related
to the Legal Department. The log should
include the report number or subject, date,
report source, investigator name, receiving
date, delivery date after completing the
investigation, investigation outcome.
Meet frequently with the
employees and providing the necessary
training to increase their awareness of the
nature of Fraud, how to detect it and the
areas of weaknesses that contribute to its
occurrence in light of the investigations
outcome.
2.2.7 Internal Audit
Internal Audit shall:
Coordinate the Fraud Risk Assessment
process.
Coordinate compliance with the annual
review of Fraud mitigation strategies in
addition to the Fraud Risk Assessment by
the Board.
Provide objective assurance to the Board
and Management that adequate Fraud
controls exist to identify Fraud risk and
ensure that the controls are functioning
effectively.
Review the comprehensiveness and
adequacy of the risk identified by
Management particularly with regard to
Management override risk.
Consider the Fraud risk
Assessment when developing their Annual
Fraud and capabilities periodically.
Spend adequate time and attention to
evaluating the design and operation of
internal controls related to Fraud Risk
Management.
Act independently and have adequate
access to the Audit Committee.
Page 11 of 18
� 3. FRAUD PREVENTION
Management must adopt a preventative
approach for identifying, analyzing and
managing the risk of Fraud that could prevent
the Company from achieving its business
objectives or strategies.
3.1 Fraud Control Capacity Assessment .
Management must use the Fraud Control
Capacity Matrix " as a tool to conduct a
technical assessment to obtain knowledge of
if its Fraud Risk Management control level.
The Matrix will be approved by the Audit
Committee. Management must make all
efforts to achieve and maintain at least the
Level 3 - after two years of Policy inception.
3.2 Fraud Risk Assessment
A Fraud Risk Assessment shall be performed
on a systematic and recurring basis, involve
appropriate personnel, consider relevant Fraud
schemes and scenarios, and map those Fraud
schemes and scenarios to mitigating controls.
3.3 Fraud Prevention Control
3.3.1 Affirmation Process (Declaration)
All the Company Employees and
Stakeholders shall acknowledge they have
read, understood, and complied with the
Fraud Control Policy to support the
This
shall be submitted electronically or via
manual signature. The Company will apply
disciplinary action for refusal to sign-off and
apply such action consistently. See
Appendix C Acknowledgement Form.
3.3.2 Disclosure of Conflict of Interest
All employees and stakeholders must disclose
potential or actual conflicts of interest if they
are responsible for covering out any
procedure or taking a decision or express an
opinion. The management has to be informed
through the employee immediate superior.
Page 12 of 18
� This should be documented according to the
requirement of the Code of Conduct. Any
constraints placed on the situation must be
monitored.
3.3.3 Human Resources Procedures
The Human Resources Department (HR)
shall:
Perform background investigations,
document verification process to verify
match skills to the job requirements, and be
aware of any issues of personal integrity
that may impact on their suitability for the
position.
Confirmation of work history and
education presented on a job application or
résumé.
Evaluation performance and compensation
programs of all Company employees must
take into consideration work related
competence, the behavior and performance
as per this Policy .
Conduct exit interviews of terminated
employees or those who have resigned. HR
must review the content and information
contained in resignation letters as they may
contain information regarding possible
Fraud existing within the Company.
Be responsible for developing and
providing the necessary training on the
purpose of the Fraud Risk Management
program, what constitutes Fraud, and what
to do when Fraud is suspected. In addition,
HR must maintain records of annual
training attendance and test results.
3.3.4 Authority Limits
The Board must establish authority approval
levels across the enterprise to serve as an
entity-level control. Individuals working
within a specific function must be assigned
only limited IT access as a process-level
control.
Page 13 of 18
� 3.3.5 Fraud Awareness and Training
Training and seminars will be provided to
Company employees on a regular basis.
4. FRAUD DETECTION
The Company Management must have
detective procedures in place.
4.1 Fraud Detection Procedures
The Company must have effective
automated systems to identify potential red
flags within their financial transactions.
The Company shall use data analysis,
continuous auditing techniques, and other
technology tools effectively to detect Fraud
activity.
Continuous auditing must be conducted
with the use of data analytics on a
continuous or real-time basis, thereby
allowing management or auditing to
identify and report Fraud effectively. The
Company employees shall ensure the
greatest possible transparency of
transactions to have effective controls of
defense against Fraud. These systematic
approaches that assist in detection and
prevention involve both internal and
external processes.
The Company should have a reporting
mechanism in place that provides for
anonymity, unless the employee reporting
the fraud case expressed his desire to
disclose his name, to any individual who
willingly comes forward to report
suspicious fraud and encourages such
reporting. The Company preserves the
confidentiality of the reporter during the
investigation process and provides
assurance to employees that they will not
be retaliated against for reporting their
suspicious of wrongdoing including
wrongdoing by their superiors.
Page 14 of 18
� 5. FRAUD REPORTING PROCESS
The Company employees shall inform their
direct superiors or the higher
management of any suspected Fraud
activities that comes to their attention. If
the instance is related to the employee
direct superior or any senior employee in
the Company, the employee may report the
case to the internal audit/legal department.
The immediate superior or the higher
management shall inform the Legal
Department about the case when it comes
to their attention to take the necessary
action and decide on the required Internal
Audit procedures, conducting
investigations or informing the concerned
supervisory and law enforcement bodies to
take the necessary action.
6. INVESTIGATION PROCESS
The Company must conduct the investigation
of the Fraud cases related to the
employees according to the discipline policy
applied to the Company.
The Investigator or the Investigation
Committee may hear the statement of the
complainant or inform and collect evidence
under the supervision of the Legal Advisor.
The Legal Advisor can do all or some of the
above mentioned for the purpose of making it
available.
The investigation plan should include the
following procedure.
Confidentiality Information gathered
must be kept confidential and distribution
limited to those who have a legitimate need
to know. This is important to avoid
damaging the reputations of persons
suspected but subsequently found innocent
of wrongful conduct and to protect the
Company from potential civil liability.
Legal Involvement Legal counsel must
be involved early in the process or, in some
cases, in leading the investigation, will help
safeguard work product and attorney-client
communications.
Page 15 of 18
� Securing evidence Evidence must be
protected so that it is not destroyed and so
that it is admissible in legal proceedings.
Objectivity The investigation team must
be removed sufficiently from the issues and
individuals under investigation to conduct
an objective assessment.
Goals The investigation must not affect
the running of business in the Company.
Notification notifying the concerned
parties, law enforcement, and regulators
with the outcome of the investigations.
The individuals with the following names or
capacities shall be among the members of the
team responsible for the internal initial
investigation or which supervises it when
conducted by the competent authorities:
Legal counsel.
Fraud investigators.
Internal auditors.
External auditors.
Accountants
HR personnel.
Security.
IT personnel.
Management representative.
6.1 Reporting the Results
The investigation team shall report its
findings to the party overseeing the
investigation, such as Management and/or
legal counsel.
6.2 Corrective Actions
After the investigation has been completed,
the Company must determine follow up
actions. The Company shall consider the
potential impact of its response and the
message that it may send to the public,
stakeholders, and others.
Page 16 of 18
� 6.3 Recovery of the proceeds of Fraudulent
Conduct
The Company shall take all reasonable steps,
including the institution of criminal or civil
proceedings to recover property of the
Company that has been misappropriated or
otherwise been obtained as a result, either
directly or indirectly of Fraud.
7. REVIEW OF FRAUD CONTROL
ARRANGEMENTS
This Policy shall be reviewed by the Board,
on recommendations from the Audit
Committee and updated on a regular basis.
Page 17 of 18
