Fraud Risk Management: High-Level Perspectives for Directors and Investors
•Télécharger en tant que PPTX, PDF•
0 j'aime•86 vues
Stay ahead of the curve in fraud risk management with our slides on "Fraud Risk Management: High-Level Perspectives for Directors and Investors." Based on the best practices outlined by COSO and ACFE, these slides cover key insights into fraud risk governance policies, assessments, prevention and detection control activities, investigations, and more. Essential for ongoing corporate governance training and fulfilling statutory requirements in different countries. Watch session: https://youtu.be/WxnwWXfHT_o
Recommandé
Recommandé
Contenu connexe
Similaire à Fraud Risk Management: High-Level Perspectives for Directors and Investors
Similaire à Fraud Risk Management: High-Level Perspectives for Directors and Investors (20)
Plus de Zeeshan Shahid
Plus de Zeeshan Shahid (11)
Dernier
Dernier (20)
Fraud Risk Management: High-Level Perspectives for Directors and Investors
- 1. Fraud Risk Management High level perspective for Those Charged with Governance Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE
- 2. 2 Fraud Risk Management Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE Introduction
- 3. Fraud Risk Management Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE 3 3 Fraud Risk Management Visible and rigorous fraud governance process Periodic Fraud Risk Assessment Effective fraud control processes and procedures Swift allegation response and appropriate action against wrong-doers Attributes of a deterrence creating FRM process Fraud Risk Management is a process that results in board and upper management and all other staff deterring fraud in their organization. Fraud deterrence is a process of eliminating factors that may cause fraud to occur.
- 4. Fraud Risk Management Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE 4 4 Fraud Risk Management (cont’d) All organization are subject to fraud risks. Elimination of all fraud in all organizations impossible. Some sort of principle needed to create procedures and make environment risk free. BoD, top management and personal at all levels have responsibility for managing fraud risk. Fraud risk management framework helps organizations develop a program to deter fraud
- 5. 5 Fraud Risk Management Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE Fraud Risk Management Principles
- 6. Fraud Risk Management Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE 6 6 Fraud Risk Management Principles •The organization establishes and communicates a Fraud Risk Management Program that demonstrates the expectations of the board of directors and senior management and their commitment to high integrity and ethical values regarding managing fraud risk. Control environment •The organization performs comprehensive fraud risk assessments to identify specific fraud schemes and risks, assess their likelihood and significance evaluate existing fraud control activities, and implement actions to mitigate residual fraud risks Fraud Risk Assessment •The organization selects, develops, and deploys preventive and detective fraud control activities to mitigate the risk of fraud events occurring or not being detected in a timely manner. Control activities 1 2 3
- 7. Fraud Risk Management Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE 7 7 Fraud Risk Management Principles (cont’d) •The organization establishes a communication process to obtain information about potential fraud and deploys a coordinated approach to investigation and corrective actions to address fraud appropriately and in a timely manner. Information communication •The organization selects, develops and performs ongoing evaluations to ascertain whether each of the five principles of fraud risk management is present and functioning and communicates Fraud Risk Management Program deficiencies in a timely manner to parties responsible for taking corrective action, including senior management and the board of directors. Monitoring activities 4 5
- 8. 8 Fraud Risk Management Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE Ongoing, Comprehensive Fraud Risk Management Process
- 9. Fraud Risk Management Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE 9 9 Ongoing Comprehension Fraud Risk management process Establish a fraud risk management policy as part of organization governance Perform a comprehensive fraud risk assessment Select, develop and deploy prevention and detective fraud control activities Establish a fraud reporting process and coordinated approach to investigation and corrective path Monitor the fraud risk management process, report results and improve the process
- 10. 10 Fraud Risk Management Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE BOD and Senior Managements Points of focus
- 11. Fraud Risk Management Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE 11 11 1. 1) Control Environment Make an organizational commitment to FRM Support fraud risk governance Establish a comprehensive FRM Policy Establish Fraud Risk Governance roles and responsibilities throughout the organization Document the FRM Program Communicates FRM at all organizational levels
- 12. Fraud Risk Management Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE 12 12 2. 2) Fraud Risk Assessment Involve appropriate levels of management Include entity, subsidiary, division, operating unit, and functional levels Analyze internal and external factors Consider various types of fraud Specifically consider the risk of management override of controls Estimate the likelihood and significance of risks identified
- 13. Fraud Risk Management Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE 13 13 Address personnel or departments involved and all aspects of the fraud triangle Identify existing fraud control activities and assess their effectiveness Determine risk response Use data analytics techniques for fraud risk assessment and fraud risk responses Perform periodic reassessment and assess changes to fraud risk Document the risk assessment 2) Fraud Risk Assessment
- 14. Fraud Risk Management Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE 14 14 3. 3) Fraud Control Activities Promote fraud deterrence through preventive and detective control activities Integrate with the Fraud Risk Assessment Consider organization-specific factors and relevant business processes Consider application of control activities to different levels of organization Utilize a combination of fraud control activities Consider management override of controls Use proactive data analytics procedures Deploy control activities through policies and procedures.
- 15. Fraud Risk Management Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE 15 15 4. 4) Information and communication Establish fraud investigation and response protocols Conduct investigations Communicate investigation results Take corrective actions Evaluate investigation performance
- 16. Fraud Risk Management Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE 16 16 3. 5) FRM Monitoring Activities Consider a mix of ongoing and separate evaluations Consider factors for setting the scope and frequency of evaluations Establish appropriate measurement criteria Consider known fraud schemes and new fraud cases Evaluate, communicate and remediate deficiencies
- 17. Fraud Risk Management Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE 17 17 Thank You LinkedIn https://www.linkedin.com/in/zeeshan80/ Twitter @zee_shah Email zeeshanshahid@outlook.com Phone +92 302 827 3930
- 18. This communication contains general information only, and the author is, by means of this communication, rendering professional advice or services. The author shall not be responsible for any loss whatsoever sustained by any person who relies on this communication. © 2023. For information, contact ZeeShah Business Consulting Private Limited The source of the material is COSO Fraud Risk Management Guide. All COSO material is subject to COSO Acceptable Use Policy. ZeeShah Business Consulting (Pvt.) Ltd.
Notes de l'éditeur
- Fraud Risk Management is a process that results in board and upper management and all other staff deterring fraud in their organization. Fraud deterrence is a process of eliminating factor that may cause fraud to occur. Deterrence is achieved when an organization implements a fraud risk management process that: Establish a visible and rigorous fraud governance process. Creates a transparent and sound anti-fraud culture. Includes a through fraud risk assessment periodically. Design, implements and maintains preventive and detective fraud control process and procedures. Take swift action in response to allegation of fraud, including, where appropriate, action against those involved in wrongdoing.
- Makes an Organizational Commitment to Fraud Risk Management- The senior management initiate the fraud risk management process by establishing an organizational commitment to deter, prevent and detect fraud. Supports Fraud Risk Governance- The senior management make an organizational commitment to fraud risk management as a key element of corporate governance Establishes a Comprehensive Fraud Risk Management Policy- The senior management provide a solid foundation of fraud risk management by establishing a comprehensive fraud risk management policy. Establish Fraud Risk Governance Roles and Responsibilities throughout the Organization- Senior management will identify the roles and responsibilities off all personnel as they relate to fraud risk governance. Document the Fraud Risk Management Program- The senior management ensure the fraud risk management program is thoroughly documented and updated on a regular basis Communicated Fraud Risk management al all Organizational Levels- the senior management support the ongoing effectiveness of the fraud risk management program by maintain and communicating a continuous focus on fraud deterrence, prevention, and detection throughout the organization.
- Involve appropriate level of management- The fraud risk assessment team includes appropriate level of management Includes entity, subsidiary, division, operating units and functional levels- Fraud risk assessment team recognizes that fraud can happen at any level or component of the organization Analyze internal and external factors- The fraud risk assessment team considers both internal and external factors and their impact on the achievement of objectives. Consider various types of fraud through fraud risk assessment team- Fraud risk assessment team considers a wide range of possible fraud schemes and exposures Specifically consider the risk of management override of controls- Fraud risk assessment team understands that catastrophic frauds have been perpetrated by senior members of management overriding existing and otherwise effective controls and focuses on these risks Estimates the likelihood and significance of risk identified- The fraud risk assessment team carefully evaluates the probability that each particular fraud could occur and potential effects on the organization if that particular fraud occurs
- Assesses personal or departments involved and all aspects of the fraud triangle- The fraud risk assessment team focuses on the incentives and pressures, opportunities, and attitudes and rationalization to commit fraud Identifies existing control activities and assesses their effectiveness- The fraud risk assessment team identifies and evaluated existing controls for effectiveness to determine residual fraud risks that requires mitigation. Determine how to respond on risk- The fraud risk assessment team’s ultimate goal is to formulate effective and appropriate Reponses to all fraud risks Uses data analytics techniques for fraud risk assessment and fraud risk response- The organization uses data analytics to improve the effectiveness and result of the fraud risk assessment Perform periodic reassessments and assesses change to fraud risk- The organization repeats the risk assessment process periodically Document the risk assessment- The organization understands that the risk assessment serves as the central element of the fraud risk management process and ensure that it is carefully an thoroughly documented
- Promote fraud deterrence through preventive and detective control activities- The organization address its fraud deterrence as a process of eliminating factors that may cause fraud to occur and understands that deterrence result from having effective preventive and detective fraud control activities in place Integrates with the fraud risk assessment- The organization ensures that the design and implementation of fraud control activities link directly to the fraud risk assessment Consider organization-Specific factors and relevant business processes- The organization ensures that the design and implementation of fraud control activities consider a range of factors, including factors unique the organization, its industry, and its operating environment Consider the application of control activities to different level of the organization- The organization ensures that fraud control activities exist throughout the organization at all appropriate organizational levels. Utilize a combination of fraud control activities- The organization ensure that fraud control activities include a range, variety, and ,mix of preventive and detective controls Consider management override of control- The organization includes fraud control activities that consider and address the ability of senior management personal to circumvent or override internal control activities, including fraud control activities. Uses proactive data analytics procedures- The organization implements a well-designed, rigorous system of data analytic processes and procedures that can identify anomalous transactions or events for further investigation. Deploys control activates through policies and procedures- The organization ensures that fraud control activities are thoroughly documented and implemented through organizational policies.
- Establishes fraud investigation and response protocols- The organization establishes, formally documents, and maintain a process for the receipt, evaluation and treatment of communication of potential fraud. Conducts investigations- The organization undertakes investigation of potential fraud, giving due consideration to the scope, severity, credibility, and implications of the communicated matter. Communicates investigation Result- The investigation team communicates the result of the investigation to the appropriate internal authority and, when necessary, to external third party. Takes Corrective Action- The organization selects discipline, remediation, asset recovery, or the other activities to the address the findings of the investigation Evaluates investigation Performance- The organization performs evaluates periodically to provide objective feed back on the effectiveness of the investigation process
- Consider a mix of outgoing and separate evaluation- management includes a combination of ongoing and separate fraud risk management program monitoring evaluation to determine whether each of five principles is presented and functioning Consider factors for sitting the scope and frequency of evaluation- management considers changes in the organization, its operating environment, and its control structure to determine the appropriate scope and frequency of its fraud risk management program monitoring activities. Establish appropriate measurement criteria- management establishes appropriate measurement criteria to assist in the objective evaluation of its fraud risk management program. Considers known fraud schemes and new fraud cases- management considers known fraud schemes and newly discovered or reported frauds in other organizations and assesses the likelihood of occurrence in the organization Evaluates, communicated and remediates deficiencies- management and board of directors assess the result of ongoing and separate fraud risk management program monitoring evaluations; communicate deficiencies to those responsible for corrective action; and determine that appropriate remediation is implemented in a timely manner