Need for Fraud Risk Management Plan

82% of executives surveyed worldwide experienced a fraud incident in the past year compared to 75% in 2015, according to the Kroll Annual Global Fraud and Risk Report.

As per ACFE, organizations shed an estimated 5 percent of their annual revenues to fraud and hence the need for a strong anti-fraud stance and proactive, comprehensive approach to combating fraud is clear. As organizations increase their focus on risk, the management should consider, enact and improve measures to detect, deter and prevent fraud.

Trends that highlight the need for stronger fraud risk management are Globalization, Economic Downturn, Risk Surprises and Process Improvement.

To address the fraud concerns, management should have plan ready to-

  1. Identify, assess and manage fraud risks from all sources
  2. Support fraud risk management initiatives by establishing an anti-fraud culture and promoting fraud awareness throughout the organization
  3. Develop a system of internal controls to address fraud risks
  4. Address and respond to any identified instances of fraud

Integrating following questions into their risk management plan, perhaps, can help organization know their stand on fraud prevention-

1. Does the organization have a fraud prevention and detection program? Who is responsible for corporate security?

2. Are there adequate controls to protect the organization’s technology, trade secrets, and other sensitive records?

3. Are safeguards in place to ensure that assets of the organization are not misappropriated?

4. Are IC policies and procedures adequate to identify potential errors, fraud, or illegal acts? Do the controls identify unauthorized transactions.

5. Does the audit committee have a process to focus specifically on the risk of fraud? Does this include discussions with management about its efforts to deter fraud? Does the committee discuss with the independent auditors their consideration of the risk of fraud?

6. Does the organization have whistleblowing programme in place? Does it give freedom of speech and safeguard to employee who calls out?

7. Was any fraud or illegal act reported to the audit committee during the year through the whistle-blowing process or otherwise? What actions did management and the audit committee take?

8. Does the organization have policies and procedures in place to prevent and detect insider trading? Were any violations of insider trading rules identified this year? What actions did the organization take?

9. Who is responsible for overseeing compliance with the organization’s policies and procedures? Is this person at a sufficiently high level to be effective? Does his independence biased? Should it be outsourced/ co-sourced?

10. Have any employees been caught in fraudulent activities? What actions were taken against them? What actions were taken to discourage similar wrongdoing by others?

11. Have any issues been identified through the independent auditors required fraud audit procedures?

12. Whether the organization assess on fraud schemes to which like organizations have been convinced, are susceptible or tested and found negative remarks.

13. Whether the organization uses data analysis, data mining, and digital analysis tools to: (a) identify hidden relationships among people, organizations, and events; (b) identify suspicious transactions; (c ) assess the effectiveness of internal controls; (d) monitor fraud threats and vulnerabilities; and (e) consider and analyse large volumes of transactions on a real-time basis.

14. How exposed the organization is in dealing with government/ agencies? How it identifies such person(s). How exposed is organization in increasing use of third parties, outsourcing arrangements and rapid business change i.e. more access to information, systems and controls.

15. Does organization have a rigorous program for communicating fraud prevention policies and procedures to all employees, vendors, contractors, and business partner?

16. Does the organization have specific review solutions in place, such as, Third Party Audits, T&E Audits, Marketing & Inventive Review, Cyber controls, etc.?

17. Do the organization conduct regular trainings to impart whistleblowing practice, bribery and corruption, anti-money laundering, supply chain frauds and consequences to employees?

18. Is an outsourced agency time to time check for potential red flags?

19. Is management and employees being aware of the laws there are exposed to comply? How cross border regulations are taken care of by CXOs?

20. Do organization have a formal fraud response plan?

To protect itself and its stakeholders effectively and efficiently from fraud, an organization should understand fraud risk and the specific risks that directly or indirectly apply to the organization. A structured fraud risk assessment, tailored to the organization’s size, complexity, industry, and goals, should be performed and updated periodically. The assessment may be integrated with an overall organizational risk assessment or performed as a stand-alone exercise, but should, at a minimum, include risk identification, risk likelihood and significance assessment, and risk response. Having a word with your Consultant, probably, can help your organization to have a fraud prevention and detection plan.

(The views are mine and do not necessarily reflect the views of my organization. It is advisable to approach a risk consultant for risk management solutions.)