Organisational vigil in tackling fraud risks: Our perspective

Corporate fraud and misconduct: Role of independent directors

Regulatory requirements in India have recognized fraud as a key risk and have placed responsibility on the board, audit committee and senior management of organizations for development and implementation of a fraud risk management framework. Given the severe economic, reputational, and legal consequences of corporate frauds, organizations today have started taking steps to minimize the fraud risk exposure in their business operations.

While most organizations have developed policies and procedures that cover critical aspects of a comprehensive fraud risk governance framework, several organizations fall short on translating these into practical and functional processes. Given the of the current disrupted and volatile business environment, relying on traditional anti-fraud mechanisms/controls may not adequately secure the organization and an updated fraud risk management program – addressing the changing requirements for people, process, and technology - is the need of the hour.

Based on our experience, more often than not, the design and implementation of a fraud risk governance framework encounter the following challenges:

  • Traditional, case to case-based incidence response approach instead of actively promoting and enhancing the proactive/preventive fraud risk control framework and lack of periodic review of the effectiveness of implemented FRM framework
  • Business priorities takes precedence amidst uncertainties over other matters including compliance
  • Lack of a defined structure for the FRM framework and investigation identifying department or person to lead the fraud risk management activities for the organizations
  • Set goals and timelines and measure the progress in implementing improvements
  • Inadequate awareness efforts to educate employees on their obligations in preventing, detecting and deterring fraud
  • Irregular fraud risk assessments of the business processes to determine the fraud risk profile and identify improvement avenues for anti-fraud control framework
  • Absence/limited integration of technology in real-time monitoring to identify red-flags and investigative procedures (data analytics tools, computer forensic technologies, etc.)
  • Lack of appropriate actions on whistleblower complainants
Did you find this useful?