Our organisational culture is strong and establishes a zero-tolerance approach to fraud and corruption.

Our senior management consistently displays the appropriate attitude regarding fraud prevention and encourages free and open communication regarding ethical behaviour.

Our entity has an anti-fraud policy that communicates the expected ethical values of staff in the implementation of OPs.

Our anti-fraud policy is tailored to our specific risk profile and considers relevant fraud risk scenarios involving ESI Funds.

Staff within our entity are provided with regular training in fraud and corruption risks.

Our entity has reporting channels in place that are communicated to staff.

We have undertaken risk assessment in line with EGESIF and with explicit objectives targeted at fraud and corruption risks.

Our fraud risk assessment team includes all appropriate levels of management and internal and external sources.

We use a fraud risk assessment matrix to identify and document the specific areas of greatest risk to our entity and to help us determine how to tailor the assessment process accordingly.

Our fraud risk assessment team gathers information about potential fraud from internal sources, such as interviews with personnel, complaints received from the whistleblower hotline, and analytical procedures.

We accord high priority to those fraud risks we deem to be highly likely and highly significant in relation to our OP.

Our management assesses the likelihood of a fraud risk materialising by determining instances in which the particular fraud has occurred in our entity in the past, the prevalence of the particular fraud risk in the ESI Funds context, and other factors.

During the risk identification process, our fraud risk assessment individual/team specifically considers the potential for management override of controls, including the controls designed to prevent or detect fraud.

Our fraud risk assessment team consults with relevant actors from other entities to inform risk assessments, i.e. CPO, PPO.

We use any of the following data analytics techniques to gather fraud risk evidence:

• data stratification

• risk scoring

• trend analysis

• data visualisation

• statistical and predictive modelling

• information from external sources in analytics.

We have adapted control activities as necessary, based on the results of the fraud and corruption risk assessment.

We have documented the fraud risk profile of the programme following the risk assessment process.

If the fraud risk assessment revealed that existing control activities are not sufficient to reduce fraud risk to an acceptable level, management has effectively addressed this issue by selecting, developing and implementing additional controls to supplement or replace the existing ones.

We select our fraud control activities in response to entity-specific factors and relevant business processes.

Our control activities adequately mitigate the risk of fraud in accordance with our entity’s specific risk tolerance.

Our entity assesses and continuously monitors detective controls to verify that our fraud and corruption detection techniques are present and functioning, and to ensure that fraud that is occurring or has occurred is detected in a timely manner.

We formally document our fraud risk management policies and procedures, such as the control activities in place to prevent and detect fraud.

Our fraud documentation includes the processes used to monitor the performance of fraud control activities, and indicates when these controls do not sufficiently reduce risk to an acceptable level.

Our entity stresses the importance of having a documented process in place through which allegations of fraud are to be consistently captured, assessed, and responded to in a timely manner.

Our fraud investigation and response system includes protocols for:

• updating a central repository for allegations and complaints

• maintaining the anonymity or confidentiality of the individuals involved, except as necessary to investigate

• initially evaluating the allegations to determine if an investigation is warranted and the appropriate degrees of urgency

• notifying employees regarding document preservation and securing data systems

• if necessary, engaging independent counsel and forensic accounting support

• conducting the investigation while controlling and safeguarding evidence

• reporting the results in the appropriate format (oral summary of key points or comprehensive written report with exhibits)

• following policies regarding retention of reports, documents, work papers and other information

• Assessing root causes and initiating mitigating processes and controls.

We advise the Audit Authority at the appropriate time of any alleged fraud that could affect our financial statements.

We report suspicions of fraud to law enforcement agencies in a timely manner.

We communicate regularly with law enforcement agencies once fraud cases have been referred to them.

We document our plan, approach, and scope for monitoring our entity’s fraud risk management practices.

The Risk Management Working Group for our OP has developed tools to facilitate M&E of fraud risk management, e.g. scorecards.

We have established measurement criteria to monitor and improve fraud prevention and detection.

We provide the established measurement criteria to monitor and improve fraud prevention and detection to our entity’s leadership on an ongoing basis.

Our ongoing monitoring activities include data analytics techniques.

We closely monitor emerging fraud and corruption schemes involving ESI Funds and determine whether our entity is protected against such cases.

We remediate, in a timely manner, any deficiencies identified in our fraud risk management framework as a result of M&E activities.