Second Edition of the Fraud Risk Management Guide Released by COSO and the ACFE

Second Edition of the Fraud Risk Management Guide Released by COSO and the ACFE

Co-published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the Association of Certified Fraud Examiners (ACFE), the Fraud Risk Management Guide provides direction for creating a comprehensive program to manage fraud risks within an organization. The first edition of the Fraud Risk Management Guide was published in 2016, building on the COSO 2013 Internal Controls—Integrated Framework, which outlined 17 principles associated with five internal control components. This resource provided guidance for designing and implementing systems of internal control and defined requirements for effective internal control.

Read More

3 Ingredients of a Strong Risk Management Culture

3 Ingredients of a Strong Risk Management Culture

Basel’s Principles for the Sound Management of Operational Risk defines risk culture as “the combined set of individual and corporate values, attitudes, competencies and behavior that determine a firm’s commitment to and style of operational risk management.” It is no coincidence that — of the 11 principles Basel cites — risk culture is at the core of the very first principle: Strong risk culture is ONLY achievable in concert with strong firm-wide culture.

Read More

5 Ways to Mitigate Fraud Risk

RISK gauge.jpg

GUEST BLOGGER

Kelly Todd, CFE
Managing member & member in charge of forensic investigations
Forensic Strategic Solutions, LLC

The growing abundance of internal and external threats can make it difficult to stay ahead of fraudsters. While fraud itself hasn’t changed all that much in recent years, the risks continue to grow in both size and complexity as technology changes and the ability to move, share and expose corporate assets becomes easier.

In today’s technology-crazed age, the scope of risk is growing, and businesses that do not keep up with evolving threats will be vulnerable. Here are some tips on how to keep up:

  1. Monitor your data. In the past, this meant monitoring transactional data to proactively identify anomalies indicative of fraud. Now, however, fraud can be committed in a variety of ways, including uploading sensitive data to the “cloud,” emailing company information, and saving sensitive information on a smartphone or sharing via social media. It’s essential to safeguard your company’s information to ensure it is not shared outside of your business in a malicious manner. Monitoring technology that promptly notifies you when company data is leaving the office, or when shared online, is readily available. Talk with your data security professional for the appropriate solution to monitor and secure your sensitive data.
  2. Establish proactive communication with employees around fraud. Educate your employees on what is and is not appropriate regarding the use of company technology and handling of company information. Establish policies that define the expectation of privacy and your company’s right to monitor network activity. Hold regular training on fraud and ethical behavior in the workplace and establish a chain of command in dealing with suspected fraudulent activity so that your employees are well-equipped to deal with any ethical dilemmas.
  3. Implement company policies on confidentiality and nondisclosure. Upon hiring, employees should be given information on confidentiality policies they must sign and agree to. If your current employees were not subjected to these agreements upon their hiring, implement the policies and require each of your employees to consent. If an employee violates the company policy, they should know that there will be consequences. If an employee leaves the organization, enforce agreed-upon nondisclosure terms.
  4. Set up a whistleblower hotline. Most frauds are discovered by tip or by accident, according to the 2016 ACFE Report to the Nations. It is important that employees work in an environment where they feel they can speak up if they see wrongdoing. Whistleblower hotlines often generate a wide range of reports – implement a few guiding principles around the type of matters that get reported to the audit committee, including significant deficiencies in internal control, senior management malfeasance, accounting irregularities, theft and financial losses, and broad deviations from the organizations anti-fraud policies.
  5. Hire the right people. Mitigate fraud risks by preventing nefarious actors from gaining access to your data in the first place. A thorough vetting of new hires remains critical. All too often, the unfounded belief a former employer won’t share anything of value keeps references from being checked – but if you don’t ask, you will never know.  Pick up the phone and check those references.

Internal controls have been the standard to prevent fraud in the workplace, but as the landscape becomes more multifaceted, new measures like the ones above are necessary.

Despite efforts to prevent fraud, the unfortunate reality is that it still happens. Stay tuned tomorrow for my five tips on what to do once fraud has been detected. 

A Lesson from the Exonerated  

557226597 (1).jpg

GUEST BLOGGERS

Roger Aradi, CFE, ACFE Communications Manager
Ryan Gregory, Risk Analyst, Cinder Staffing

More than 17,895 years lost.

That’s how much prison time innocent people served before subsequently being exonerated, according to the National Registry of Exonerations.* The mission of the registry is “to provide comprehensive information on exonerations of innocent criminal defendants in order to prevent future false convictions by learning from past errors.” Just as we, as anti-fraud professionals, learn to fight fraud by studying fraudsters, are there lessons to be learned from cases where innocents have been convicted of fraud?

Fraud and tax evasion cases make up only 0.02 percent of cases in the registry. This gives us 36 cases of individuals convicted of fraud or tax evasion but later exonerated on some or all charges. In 80 percent of these cases, official misconduct or perjury/false accusations were factors that led to defendants ultimately winning their appeals.

According to the Farlex online legal dictionary, official misconduct is defined as “improper and/or illegal acts by a public official which violate his/her duty to follow the law and act on behalf of the public good.” According to the registry’s own glossary, perjury/false accusation takes place when “A person other than the exoneree committed perjury by making a false statement under oath that incriminated the exoneree in the crime for which the exoneree was later exonerated, or made a similar unsworn statement that would have been perjury if made under oath.”

In other words, in 80% of the cases under consideration, those building/prosecuting the case violated the law or contradicted the truth. A few examples are noted in these quotes from courts involved in these cases:

  • “had the government complied with its…..obligations and disclosed SEC transcripts.”
  • “prosecution has presented insufficient evidence.”
  • “it was discovered that prosecutors failed to disclose.”

These cases provide dramatic examples of why integrity and objectivity are emphasized so strongly in the CFE Code of Professional Standards. The very first standard of conduct states, “Certified Fraud Examiners shall conduct themselves with integrity, knowing that public trust is founded on integrity. CFEs shall not sacrifice integrity to serve the client, their employer or the public interest.” How many of the 36 exonerations would never have resulted in convictions in the first place had the investigators and prosecutors held themselves to this standard?

Perhaps that is the lesson to be derived from the exonerated: professional standards may feel like constraints sometimes, but they serve a vital purpose, and to violate them has a real human cost. Let us aspire to a level of professionalism that prevents any innocents from losing even one year of their life, much less nearly 18,000.

* As of June 29, 2017.