Ensure the security of your HCL environment by applying the Zero Trust princi...
Fraud Risk Management - High Level Perspective for the Board of Directors
1. Fraud Risk Management
High level perspective for the Board of
Directors
Zeeshan Shahid, Deloitte Yousuf Adil Chartered Accountants, October 5, 2018
Deloitte Yousuf Adil
Chartered Accountants
3. Fraud Risk ManagementDeloitte Yousuf Adil, Chartered Accountants
Zeeshan Shahid, ACA | Partner, Forensic & Consulting (Strategy & Operations)
33
Fraud Risk Management
Visible and rigorous fraud governance
process
Periodic Fraud Risk Assessment
Effective fraud control processes and
procedures
Swift allegation response and appropriate
action against wrong-doers
Attributes of a deterrence
creating FRM process
Fraud Risk Management is a process that results in board and upper
management and all other staff deterring fraud in their organization.
Fraud deterrence is a process of eliminating factors that may cause
fraud to occur.
4. Fraud Risk ManagementDeloitte Yousuf Adil, Chartered Accountants
Zeeshan Shahid, ACA | Partner, Forensic & Consulting (Strategy & Operations)
44
Fraud Risk Management (cont’d)
All organization are
subject to fraud risks.
Elimination of all fraud
in all organizations
impossible.
Some sort of principle
needed to create
procedures and make
environment risk free.
BoD, top management
and personal at all
levels have
responsibility for
managing fraud risk.
Fraud risk
management
framework helps
organizations develop
a program to deter
fraud
6. Fraud Risk ManagementDeloitte Yousuf Adil, Chartered Accountants
Zeeshan Shahid, ACA | Partner, Forensic & Consulting (Strategy & Operations)
66
Fraud Risk Management Principles
•The organization establishes and communicates a Fraud Risk
Management Program that demonstrates the expectations of the board
of directors and senior management and their commitment to high
integrity and ethical values regarding managing fraud risk.
Control environment
•The organization performs comprehensive fraud risk assessments to
identify specific fraud schemes and risks, assess their likelihood and
significance evaluate existing fraud control activities, and implement
actions to mitigate residual fraud risks
Fraud Risk Assessment
•The organization selects, develops, and deploys preventive and
detective fraud control activities to mitigate the risk of fraud events
occurring or not being detected in a timely manner.
Control activities
1
2
3
7. Fraud Risk ManagementDeloitte Yousuf Adil, Chartered Accountants
Zeeshan Shahid, ACA | Partner, Forensic & Consulting (Strategy & Operations)
77
Fraud Risk Management Principles (cont’d)
•The organization establishes a communication process to obtain
information about potential fraud an deploys a coordinated approach to
investigation and corrective actions to address fraud appropriately and
in a timely manner.
Information communication
•The organization selects, develops and performs ongoing evaluations to
ascertain whether each of the five principles of fraud risk management
is present and functioning and communicates Fraud Risk Management
Program deficiencies in a timely manner to parties responsible for
taking corrective action, including senior management and the board of
directors.
Monitoring activities
4
5
9. Fraud Risk ManagementDeloitte Yousuf Adil, Chartered Accountants
Zeeshan Shahid, ACA | Partner, Forensic & Consulting (Strategy & Operations)
99
Ongoing Comprehension Fraud Risk management process
Establish a fraud risk
management policy as
part of organization
governance
Perform a
comprehensive fraud
risk assessment
Select, develop and
deploy prevention and
detective fraud control
activities
Establish a fraud
reporting process and
coordinated approach to
investigation and
corrective path
Monitor the fraud risk
management process,
report results and
improve the process
10. 10Fraud Risk ManagementDeloitte Yousuf Adil, Chartered Accountants
Zeeshan Shahid, ACA | Partner, Forensic & Consulting (Strategy & Operations)
BOD and Senior
Managements Points of
focus
11. Fraud Risk ManagementDeloitte Yousuf Adil, Chartered Accountants
Zeeshan Shahid, ACA | Partner, Forensic & Consulting (Strategy & Operations)
1111
1. Control Environment
Make an organizational commitment to FRM
Support fraud risk governance
Establish a comprehensive FRM Policy
Establish Fraud Risk Governance roles and responsibilities throughout
the organization
Document the FRM Program
Communicates FRM at all organizational levels
1
12. Fraud Risk ManagementDeloitte Yousuf Adil, Chartered Accountants
Zeeshan Shahid, ACA | Partner, Forensic & Consulting (Strategy & Operations)
1212
2. Fraud Risk Assessment
Involve appropriate levels of management
Include entity, subsidiary, division, operating unit, and functional levels
Analyze internal and external factors
Consider various types of fraud
Specifically consider the risk of management override of controls
Estimate the likelihood and significance of risks identified
2
13. Fraud Risk ManagementDeloitte Yousuf Adil, Chartered Accountants
Zeeshan Shahid, ACA | Partner, Forensic & Consulting (Strategy & Operations)
1313
2. Fraud Risk Assessment (Cont’d)
Address personnel or departments involved and all aspects of the fraud
triangle
Identify existing fraud control activities and assess their effectiveness
Determine risk response
Use data analytics techniques for fraud risk assessment and fraud risk
responses
Perform periodic reassessment and assess changes to fraud risk
Document the risk assessment
2
14. Fraud Risk ManagementDeloitte Yousuf Adil, Chartered Accountants
Zeeshan Shahid, ACA | Partner, Forensic & Consulting (Strategy & Operations)
1414
3. Fraud Control Activities
Promote fraud deterrence through preventive and detective control activities
Integrate with the Fraud Risk Assessment
Consider organization-specific factors and relevant business processes
Consider application of control activities to different levels of organization
Utilize a combination of fraud control activities
Consider management override of controls
Use proactive data analytics procedures
Deploy control activities through policies and procedures.
3
15. Fraud Risk ManagementDeloitte Yousuf Adil, Chartered Accountants
Zeeshan Shahid, ACA | Partner, Forensic & Consulting (Strategy & Operations)
1515
4. Information and communication
Establish fraud investigation and response protocols
Conduct investigations
Communicate investigation results
Take corrective actions
Evaluate investigation performance
4
16. Fraud Risk ManagementDeloitte Yousuf Adil, Chartered Accountants
Zeeshan Shahid, ACA | Partner, Forensic & Consulting (Strategy & Operations)
1616
3. Fraud Risk Management Monitoring Activities
Consider a mix of ongoing and separate evaluations
Consider factors for setting the scope and frequency of
evaluations
Establish appropriate measurement criteria
Consider known fraud schemes and new fraud cases
Evaluate, communicate and remediate deficiencies
5