It seems every day we read about organizations subjected to frauds resulting in massive investment losses, incarceration of employees and reputational damage.
The U.S. Sarbanes-Oxley Act of 2002 and the U.S. Federal Sentencing Guidelines of 2005 increased management’s responsibility to design and implement a fraud risk management program and “no tolerance for fraud” attitude.
All effective fraud risk management programs begin with the boards of directors of an organization ensuring overall high ethical behavior, regardless of its status as private, public or not-for-profit; its size; or the industry it conducts its business. The board of directors’ role is of great importance because most major frauds are committed by senior representatives of an organization in collusion with other employees. Thus the board of directors must ensure that its own governance practices set the tone for fraud prevention, and that risk management program effectuates policies that encourage ethical behavior, including providing a mechanism for employees, agents, vendors and customers to report violations of those standards without fear of retribution.
An effective fraud risk identification process should include an assessment of the incentives, opportunities and rationales to commit fraud.
It has been my experience that most organizations have some form of written standards and procedures to manage fraud risks. However, very few have a fraud risk management program that provides the organization with the tools to manage risk consistent with regulatory requirements, and to design a wide-ranging program that encompasses controls to enjoin, detect and respond to incidents of fraud or misconduct. An effective fraud detection process should include an assessment of the incentives, opportunities and rationales to commit fraud. Oftentimes employee incentive programs are road maps as to where fraud is most likely to occur.
In summary each organization that designs and implements a fraud risk management program should be certain to define the following elements:
- Roles and responsibilities
- Fraud awareness training
- Fraud risk assessment
- Reporting procedures and whistleblower protection
- Investigation procedures
- Disciplinary action for violators of procedures
- Corrective actions
- Continuous auditing and monitoring
The benefit of an implemented fraud risk management program will always exceed its cost. The board of directors should ensure the organization has adequate controls in place and recognizes their oversight duties and obligations in terms of the organization’s sustainability and their roles as fiduciaries to shareholders. The board in conjunction with management is directly responsible for developing, executing and mitigating controls to address fraud risks while ensuring controls are effectuated by adept and objective individuals. Regulators have “zero tolerance” for anything less!
Learn more about fraud statistics and trends in Kroll’s annual Global Fraud Report.