Fraud Risk Management - Association of Certified … Risk Management Monitoring The organization...
-
Upload
nguyennhan -
Category
Documents
-
view
215 -
download
2
Transcript of Fraud Risk Management - Association of Certified … Risk Management Monitoring The organization...
© 2017 Association of Certified Fraud Examiners, Inc.
Fraud Risk Management
Developing a Fraud Risk
Management Program
© 2017 Association of Certified Fraud Examiners, Inc. 2 of 27
Discussion Questions
1. Which individual or group within your
organization oversees the risk management
process? How is risk management governed at
the board level—through a specific committee?
© 2017 Association of Certified Fraud Examiners, Inc. 3 of 27
Discussion Questions
2. How and where within the risk management
model is fraud risk addressed within your
organization?
© 2017 Association of Certified Fraud Examiners, Inc. 4 of 27
Discussion Questions
3. How does your organization assess the
effectiveness of its risk management activities
overall? How about its fraud risk management
activities? How do you define success for this
function?
© 2017 Association of Certified Fraud Examiners, Inc. 5 of 27
Learning Objectives
▪ Define the objectives of a fraud risk
management program.
▪ Identify the steps in developing a fraud risk
management program.
▪ Understand the components in an effective
fraud risk management program.
© 2017 Association of Certified Fraud Examiners, Inc. 6 of 27
Objectives of a Fraud
Risk Management Program
▪ Address fraud:
• Before it occurs—prevention
• While it occurs—detection
• After it occurs—response
© 2017 Association of Certified Fraud Examiners, Inc. 7 of 27
Steps in Developing a Fraud Risk
Management Program
1. Define program
objectives.
2. Assess fraud risks.
3. Design program
components.
4. Implement program
components.
5. Communicate
expectations.
6. Ensure compliance.
7. Identify and
investigate violations.
8. Measure, evaluate,
and report program
effectiveness.
© 2017 Association of Certified Fraud Examiners, Inc. 8 of 27
Step 1: Define Program Objectives
▪ Tailor objectives to the organization’s specific
needs and goals.
▪ Include a clear, explicit definition of what the
organization intends to accomplish.
▪ Weigh:
• Management’s risk appetite
• Investment in anti-fraud controls
• Prevention of material frauds
© 2017 Association of Certified Fraud Examiners, Inc. 9 of 27
Step 1: Define Program Objectives—
Addressing Risk Appetite
▪ Every company has a different risk appetite.
▪ Management needs to address risk appetite in
relation to fraud.
▪ The difference between risk appetite and risk
tolerance should be understood.
• Neither suggest acceptance of identified fraud, only
undetected acts.
▪ The non-monetary impact of fraud should be
considered.
© 2017 Association of Certified Fraud Examiners, Inc. 10 of 27
Step 1: Define Program Objectives—
Establishing Context for Risk Management
▪ Means to identify and communicate objectives
and parameters to be taken into consideration
in risk management
▪ External context versus internal context
© 2017 Association of Certified Fraud Examiners, Inc. 11 of 27
Step 1: Define Program Objectives—
Establishing Context for Risk Management
▪ Considerations:
• Goals and objectives
• Responsibilities
• Scope
• Relationships
• Risk assessment
methodologies
• Performance measurement
• Decisions to be made
• Studies and resources needed
© 2017 Association of Certified Fraud Examiners, Inc. 12 of 27
Step 1: Define Program Objectives—
Examining Previous Fraud Incidents
▪ Examine previous occurrences of fraud and
determine how management’s ideal fraud risk
management program would have prevented,
detected, and responded to them.
• Were fraud risks not fully understood?
• Were controls insufficient in design or operation?
• Were applicable controls overridden?
• Were any warning signs missed?
© 2017 Association of Certified Fraud Examiners, Inc. 13 of 27
Step 2: Assess Fraud Risks
▪ Identify and thoroughly understand risks faced
by the organization.
▪ FRM initiatives developed without accurate
fraud risk assessment will be:
• Ineffective in preventing fraud
• A waste of resources
• Potentially counterproductive
© 2017 Association of Certified Fraud Examiners, Inc. 14 of 27
Step 3: Design Program Components
▪ Considerations:
• Organizational culture
• Operating environment
• Specific risks
• Program objectives
• Risk appetite
© 2017 Association of Certified Fraud Examiners, Inc. 15 of 27
Step 3: Design Program Components
© 2017 Association of Certified Fraud Examiners, Inc. 16 of 27
Step 3: Design Program Components
▪ Initiatives to increase the anti-fraud culture and
tone of the organization
▪ Fraud prevention controls
▪ Fraud detection controls
▪ Policies, processes, and procedures for
investigating and responding to identified fraud
© 2017 Association of Certified Fraud Examiners, Inc. 17 of 27
Step 4: Implement Program Components
▪ Internal controls
will only prevent or
detect fraud if
those responsible
effectively fulfill
their duties.
© 2017 Association of Certified Fraud Examiners, Inc. 18 of 27
Step 5: Communicate Expectations
▪ Communicate purpose
and expectations of FRM
program:
• Both formally and informally
• To all employees at all
levels of the organization
© 2017 Association of Certified Fraud Examiners, Inc. 19 of 27
Step 6: Ensure Compliance
▪ Include mechanisms that monitor, identify, and
address breaches in compliance.
▪ Designate an individual or team to monitor
compliance and address noncompliance.
▪ Formal sanctions for intentional noncompliance
must be well publicized, consistent, and firm.
© 2017 Association of Certified Fraud Examiners, Inc. 20 of 27
Step 7: Identify and Investigate Violations
▪ Implement clearly
defined processes for
investigating suspected
frauds.
© 2017 Association of Certified Fraud Examiners, Inc. 21 of 27
Step 8: Evaluate the
Program’s Effectiveness
▪ Periodically evaluate program performance.
▪ Report results to upper management and the
board of directors.
▪ Benchmark performance against internal
expectations or best practices.
© 2017 Association of Certified Fraud Examiners, Inc. 22 of 27
FRM Program Components
▪ Commitment
▪ Fraud awareness training
▪ Affirmation process
▪ Conflict disclosure
▪ Fraud risk assessment
© 2017 Association of Certified Fraud Examiners, Inc. 23 of 27
FRM Program Components
▪ Reporting procedures and whistleblower
protection
▪ Investigation process
▪ Corrective action
▪ Process evaluation and improvement
▪ Continuous monitoring
© 2017 Association of Certified Fraud Examiners, Inc. 24 of 27
Fraud Risk Management Principle No. 5—
Fraud Risk Management Monitoring
The organization selects, develops, and performs
ongoing evaluations to ascertain whether each of
the five principles of fraud risk management is
present and functioning and communicates fraud
risk management program deficiencies in a timely
manner to parties responsible for taking corrective
action, including senior management and the
board of directors.
© 2017 Association of Certified Fraud Examiners, Inc. 25 of 27
Fraud Risk Management Monitoring—
Points of Focus
Considers a mix of ongoing and
separate evaluations
Considers factors for setting the
scope and frequency of evaluations
Establishes appropriate
measurement criteria
Considers known fraud schemes and
new cases
Evaluates, communicates, and remediates
deficiencies