Fraud Risk Management Policy
The objective of this policy is to protect the brand, reputation and assets of the Persistent Systems Limited (PSL Group or the Company) from loss or damage resulting from any incidents of fraud or misconduct by employees or other stakeholders of the PSL Group.
Fraud is defined as any intentional act committed to secure unlawful or unfair gain, in cash or in kind. Misconduct includes any acts of violation of law, regulations, internal policies or code of conduct of the Company.
Examples of fraud and misconduct
Fraudulent financial reporting e.g. overstatement of revenues, understatement of expenses
Misappropriation of assets e.g. embezzlement of cash, theft of assets
Unethical business practices e.g. overbilling customers, false expense claims
Corrupt actions e.g. accepting bribes or offering bribes to persons in influential positions
Intentional violation of law or regulations
Falsification of data for gaining direct pecuniary benefit or improving personal performance
Fraud Risk Management Framework
Fraud prevention measures
- Clarity about role, authority and responsibility
PSL Group has implemented a role based organization structure in which authority and responsibilities applicable to all roles that the employees perform are clearly defined.
- Segregation of duties
The duties of employees are segregated in a manner that it is not possible to perpetrate fraud unless there is collusion of two or more employees.
- Limits on delegation of financial authority
The Company has defined financial authority of managerial staff in a chart of delegation of authority which shows approving authority limits of different managers.
- Well defined business processes
The Company has well defined processes which have appropriate work flows and checks and balances to reduce the risk of fraud.
- Implementation of the ERP system
The Company has implemented Microsoft Dynamics in important areas such as finance, procurement, HR and CRM.
- Joint authorization of financial transactions by two employees
The payment procedures of the company require that any transaction involving bank payment/remittance requires joint authorization of minimum two employees in managerial level.
- Information Security Management Systems
The Company has adopted the framework provided by the BS ISO/IEC 27001:2005 and BS ISO/IEC 17099:2005 for strengthening information security and management
- Third party background check
The Company has a system of conducting third party background checks for new employees joining the organization with a view to verify their character, integrity and past history.
- Purchase Control Committee (PCC)
PCC reviews all high value purchase orders above defined limits.
- Vendor approval system
Any new vendor goes through a comprehensive process of vendor approval and registration.
- Stringent contract review system
The legal department reviews major contracts/agreements prior to execution and oversees all statutory compliances.
- Code of conduct
The Company has a well defined code of conduct for its directors and employees.
- Monthly reconciliation of Payroll
This report facilitates reconciliation of the head count and salaries on a monthly basis and reduces risk of fraud in the area of payroll.
Fraud detection measures
- Internal audit
- System of obtaining third party confirmations
- Physical verification of assets
- Quarterly management
The Company practices a system of management review of performance of its Business Units (BUs) and support departments on a quarterly basis.
- Customer satisfaction surveys
- CFO certification to the Audit Committee
- Reporting of lapses in information security
- Cash verification on surprise basis
- Job rotation
Process to deal with instances of fraud or misconduct
- Prompt reporting of incidents of suspected fraud
If any incident of fraud is suspected, it will be immediately reported to the functional head of the employee, HR Head and the Head legal.
- Investigation Committee
Depending on the nature of fraud, a Committee will be set up to investigate the incidence of fraud. Typically this Committee will comprise the HR Head, CFO and the Head legal or persons nominated by them.
- Disciplinary action
The Committee will submit the investigation report to the CEO and chairman of the Audit Committee. Based on this report, appropriate disciplinary action will be taken against the employee who committed the fraud in consultation with the Head of HR.
- Root cause analysis and corrective action
TThe investigation Committee will direct to perform root cause analysis of fraud to identify circumstances or weaknesses in the system which led to the fraud.