Design program components. Risk management activities require management to develop and implement the fraud risk management program components and controls. Part of these program components includes the development of policies, procedures, and standards that help management and employees mitigate identified fraud risks. The purpose of fraud risk management program components is to achieve the strategic objectives while reducing the chances of occurrence of material fraud through the application of effective preventive and detective fraud risk management controls.
Design Program Components: Step 3 In Fraud Risk Management
The development of comprehensive policies and procedures covering all main aspects, such as regulatory, legal, operational, financial, and strategic, becomes necessary to implement the program. Therefore, management needs to identify all applicable laws, regulations, and standards which are required to be complied with by the management in developing the fraud prevention and detection controls. Such specific fraud risk management controls shall serve to address the identified fraud risks.
Controls designed and implemented may be preventive or detective in nature. Preventive controls are designed and implemented by management to prevent the occurrence of risks, and detective controls are the controls that aim to detect the risk incidents that have already occurred.
Fraud Preventive Controls
Some fraud preventive controls may become mandatory to be designed and implemented. Mandatory internal controls are those controls that must be developed and applied to meet the regulatory expectation or the legal requirement. Mandatory controls are used to prevent breaches of laws, non-compliance with applicable regulations, or internal policies.
Mandatory controls are applied in those processes where management sets the zero-tolerance level such as anti-money laundering (AML) or know your customer (KYC) compliance. The application of these types of controls minimizes the chances of occurrence of key or significant fraud risks, which an organization may be exposed to. Management may intend to set a “zero-tolerance level” for fraud incidents; however, practical considerations and risk exposures must be assessed to set the realistic tolerance levels.
Fraud management controls may also be manual or automated controls.
Manual Fraud
Manual fraud management controls are those controls that are physically applied in the processes or which require human involvement. In the case of manual controls, a human or employee must review and give approval or authorization to the individual transaction.
Automated Fraud
Automated fraud management controls are those controls that are programmed and built into the application systems installed in the organization. Automated controls do not require human intervention and work automatically based on defined parameters or artificial intelligence (AI) parameters. AI enables systems to operate and respond automatically based on controls built in the system, on which AI algorithms are based.
To develop relevant and effective system-based controls, management requires specialist knowledge in the form of subject matter experts, who study the risk sources and design internal controls for automation purposes. Such subject matter experts are from a fraud investigations background, who not only understand the regulatory and legal requirements but also are trained to understand the fraud risks factors in a particular department or process.
Whatever the nature and type of controls are, the management and departmental heads must ensure that fraud prevention and detection controls are documented through policies and procedures. These policies and procedures are required to be reviewed, by the senior management of the organization, to ensure that robust controls and processes are defined to prevent and detect potential fraud incidents.
Organizations Should:
Organizations should aim to avoid fraudulent activities through the application of preventive controls; however, this may not be the actual scenario, causing the management to also define the detective fraud risk controls.
All the employees must ensure that policies and procedures defined and approved by senior management and the Board of Directors are complied with in letter and spirit. The effective implementation of policies and procedures help in the implementation of effective fraud risk management program across the organization.
Additionally, policies and procedures define the ownership and transparency of the risk, which minimizes the risk of occurrence of fraud. Such policies must include investigating the fraud incidents and responses to the fraud incidents. Without fraud investigation procedures, the policies and procedures are considered incomplete resulting in the development of an ineffective fraud risk management program.
Fraud And The Law
Prior to the implementation of the Fraud Act, related offenses were scattered throughout the law. False accounting and obtaining goods, money, and services were made crimes under the Theft Acts of 1968 and 1978, respectively by deception, and the Companies Act of 1985 made fraudulent trading a crime. This is still part of the Companies Act of 2006. There are also fraud offenses under income tax and VAT legislation, insolvency legislation, and the common law offence of conspiracy to defraud.
The Fraud Act is not the only new legislation. There have been many changes in the legal system regarding fraud in recent years, both in the UK and internationally. This guide primarily addresses UK requirements, but it also addresses international requirements that affect UK organizations.
The Companies Act and the Public Interest Disclosure Act (PIDA) in the United Kingdom have been amended, and new legislation such as the Serious Crimes Act 2007 and the Proceeds of Crime Act 2002 have been enacted. Internationally, the Sarbanes-Oxley Act of 2002 was introduced in the United States (US), a significant piece of legislation that affects not only companies in the US, but also those in the United Kingdom (UK) and others around the world.
Different Types Of Fraud
- Fraud can take many forms and result from a wide range of relationships between offenders and victims. Fraud examples include:
- Individual crimes against consumers, clients, or other business people, such as misrepresenting the quality of goods; pyramid trading schemes
- Employee fraud against employers, such as payroll fraud, falsifying expense claims, stealing cash, assets, or intellectual property (IP), and falsifying accounting records
- Business crimes against investors, consumers, and employees include, for example, financial statement fraud; selling counterfeit goods as genuine; and failing to pay over tax or National Insurance contributions paid by employees.
- Financial institution crimes, such as using lost or stolen credit cards, cheque fraud, and false insurance claims
- Individuals or businesses commit crimes against the government, such as grant fraud, social security benefit claim fraud, and tax evasion.
- Professional criminals commit crimes against major organizations, such as major counterfeiting rings, mortgage frauds, ‘advance fee’ frauds, corporate identity fraud, and money laundering.
- e-crime is the use of computers and technology to commit crimes, such as phishing, spamming, copyright violations, hacking, and social engineering fraud.
Fraud Doesn’t Just Involve Money
Counterfeiting is one type of fraud that can have severe consequences. As technology advances, it becomes easier for counterfeiters to create realistic-looking packaging and fool legitimate wholesalers and retailers. Counterfeiting is a potentially lucrative business for the fraudster, with large commercial profits possible, and it affects a wide range of industries, including wines and spirits, pharmaceuticals, electrical goods, and fashion. However, such a fraud often has many victims, not just the business that has been duped or had their brand exploited.
Final Thoughts
Fraud is frequently misunderstood as a victimless crime. However, fraud has significant social and psychological consequences for individuals, businesses, and society. For example, when a major company goes bankrupt due to fraud, many people and businesses are impacted. Employees of suppliers, in addition to employees of the company can be impacted by the loss of large orders, and other creditors, such as banks, can be impacted indirectly by massive loan losses. Consumers must pay a premium for goods and services to cover the costs of fraud losses as well as money spent on investigations and additional security.
