Co-published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the Association of Certified Fraud Examiners (ACFE), the Fraud Risk Management Guide provides direction for creating a comprehensive program to manage fraud risks within an organization. The first edition of the Fraud Risk Management Guide was published in 2016, building on the COSO 2013 Internal Controls—Integrated Framework, which outlined 17 principles associated with five internal control components. This resource provided guidance for designing and implementing systems of internal control and defined requirements for effective internal control.

In 2023, COSO and the ACFE released the second edition of the Fraud Risk Management Guide to address changes in the fraud landscape and keep organizations at the forefront with their anti-fraud program.

“It is impossible to eliminate all fraud in all organizations. However, effective leaders address fraud risk as they do any risk — they manage it,” said ACFE President and CEO Bruce Dorris in a press release. “The Fraud Risk Management Guide gives organizations, whether large or small, government or private, profit or non-profit, the information necessary to design a plan specific to the risks for that entity. There is no ‘one size fits all approach’ to managing fraud risk, but by applying the guidance in the updated Guide, an organization can create a custom-fitted program tailored to its specific needs.”

“COSO’s mission is to help organizations improve performance by developing thought leadership that enhances internal control, risk management, governance and fraud deterrence,” incoming COSO Chair Lucia Ward said in the press release. “The Fraud Risk Management Guide is a key tool for furthering this mission, mainly with respect to fraud deterrence, particularly through the principled alignment supported by COSO’s existing 2013 ICIF.”

What’s New in the 2023 Fraud Risk Management Guide?

The Fraud Risk Management Guide’s second edition includes an expanded library of valuable information, actionable tasks, real-world examples and additional tools for organizations to utilize. Specific updates found in this second edition include:

• Changes in the external environment and fraud landscape. This edition includes information on the rapidly changing fraud landscape, including environmental, social and governance (ESG) initiatives and reporting, cyber fraud, blockchain, cryptocurrency and digital assets and several other key areas.

• Fraud risk management and deterrence. This edition explains how fraud risk management relates to and supports fraud deterrence — a key theme in COSO’s mission.

• Relationships among COSO’s two frameworks and fraud risk management. This edition explains how the COSO 2013 Internal Control—Integrated Framework, the COSO 2017 Enterprise Risk Management—Integrated with Strategy and Performance Framework and the Fraud Risk Management Guide are related to and support each other.

• Expanded information on data analytics. This edition includes expanded and updated information on data analytics, which continues to grow in importance as a key tool for the prevention and early detection of fraud.

• Internal control and fraud risk management. This edition explains how internal control and fraud risk management are related and support each other but are different in some important respects.

• Assessing the effectiveness of existing control procedures as related to fraud risk. Chapter 2 (Fraud Risk Assessment) provides additional information on this important step in the fraud risk assessment process.

• Changes in the legal and regulatory environment. This edition includes updated information with respect to recent legal and regulatory developments pertaining to fraud and fraud risk management.

• Fraud reporting systems and hotlines. ACFE research consistently shows that the majority of frauds are discovered through tips, often from employees in an organization. This edition includes updated and expanded information related to the importance of fraud reporting systems in detecting, preventing and responding to identified fraud.

Finally, and significantly, the ACFE Fraud Risk Tools site includes a greatly expanded list of fraud risk exposures and fraud schemes. Each scheme in the expanded list is hyperlinked to an underlying description of the scheme and how it is carried out, providing a useful resource for organizations in identifying, assessing and managing the fraud risks relevant to their operations.

For information on obtaining the updated Fraud Risk Management Guide, visit ACFE.com.