3 Ingredients of a Strong Risk Management Culture

3 Ingredients of a Strong Risk Management Culture

Basel’s Principles for the Sound Management of Operational Risk defines risk culture as “the combined set of individual and corporate values, attitudes, competencies and behavior that determine a firm’s commitment to and style of operational risk management.” It is no coincidence that — of the 11 principles Basel cites — risk culture is at the core of the very first principle: Strong risk culture is ONLY achievable in concert with strong firm-wide culture.

Read More

5 Ways to Mitigate Fraud Risk

RISK gauge.jpg


Kelly Todd, CFE
Managing member & member in charge of forensic investigations
Forensic Strategic Solutions, LLC

The growing abundance of internal and external threats can make it difficult to stay ahead of fraudsters. While fraud itself hasn’t changed all that much in recent years, the risks continue to grow in both size and complexity as technology changes and the ability to move, share and expose corporate assets becomes easier.

In today’s technology-crazed age, the scope of risk is growing, and businesses that do not keep up with evolving threats will be vulnerable. Here are some tips on how to keep up:

  1. Monitor your data. In the past, this meant monitoring transactional data to proactively identify anomalies indicative of fraud. Now, however, fraud can be committed in a variety of ways, including uploading sensitive data to the “cloud,” emailing company information, and saving sensitive information on a smartphone or sharing via social media. It’s essential to safeguard your company’s information to ensure it is not shared outside of your business in a malicious manner. Monitoring technology that promptly notifies you when company data is leaving the office, or when shared online, is readily available. Talk with your data security professional for the appropriate solution to monitor and secure your sensitive data.
  2. Establish proactive communication with employees around fraud. Educate your employees on what is and is not appropriate regarding the use of company technology and handling of company information. Establish policies that define the expectation of privacy and your company’s right to monitor network activity. Hold regular training on fraud and ethical behavior in the workplace and establish a chain of command in dealing with suspected fraudulent activity so that your employees are well-equipped to deal with any ethical dilemmas.
  3. Implement company policies on confidentiality and nondisclosure. Upon hiring, employees should be given information on confidentiality policies they must sign and agree to. If your current employees were not subjected to these agreements upon their hiring, implement the policies and require each of your employees to consent. If an employee violates the company policy, they should know that there will be consequences. If an employee leaves the organization, enforce agreed-upon nondisclosure terms.
  4. Set up a whistleblower hotline. Most frauds are discovered by tip or by accident, according to the 2016 ACFE Report to the Nations. It is important that employees work in an environment where they feel they can speak up if they see wrongdoing. Whistleblower hotlines often generate a wide range of reports – implement a few guiding principles around the type of matters that get reported to the audit committee, including significant deficiencies in internal control, senior management malfeasance, accounting irregularities, theft and financial losses, and broad deviations from the organizations anti-fraud policies.
  5. Hire the right people. Mitigate fraud risks by preventing nefarious actors from gaining access to your data in the first place. A thorough vetting of new hires remains critical. All too often, the unfounded belief a former employer won’t share anything of value keeps references from being checked – but if you don’t ask, you will never know.  Pick up the phone and check those references.

Internal controls have been the standard to prevent fraud in the workplace, but as the landscape becomes more multifaceted, new measures like the ones above are necessary.

Despite efforts to prevent fraud, the unfortunate reality is that it still happens. Stay tuned tomorrow for my five tips on what to do once fraud has been detected. 

A Lesson from the Exonerated  

557226597 (1).jpg


Roger Aradi, CFE, ACFE Communications Manager
Ryan Gregory, Risk Analyst, Cinder Staffing

More than 17,895 years lost.

That’s how much prison time innocent people served before subsequently being exonerated, according to the National Registry of Exonerations.* The mission of the registry is “to provide comprehensive information on exonerations of innocent criminal defendants in order to prevent future false convictions by learning from past errors.” Just as we, as anti-fraud professionals, learn to fight fraud by studying fraudsters, are there lessons to be learned from cases where innocents have been convicted of fraud?

Fraud and tax evasion cases make up only 0.02 percent of cases in the registry. This gives us 36 cases of individuals convicted of fraud or tax evasion but later exonerated on some or all charges. In 80 percent of these cases, official misconduct or perjury/false accusations were factors that led to defendants ultimately winning their appeals.

According to the Farlex online legal dictionary, official misconduct is defined as “improper and/or illegal acts by a public official which violate his/her duty to follow the law and act on behalf of the public good.” According to the registry’s own glossary, perjury/false accusation takes place when “A person other than the exoneree committed perjury by making a false statement under oath that incriminated the exoneree in the crime for which the exoneree was later exonerated, or made a similar unsworn statement that would have been perjury if made under oath.”

In other words, in 80% of the cases under consideration, those building/prosecuting the case violated the law or contradicted the truth. A few examples are noted in these quotes from courts involved in these cases:

  • “had the government complied with its…..obligations and disclosed SEC transcripts.”
  • “prosecution has presented insufficient evidence.”
  • “it was discovered that prosecutors failed to disclose.”

These cases provide dramatic examples of why integrity and objectivity are emphasized so strongly in the CFE Code of Professional Standards. The very first standard of conduct states, “Certified Fraud Examiners shall conduct themselves with integrity, knowing that public trust is founded on integrity. CFEs shall not sacrifice integrity to serve the client, their employer or the public interest.” How many of the 36 exonerations would never have resulted in convictions in the first place had the investigators and prosecutors held themselves to this standard?

Perhaps that is the lesson to be derived from the exonerated: professional standards may feel like constraints sometimes, but they serve a vital purpose, and to violate them has a real human cost. Let us aspire to a level of professionalism that prevents any innocents from losing even one year of their life, much less nearly 18,000.

* As of June 29, 2017.

CFE Prevents Fraud Through Immersion and Communication


Britta Bohlinger, CFE, MA, BSc
Founding Director, RisikoKlár
Frankfurt, Germany 

Britta Bohlinger, CFE, MA, BSc (Hons), Quality Manager and Auditor (IHK Berlin), founding director of RisikoKlár, is no stranger to debates or uncomfortable discussions. From a young age, she enjoyed lively conversations with her father about his work and later became active in academic association discussions. She said, “The element of informal mentoring was invaluable — a source of motivation, challenge and aspiration. [The discussions] were also a source of comfortable discomfort as being an active member always reminded me of how much more I needed to learn.” As the only female CFE in Iceland, she now brings her passion for discourse and spreading risk management knowledge to the ACFE’s members-only online community and her clients.

How did you first become passionate about fighting fraud? 
When I turned 10, my grandmother gave me the biographies of Martin Luther King Jr. and Käthe Kollwitz — they laid the groundwork for my moral compass. I also witnessed my father working late at night and on weekends on machinery assessments and analyses. Deeply immersed, he was drafting, improving and inventing mechanisms, processes and devices that would reduce serious risks and protect the safety of fellow workers. He had suffered a work accident himself, but his loyalty to his employer never wavered and I understood that the awards and rewards he was given, in appreciation of the risks mitigated for the firm thanks to his inventions and improvements, played a key role in this lifelong commitment. We later enjoyed many arguments over environmental issues in his industry, and I consider myself fortunate for growing up with my father’s willingness to engage in ongoing intellectual battle over ethical matters with me. His respect for my perspective, coupled with my insight that risk can be mitigated — and that preventive measures in combination with a passion for risk detection and the right incentives can make a major difference — were character-building. Little did I know then that conduct and fraud risk would become central to my work one day, but the passion was instilled early and strongly.

My background in the social sciences, which entailed studies in social psychology and criminology, ignited my interest in fighting fraud and white-collar crime (German: Wirtschaftskriminalität). My work in mitigating and managing banking risk tied all these elements together in a holistic and passionate way.

What is one of the biggest lessons you have learned since becoming a CFE? 
Fraud prevention and detection, whether in Britain, Germany or Iceland, is far less known and understood than I used to assume. I realized that many, even professionals in the risk, legal and scientific professions, hold misconceptions and may have severe knowledge gaps when it comes to white-collar crime, fraud risk and fraudulent activities. As a volunteer in my spare time, I also witnessed charity fraud. Thanks to my CFE credential, I have become more aware of the pervasiveness of fraud and white-collar crime across all industries, and the need to fight it meaningfully.

The biggest lesson is that we need many more well-educated fraud fighters, not only in the English-speaking nations. I also learned that the ACFE is the best place to undergo this training in order to remain at the forefront when it comes to subsequent continued professional education.

What is a memorable case or project that you have worked on; one that made you feel especially proud?  
After moving to London in 2005, I worked at the headquarters of the Commonwealth Secretariat, an intergovernmental organization. It provides technical assistance in the promotion of the rule of law and good governance with a focus on sharing best practices and capacity building. I oversaw the organization of international anti-corruption and counter-terrorism conferences and training sessions in London, Jamaica and Malaysia. This entailed close collaboration with a highly diverse range of subject matter experts, including those at Scotland Yard, as well as government officials, criminal law experts and policy researchers in various nations. We worked towards very tight deadlines across three time zones, two of which were at the opposing ends of the globe. It was equally challenging, thrilling and rewarding. Germany is not a member of the Commonwealth, which meant I could only hold a temporary position (and was the only German), but having the opportunity to work with those high-caliber passionate fraud fighters and senior lawyers was deeply inspiring and presented a lasting influence.

What activities or hobbies do you like to do outside of work?  
I love swimming in outdoor pools here in Iceland, and of course, hiking in snow-covered landscapes, especially when contrasted by black sands and blue waters. I have also tried stand-up paddle boarding with the Arctic surfers here, but I do prefer Mediterranean waters for my favorite water sport.

Discovering a new talent, whether music, arts, theatre or some other endeavor, is something I enjoy. The same holds true for exploring local cuisines, cultures and landscapes. Learning, reading widely and sharing knowledge is something that invigorates me, and I especially enjoy sharing this with my large extended family who have been a source of support in my fraud-fighting efforts.

Read Britta's full interview in the Career Center on ACFE.com.