Stay ahead of the curve in fraud risk management with our slides on "Fraud Risk Management: High-Level Perspectives for Directors and Investors." Based on the best practices outlined by COSO and ACFE, these slides cover key insights into fraud risk governance policies, assessments, prevention and detection control activities, investigations, and more. Essential for ongoing corporate governance training and fulfilling statutory requirements in different countries.
Watch session: https://youtu.be/WxnwWXfHT_o
3. Fraud Risk Management
Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE
3
3
Fraud Risk Management
Visible and rigorous fraud governance
process
Periodic Fraud Risk Assessment
Effective fraud control processes and
procedures
Swift allegation response and appropriate
action against wrong-doers
Attributes of a deterrence
creating FRM process
Fraud Risk Management is a process that results in board and upper
management and all other staff deterring fraud in their organization.
Fraud deterrence is a process of eliminating factors that may cause
fraud to occur.
4. Fraud Risk Management
Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE
4
4
Fraud Risk Management (cont’d)
All organization are
subject to fraud risks.
Elimination of all fraud
in all organizations
impossible.
Some sort of principle
needed to create
procedures and make
environment risk free.
BoD, top management
and personal at all
levels have
responsibility for
managing fraud risk.
Fraud risk
management
framework helps
organizations develop
a program to deter
fraud
6. Fraud Risk Management
Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE
6
6
Fraud Risk Management Principles
•The organization establishes and communicates a Fraud Risk
Management Program that demonstrates the expectations of the board
of directors and senior management and their commitment to high
integrity and ethical values regarding managing fraud risk.
Control environment
•The organization performs comprehensive fraud risk assessments to
identify specific fraud schemes and risks, assess their likelihood and
significance evaluate existing fraud control activities, and implement
actions to mitigate residual fraud risks
Fraud Risk Assessment
•The organization selects, develops, and deploys preventive and
detective fraud control activities to mitigate the risk of fraud events
occurring or not being detected in a timely manner.
Control activities
1
2
3
7. Fraud Risk Management
Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE
7
7
Fraud Risk Management Principles (cont’d)
•The organization establishes a communication process to obtain
information about potential fraud and deploys a coordinated approach
to investigation and corrective actions to address fraud appropriately
and in a timely manner.
Information communication
•The organization selects, develops and performs ongoing evaluations to
ascertain whether each of the five principles of fraud risk management
is present and functioning and communicates Fraud Risk Management
Program deficiencies in a timely manner to parties responsible for
taking corrective action, including senior management and the board of
directors.
Monitoring activities
4
5
9. Fraud Risk Management
Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE
9
9
Ongoing Comprehension Fraud Risk management process
Establish a fraud risk
management policy as
part of organization
governance
Perform a
comprehensive fraud
risk assessment
Select, develop and
deploy prevention and
detective fraud control
activities
Establish a fraud
reporting process and
coordinated approach to
investigation and
corrective path
Monitor the fraud risk
management process,
report results and
improve the process
11. Fraud Risk Management
Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE
11
11
1. 1) Control Environment
Make an organizational commitment to FRM
Support fraud risk governance
Establish a comprehensive FRM Policy
Establish Fraud Risk Governance roles and responsibilities throughout
the organization
Document the FRM Program
Communicates FRM at all organizational levels
12. Fraud Risk Management
Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE
12
12
2. 2) Fraud Risk Assessment
Involve appropriate levels of management
Include entity, subsidiary, division, operating unit, and functional levels
Analyze internal and external factors
Consider various types of fraud
Specifically consider the risk of management override of controls
Estimate the likelihood and significance of risks identified
13. Fraud Risk Management
Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE
13
13
Address personnel or departments involved and all aspects of the fraud
triangle
Identify existing fraud control activities and assess their effectiveness
Determine risk response
Use data analytics techniques for fraud risk assessment and fraud risk
responses
Perform periodic reassessment and assess changes to fraud risk
Document the risk assessment
2) Fraud Risk Assessment
14. Fraud Risk Management
Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE
14
14
3. 3) Fraud Control Activities
Promote fraud deterrence through preventive and detective control activities
Integrate with the Fraud Risk Assessment
Consider organization-specific factors and relevant business processes
Consider application of control activities to different levels of organization
Utilize a combination of fraud control activities
Consider management override of controls
Use proactive data analytics procedures
Deploy control activities through policies and procedures.
15. Fraud Risk Management
Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE
15
15
4. 4) Information and communication
Establish fraud investigation and response protocols
Conduct investigations
Communicate investigation results
Take corrective actions
Evaluate investigation performance
16. Fraud Risk Management
Zeeshan Shahid, FCA (ICAP), ACA (ICAEW), CFE
16
16
3. 5) FRM Monitoring Activities
Consider a mix of ongoing and separate evaluations
Consider factors for setting the scope and frequency of
evaluations
Establish appropriate measurement criteria
Consider known fraud schemes and new fraud cases
Evaluate, communicate and remediate deficiencies
Fraud Risk Management is a process that results in board and upper management and all other staff deterring fraud in their organization.
Fraud deterrence is a process of eliminating factor that may cause fraud to occur.
Deterrence is achieved when an organization implements a fraud risk management process that:
Establish a visible and rigorous fraud governance process.
Creates a transparent and sound anti-fraud culture.
Includes a through fraud risk assessment periodically.
Design, implements and maintains preventive and detective fraud control process and procedures.
Take swift action in response to allegation of fraud, including, where appropriate, action against those involved in wrongdoing.
Makes an Organizational Commitment to Fraud Risk Management-
The senior management initiate the fraud risk management process by establishing an organizational commitment to deter, prevent and detect fraud.
Supports Fraud Risk Governance-
The senior management make an organizational commitment to fraud risk management as a key element of corporate governance
Establishes a Comprehensive Fraud Risk Management Policy-
The senior management provide a solid foundation of fraud risk management by establishing a comprehensive fraud risk management policy.
Establish Fraud Risk Governance Roles and Responsibilities throughout the Organization-
Senior management will identify the roles and responsibilities off all personnel as they relate to fraud risk governance.
Document the Fraud Risk Management Program-
The senior management ensure the fraud risk management program is thoroughly documented and updated on a regular basis
Communicated Fraud Risk management al all Organizational Levels-
the senior management support the ongoing effectiveness of the fraud risk management program by maintain and communicating a continuous focus on fraud deterrence, prevention, and detection throughout the organization.
Involve appropriate level of management-
The fraud risk assessment team includes appropriate level of management
Includes entity, subsidiary, division, operating units and functional levels-
Fraud risk assessment team recognizes that fraud can happen at any level or component of the organization
Analyze internal and external factors-
The fraud risk assessment team considers both internal and external factors and their impact on the achievement of objectives.
Consider various types of fraud through fraud risk assessment team-
Fraud risk assessment team considers a wide range of possible fraud schemes and exposures
Specifically consider the risk of management override of controls-
Fraud risk assessment team understands that catastrophic frauds have been perpetrated by senior members of management overriding existing and otherwise effective controls and focuses on these risks
Estimates the likelihood and significance of risk identified-
The fraud risk assessment team carefully evaluates the probability that each particular fraud could occur and potential effects on the organization if that particular fraud occurs
Assesses personal or departments involved and all aspects of the fraud triangle-
The fraud risk assessment team focuses on the incentives and pressures, opportunities, and attitudes and rationalization to commit fraud
Identifies existing control activities and assesses their effectiveness-
The fraud risk assessment team identifies and evaluated existing controls for effectiveness to determine residual fraud risks that requires mitigation.
Determine how to respond on risk-
The fraud risk assessment team’s ultimate goal is to formulate effective and appropriate Reponses to all fraud risks
Uses data analytics techniques for fraud risk assessment and fraud risk response-
The organization uses data analytics to improve the effectiveness and result of the fraud risk assessment
Perform periodic reassessments and assesses change to fraud risk-
The organization repeats the risk assessment process periodically
Document the risk assessment-
The organization understands that the risk assessment serves as the central element of the fraud risk management process and ensure that it is carefully an thoroughly documented
Promote fraud deterrence through preventive and detective control activities-
The organization address its fraud deterrence as a process of eliminating factors that may cause fraud to occur and understands that deterrence result from having effective preventive and detective fraud control activities in place
Integrates with the fraud risk assessment-
The organization ensures that the design and implementation of fraud control activities link directly to the fraud risk assessment
Consider organization-Specific factors and relevant business processes-
The organization ensures that the design and implementation of fraud control activities consider a range of factors, including factors unique the organization, its industry, and its operating environment
Consider the application of control activities to different level of the organization-
The organization ensures that fraud control activities exist throughout the organization at all appropriate organizational levels.
Utilize a combination of fraud control activities-
The organization ensure that fraud control activities include a range, variety, and ,mix of preventive and detective controls
Consider management override of control-
The organization includes fraud control activities that consider and address the ability of senior management personal to circumvent or override internal control activities, including fraud control activities.
Uses proactive data analytics procedures-
The organization implements a well-designed, rigorous system of data analytic processes and procedures that can identify anomalous transactions or events for further investigation.
Deploys control activates through policies and procedures-
The organization ensures that fraud control activities are thoroughly documented and implemented through organizational policies.
Establishes fraud investigation and response protocols-
The organization establishes, formally documents, and maintain a process for the receipt, evaluation and treatment of communication of potential fraud.
Conducts investigations-
The organization undertakes investigation of potential fraud, giving due consideration to the scope, severity, credibility, and implications of the communicated matter.
Communicates investigation Result-
The investigation team communicates the result of the investigation to the appropriate internal authority and, when necessary, to external third party.
Takes Corrective Action-
The organization selects discipline, remediation, asset recovery, or the other activities to the address the findings of the investigation
Evaluates investigation Performance-
The organization performs evaluates periodically to provide objective feed back on the effectiveness of the investigation process
Consider a mix of outgoing and separate evaluation-
management includes a combination of ongoing and separate fraud risk management program monitoring evaluation to determine whether each of five principles is presented and functioning
Consider factors for sitting the scope and frequency of evaluation-
management considers changes in the organization, its operating environment, and its control structure to determine the appropriate scope and frequency of its fraud risk management program monitoring activities.
Establish appropriate measurement criteria-
management establishes appropriate measurement criteria to assist in the objective evaluation of its fraud risk management program.
Considers known fraud schemes and new fraud cases-
management considers known fraud schemes and newly discovered or reported frauds in other organizations and assesses the likelihood of occurrence in the organization
Evaluates, communicated and remediates deficiencies-
management and board of directors assess the result of ongoing and separate fraud risk management program monitoring evaluations; communicate deficiencies to those responsible for corrective action; and determine that appropriate remediation is implemented in a timely manner