Article
Fraud Risk Management
A Strategic Imperative for Board Consideration and a focus area for Regulators
A crucial role of management is to define risk management frameworks within their companies. While companies in recent years have responded to an increasing number and type of business risks, the focus on internal and external fraud has lagged behind. New trends in fraud continue to emerge, causing financial losses, integrity and trust issues, and even emotional distress for those affected.
Why addressing fraud risk in a structured way should be a priority
How to actively manage your (fraud) risks and internal controls landscape to reduce the probability of fraud
By implementing the following measures, organisations can manage their fraud risks and internal controls:
- Conduct comprehensive and recurring fraud risk assessments to identify high risk functions and processes, including an evaluation of the adequacy of internal controls. The fraud risk assessment should be tailored to your organisation’s specific industry and activities.
- Strengthen management review procedures by improving data monitoring capabilities, which will enable organisations to identify anomalies, patterns, and warning signs that could indicate fraudulent activities and enable timely intervention and mitigation.
- Monitor and review continually fraud risks and the effectiveness of associated internal controls. Adopt a mindset for continuous improvement that adapts to emerging threats (for example, ESG in the context of Greenwashing is often forgotten as an emerging fraud risk to consider).
- Strengthen the segregation of duties to minimise the risks of collusion and unauthorised access that no single individual holds excessive control over critical processes or transactions.
- Conduct company-wide fraud awareness training for your employees in how to recognise red flags, stay vigilant, and report fraud when it occurs.
- Establish a secure and confidential whistleblowing mechanism to encourage your employees and third parties to report suspected fraud (e.g., by means of an anonymous hotline, complaint box or website).
- Define and communicate clearly to all employees the process of escalation and investigation, to ensure that prompt and efficient action is taken when fraud is detected.
Concluding remarks
Organisations should identify the individuals in the senior management team responsible for fraud risk management, assessing the existing anti-fraud programme and related internal controls, ensuring awareness of fraud risks throughout the organisation, and implementing corrective measures if needed.
We often hear from management that they hire people of integrity who they fully trust and in whom they have complete confidence. However, overconfidence may lead to a strong denial about the possibility of fraud in their companies and that the trust placed in people may have been misplaced.
At a time when many companies are in the process of developing ESG-related metrics for financial reporting that are linked directly to the compensation of employees, the pressure to commit fraud is increasing. As such, ESG issues are an important emerging fraud risk to consider.
Assessing fraud risk management and the related internal controls is not a “tick the box” exercise, to be performed just once. It is a continuing exercise that requires time and effort to help companies reduce their risks.
Recommendations
Global Future of Cyber Survey 2023
Building long-term value by putting cyber at the heart of the business