Close-up of tobacco-filled cigarette tubes in machine.

Fraud risk assessment for major tobacco company

Fraud risk assessment for major tobacco company

Fraud prevention | read time: 3 min

Close-up of tobacco-filled cigarette tubes in machine.

GoodCorporation has worked with one of the world’s major tobacco companies for several years, supporting the development and implementation of its ethics and compliance programme. Projects to date have included a review of the company’s anti-bribery and corruption (ABC) programme, the development of an investigations manual and training, and support in drafting a transgender inclusion statement. 

Most recently, the company asked GoodCorporation to conduct a fraud risk assessment of its UK operations in preparation for the new failure to prevent fraud offence introduced by the UK’s Economic Crime and Corporate Transparency Act 2023 (ECCTA). 

The challenge 

In addition to the new failure to prevent offence, the Economic Crime and Corporate Transparency Act also set out new definitions of fraudulent behaviour to include fraud committed by associated persons that might benefit the company, referred to as outward fraud.  

To prepare for the new offence and broader definition of fraudulent practices, the company wanted to assess whether its existing fraud risk management framework was sufficient and identify any areas where additional controls or guidance might be required. 

The company therefore asked GoodCorporation to conduct an independent fraud risk assessment across its UK operations. The aim was to evaluate the company’s readiness for the new offence, identify its highest risk areas for fraud, and develop a clear roadmap for strengthening its framework where necessary. 

While the ECCTA focuses on fraud committed for the company’s benefit, the company also wanted the review to consider the risk of fraud committed against the business (inward fraud), ensuring a comprehensive understanding of fraud risks across its operations. 

Our approach 

GoodCorporation conducted a structured fraud risk assessment combining document review, systems testing and stakeholder engagement. 

Document review and systems testing 

We reviewed all relevant policies, procedures and internal documentation relating to fraud prevention including relevant financial controls. This was complemented by systems testing to assess how key controls operated in practice across the different business areas. 

Stakeholder interviews 

To understand how fraud risks were managed operationally, GoodCorporation conducted interviews with key stakeholders responsible for managing fraud-related risks across a range of functions, with particular emphasis on those functions where outward fraud might be a higher risk. These discussions provided practical insight into existing processes, areas of potential vulnerability and a greater understanding of how effectively controls were applied in day-to-day operations. 

Fraud risk register and recommendations 

Findings from this assessment were compiled into a detailed fraud risk register. This identified the company’s highest risk areas for both outward-facing fraud (relevant to ECCTA), and inward fraud, and assessed the effectiveness of existing controls. 

Based on this analysis, GoodCorporation developed a set of prioritised recommendations to address the risks identified. These recommendations were consolidated into a practical action plan, providing the company with a clear and structured roadmap for strengthening its fraud prevention framework. 

Implementation support

Following the assessment, GoodCorporation supported the company in implementing several of the recommended actions. 

This included the development of a new anti-fraud policy designed to clarify expectations around fraud prevention and outline the controls and responsibilities required across the business. 

We also developed internal training materials to support awareness of fraud risks and the requirements of the new ECCTA offence. These materials were used to deliver targeted training to functions identified as higher risk under the legislation, helping employees understand the nature of outward fraud and the controls in place to prevent it. 

Why it mattered

The introduction of the failure to prevent fraud offence represents a significant shift in the UK’s corporate criminal liability framework. Companies must now demonstrate that they have appropriate procedures in place to prevent fraud committed for their benefit. 

By conducting a structured fraud risk assessment and implementing targeted improvements, the company has strengthened its ability to identify, prevent and respond to fraud risks across its operations. 

The work also helped ensure that the company is better prepared for the requirements of the ECCTA, with clearer policies, enhanced awareness among employees and a more robust framework for managing fraud risks going forward. 

Find out more about our fraud prevention services or contact us to speak to a member of our team. 

work with us