Five Fraud Risk Management Principles
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has taken steps in guiding companies in establishing formidable fraud risk management practices. In an environment where company defenses seem more porous than ever, COSO has augmented and aligned its 17 principles of internal control, issued in 2013, with an additional five fraud risk management principles. These principles should be accepted as integral components of corporate governance and a sound internal control environment.
The measures discussed in the Fraud Risk Management Guide (the "Guide") are practical, and if properly implemented, can add another layer of security in a business environment.
The Guide sets out specific processes for effective fraud risk management. In order to achieve optimal results, best practice is to implement a program that covers the following five principles:
Only by covering all of these bases can a business hope to establish a solid defensive shield against fraud. COSO stresses that internal control issues stemming from errors differ from basic flaws that open a business to fraud. It is the difference between accident and intent. By not assessing the internal control environment thoroughly to identify possibilities where intentional acts of fraud may be committed, a business can be vulnerable to:
The Guide acknowledges that fraud risk can be present in many areas of a business and recommends that multiple stakeholders have roles in mitigating risk. These soldiers in the war on fraud can include:
The Guide, which was co-sponsored by the Association of Certified Fraud Examiners (ACFE), is essentially a blueprint for helping businesses establish an overall fraud risk management program. The Guide covers recent developments in risk management, including details on the use of technology, in particular, the value of data analytics.
Data analysis enables an organization to examine massive volumes of data and activities within entire business processes to assess fraud risk and highlight indicators of where risks of fraud may exist. Companies may also be able to detect circumstances where existing fraud prevention controls failed, were breached, circumvented, or bypassed entirely. Companies may even uncover areas where they do not have, or never had, proper controls in place.
Anti-fraud Program Development
The Guide provides examples of key program components and resources that organizations can tap into in order to develop a fraud risk management program. Still, further, the Guide offers references to other sources of guidance for developing a fraud risk management program for specific industries.
The ideas, thoughts, and recommendations in the Guide are both reasonable and prudent. The steps that an organization can take based on the information in the Guide can deliver a return that may not be easily measured. Unless, of course, peace of mind, security, profitability, and the ongoing existence of a business can be quantified. The Guide is a resource that crosses industries and business sectors. The only question a company owner should ask now is: "How much risk am I willing to take?"
If you have questions about the best approach to fraud risk management for your company or would like to discuss having a fraud risk assessment performed, contact Alexander Moshinsky, Director, Internal Controls & Risk Management at 212.331.7448 | AMoshinsky@BERDONLLP.com.
Berdon LLP, New York Accountants