US Regulations including the Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley Act and Anti-Bribery legislation require that Management in a business have a zero tolerance for fraud and have an Audit Committee in place that will establish the procedures for receipt of complaints and anonymous employee tips with respect to irregularities in accounting methods, internal controls, or auditing matters. Management is also expected to explain its:
- understanding of all regulations that apply to fraud
- programs in place to manage fraud risk
- steps being taken to detect and prevent fraud
- process in place to investigate fraud
- process in place for corrective action
The Association of Certified Fraud Examiners (ACFE), the world’s largest anti-fraud organization, has developed a Fraud Prevention Checkup that serves as a self-check for determining if adequate fraud prevention systems are in place within an Organization. The Checkup list consists of the following:
- Is there a process for fraud oversight? To what extent are the Board of Directors and Audit Committee involved?
- Is there ownership of fraud risk? Are members of senior management responsible for managing fraud risk across the organization, and for communicating with all business unit managers that are responsible for managing risks within their areas?
- Is there an ongoing assessment of fraud risk?
- Are there tolerance metrics for fraud risk? Has the Board of Directors approved the tolerance for different types of fraud risk? Some fraud risks are more tolerable and are associated with the risk of doing business. Other fraud risks can create financial as well as unwanted and unacceptable reputational damage.
- Is there a management policy for fraud risk? Is there a policy approved by the Board of Directors that identifies the “risk owner” responsible for managing fraud risk and identifying which risks will be rejected (rejecting certain types of business, transferring to third parties, or internally managing the risk).
- Are there implemented measures for fraud risk? Are there measures to eliminate or minimize fraud risks identified in the risk assessment through process reengineering (segregation of duties, asset custody and recordkeeping/reporting transactions)? Are these measures designed to prevent, deter, and detect the fraud risks identified in the assessment?
- Is the environment in the workplace anti-fraud? Is there a strong emphasis on promoting ethical behavior deterring wrongdoing and encouraging all employees to communicate suspected or known wrongdoing to the appropriate person?
- Is there Proactive fraud detection? Are there fraud detection tests in place such as audit hooks and email monitoring?
There is a need for Organizations to create an environment, and implement appropriate controls for detecting fraud ahead of time
Every day businesses provide to their employees, peers and partners with internal resources, currency, checks, access to accounting systems, clients, and other proprietary information. An increasing “perception of detection” is widely believed to be the most effective fraud prevention method within an organization. How a business disseminates the perception that fraud is being monitored and detected will lessen the probability of occurrence. Directors, officers, and employees in an organization should ask themselves if what they are doing is legal, is it something permitted/encouraged in the organization and what could happen if the information goes public.
A Certified Fraud Examiner (CFE) can assist a business in the creation and implementation of an effective fraud prevention program
Have you consulted with a CFE to ensure that your Organization has the appropriate controls in place to manage fraud risk? ©