Overview of the program framework. Various strategies may be adopted by the management, to develop and implement a fraud risk management framework across the organization. One of those is the implementation of the “8 steps of Fraud Risk Management Program”, which serves as a framework, for deterrence, prevention, and detection of fraud risks and incidents.
Overview Of The Program Framework: Step 8 In Fraud Risk Management
All the steps are interrelated with each other; therefore, an organization must ensure that all 8 steps are sequentially followed to develop a robust, fraud risk management framework.
These eight steps of the program are discussed below:
- Defining program objectives
- Assess fraud risks
- Design program components
- Implement program components
- Communicate expectations
- Ensure compliance
- Identify and Investigate violations
Fraud Risk Assessment
A fraud risk assessment is a dynamic and iterative process for identifying and evaluating fraud risks in the organization. The risk of fraudulent financial reporting, fraudulent non-financial reporting, asset misappropriation, and illegal acts is addressed in the fraud risk assessment (including corruption). This approach can be tailored to meet the needs, complexities, and goals of individual organizations. Fraud risk assessment is not just a part of risk assessment and internal control.
Fraud Control Activity
A fraud control activity is a policy- and procedure-based action that helps ensure that management’s directives to reduce fraud risks are followed. A fraud control activity is a specific procedure or process that is designed to either prevent or detect fraud as soon as it occurs. Fraud control activities are generally classified as either preventive (intended to prevent a fraudulent event or transaction from occurring in the first place) or detective (designed to discover a fraudulent event or transaction after the initial processing has occurred).
The selection, development, implementation, and monitoring of fraud preventive and detective control activities are critical components of fraud risk management. Documentation of fraud control activities includes descriptions of the identified fraud risk and scheme, the fraud control activity designed to mitigate the fraud risk, and the identification of those responsible for the fraud control activity. Fraud control activities are an essential component of internal control’s ongoing fraud risk assessment.
Fraud Investigation And Corrective Action
Control activities cannot provide complete protection against fraud. As a result, the organization’s governing board ensures that a system for prompt, competent, and confidential review, investigation, and resolution of instances of noncompliance and allegations of fraud and misconduct is developed and implemented. By establishing and carefully planning investigation and corrective action processes, an organization can improve its chances of loss recovery while minimizing exposure to litigation and reputational damage.
Fraud Risk Management Monitoring Activities
Monitoring the overall fraud risk management process is the fifth fraud risk management principle. Organizations use fraud risk management monitoring activities to ensure that each of the five fraud risk management principles is present and functioning as intended, and that needed changes are identified in a timely manner. Organizations perform fraud monitoring activities through ongoing and separate (periodic) evaluations, or some combination of the two.
Continuing evaluations in a Fraud Risk Management Program that are built into the organization’s business processes at varying levels, similar to the 2013 COSO Framework, provide timely information. Organizations, on the other hand, conduct separate evaluations on a regular basis that vary in scope and timing based on a variety of factors, including the results of ongoing evaluations.
Final Thoughts
A well-functioning and engaged board discusses the status of the entity’s Fraud Risk Management Program with senior management and provides oversight as needed. Senior management is responsible for the overall design and implementation of a Fraud Risk Management Program, including setting the tone at the top the overall culture of the organization The board establishes policies and procedures outlining how it will provide oversight, including expectations regarding integrity and ethical values, transparency, and accountability for the implementation and operation of the Fraud Risk Management Program.
Senior management reports to the board on the remaining fraud risks based on its fraud risk assessments, as well as any incidents of fraud or suspected fraud. When necessary, the board challenges management and asks tough questions. Internal auditors, independent auditors, external reviewers, and legal counsel are consulted, and these resources are used as needed to investigate any issues.
