Fraud Risk Management

Similar documents
ERM: Risk Maps and Registers. Performing an ISO Risk Assessment

Sample Corporate Risk Management Policy

Fraud Risk Management

2013 COSO Internal Control Framework Update. September 5, 2013

Fraud Risk Management

COSO Framework Update Webcast. May 23, 2013

The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)

Audit Training-of-Trainers Workshop, November 2014, Vienna Components of internal control within organization

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

Sample Strategy and Value Oversight Policy

2013 New COSO 2013 Framework and Current Trends in Risk Management

Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009

Enterprise Risk Management And Beyond. Copyright WHA Insurance

Advisory Services Governance, Risk & Compliance

Internal Control Integrated Framework. An IAASB Overview September 2016

Internal Control Integrated Framework. An IAASB Overview September 2016

Enhanced Risk Management Policy

IDI Internal Control System

METROPOLITAN TRANSPORTATION AUTHORITY

SAMPLE BEC SuperfastCPA Review Notes

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

This policy establishes the approach to risk management at Sunshine Coast Council (Council) and outlines the guiding principles and framework.

Informal Consultation on Oversight Matters. September 2017

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

What s New In GAO s Revised Greenbook

Financial Management in the Federal Government:

A Discussion About Internal Controls February 2016

Continuous Auditing. What This Guide Covers. What This Guide Covers. What This Guide Covers. Environment Check. A Brief History

Session 7: Corporate Governance

Contract and Procurement Fraud. Detection and Prevention

Texas Tech University System

Internal Control Integrated Framework. May 2013

RISK MANAGEMENT REPORT

Strengthening Your Enterprise Risk Management Process

IPPF Practice Guide. Assessing the Adequacy of

Risk Management Update ISO Overview and Implications for Managers

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices

Enterprise Risk Management

AUDITING. Auditing PAGE 1

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

Audit of Entity Level Controls

COSO ERM: Integrating with Strategy and Performance. Michael Parkinson

Enterprise Risk Management Aligning Risk With Strategy and Performance

Research paper on risk management in the light of the results of the global survey of 2012

RISK MANAGEMENT FRAMEWORKS: Adapt, Don t Adopt. Here s a primer on how to use two well-known approaches.

Board Corporate Governance and Risk Committee

COSO 2013: Updated internal control framework

Table of Contents. Preface xi. Acknowledgments xv. Chapter 1: What We All Share 1. Need for Control Criteria 1

Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, :45 p.m. 4:45 p.m.

UNHCRlHCP/ Antonio Guterres, United Nations High Commissioner for Refugees. Approval date: _::t_~_-_1-:...-_u_l--,~~_

ERM: Mandate & Commitment in 60 Minutes

Interpreting the Energy Risks from EY s 2016 Global Fraud Survey

B U S I N E S S R I S K M A N A G E M E N T L T D

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

ERM for Small to Mid-sized Companies

NYSARC/CP Compliance Seminar: Risk Assessments. May 2, 2016 Robert Hussar and Melissa Zambri

Anti-Fraud Programs and Control Policy

ERM Retooled: Driving Performance by Revising and Enhancing Risk Management Governance Wipfli LLP

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

Charter for Enterprise Risk Management

To: Identify your chief goals and objectives Identify risks Prioritize the risks to achieving objectives Determine which controls/processes to review

The Ins and Outs: Audits Under FDICIA. Jennifer Gureckis and Kaylyn Landry BerryDunn February 27, 2018

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

WFP s 2018 enterprise risk management policy

Introductions. Enterprise Risk Management. Thinus Nienaber. Why are You here? Where are You coming from? Where are You going?

Enterprise Risk Management Integrated with Strategy & Performance

Fear, Uncertainty, Doubt

Advisory on UNESCO s Enterprise Risk Management. Internal Oversight Service Audit Section. IOS/AUD/2016/05 Original: English.

POLICY ON RISK MANAGEMENT

Key Risks and Risk Based Management Update

Community Bankers Conference

ISO 31000:2009(E):Risk Management Principles and Guidelines

REPORT 2015/077 INTERNAL AUDIT DIVISION

Ethics & Governance Program Plan 2019

UN-HABITAT ENTERPRISE RISK MANAGEMENT IMPLEMENTATION GUIDELINES

COSO Internal Control Integrated Framework update. INTOSAI Subcommittee on Internal Control Standards

Effective implementation of COSO s new anti-fraud guidance

Executive Teams and the Use of ISO in Decision Making. Scott Wightman, ARM-E National Director Gallagher ERM Practice

The Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be

Critical Success Factor in ERM Implementation

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

EFFICIENT USE OF AUDIT COMMITTEES

Enterprise Risk Management Assessment Results

RAISING THE STANDARD THE NEW ISO RISK MANAGEMENT STANDARD

Risk Management Policy

Statement on Risk Management and Internal Control

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued a

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Taking ERM to a. 6 GRC Today / October 2015

RISK MANAGEMENT FRAMEWORK OF THE CGIAR SYSTEM

San Francisco Chapter. Presented by Scott Perry - Slalom Consulting

Bearing the Bad News Reporting to the Board on Internal Corruption. Peter Dent, National Leader Deloitte Forensics September 11, 2013

Risk Management Policy

Appendix A. Simplified Sample Entity-Level Control Matrices

Establishing Enterprise Risk Management in

Why BSI? Our products and services. To find out more visit: bsigroup.com/en-au. Conclusion

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

RSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT

Transcription:

Fraud Risk Management Fraud Risk Management Overview 2017 Association of Certified Fraud Examiners, Inc.

Discussion Questions 1. Does your organization follow a specific risk management model? If so, which one? Do you think this model adequately addresses the risks your organization faces? Why or why not? 2017 Association of Certified Fraud Examiners, Inc. 2 of 27

Discussion Questions 2. What are some of the risks your organization faces? Where does the risk of fraud fit into your organization s risk hierarchy? 2017 Association of Certified Fraud Examiners, Inc. 3 of 27

Discussion Questions 3. Does your organization have a formal risk management function? If so, are anti-fraud initiatives integrated into the risk management initiatives? 2017 Association of Certified Fraud Examiners, Inc. 4 of 27

Discussion Questions 4. How does your organization categorize the risks that are identified in the risk management process? 2017 Association of Certified Fraud Examiners, Inc. 5 of 27

Learning Objectives Analyze the current state of the risk management landscape. Compare different risk management frameworks. Recognize what fraud risk is and the factors that influence it. Understand the reasons for effectively managing fraud risk. Determine who is responsible for managing fraud risk within an organization. 2017 Association of Certified Fraud Examiners, Inc. 6 of 27

Introduction to Risk Management Risk management involves: Identification of risks Prioritization of risks Treatment of risks Monitoring of risks 2017 Association of Certified Fraud Examiners, Inc. 7 of 27

Introduction to Risk Management Balances risk appetite with the ability to meet strategic, operational, reporting, and compliance objectives Requires a proactive, rather than reactive, approach 2017 Association of Certified Fraud Examiners, Inc. 8 of 27

2016 Report on Current State of Risk Management Initiatives Risk management initiatives appear relatively immature: 25% describe their risk management implementation as systematic, robust, and repeatable. 40% described their risk management processes as very immature or developing. 2017 Association of Certified Fraud Examiners, Inc. 9 of 27

2016 Report on Current State of Risk Management Initiatives 56% are minimally or not at all satisfied with the nature and extent of reporting of key risk indicators to senior executives. More than half do not have risk oversight activities formally assigned to a board subcommittee. Boards of directors are placing greater expectations on management to strengthen risk oversight. 2017 Association of Certified Fraud Examiners, Inc. 10 of 27

Risk Management Frameworks An entity s risk management program should be specifically tailored to its unique needs. However, the use of a framework can provide guidance and structure in developing the program. 2017 Association of Certified Fraud Examiners, Inc. 11 of 27

COSO Enterprise Risk Management Integrated Framework (2004) 1. Internal environment 2. Objective setting 3. Event identification 4. Risk assessment 5. Risk response 6. Control activities 7. Information and communication 8. Monitoring 2017 Association of Certified Fraud Examiners, Inc. 12 of 27

COSO Enterprise Risk Management Integrated Framework (2004) 2017 Association of Certified Fraud Examiners, Inc. 13 of 27

COSO Enterprise Risk Management: 2016 Draft Revision Five interrelated components: 1. Risk governance and culture 2. Risk, strategy, and objective-setting 3. Risk in execution 4. Risk information, communication, and reporting 5. Monitoring enterprise risk management performance 2017 Association of Certified Fraud Examiners, Inc. 14 of 27

ISO 31000 Lays out 11 principles of effective risk management Provides guidance on developing both a framework and a process for managing risk that is based on those principles 2017 Association of Certified Fraud Examiners, Inc. 15 of 27

ISO 31000:2009 Risk Management Principles Creates value Integral part of organizational processes Part of decision making Explicitly addresses uncertainty Systematic, structured, and timely Based on the best available information Tailored Takes human and cultural factors into account Transparent and inclusive Dynamic, iterative, and responsive to change Facilitates continual improvement and enhancement 2017 Association of Certified Fraud Examiners, Inc. 16 of 27

ISO 31000:2009 (Source: ISO 31000:2009, Risk Management Principles and Guidelines ) 2017 Association of Certified Fraud Examiners, Inc. 17 of 27

Choosing a Risk Management Framework Might start with COSO or ISO framework as is But should customize to the organization and its needs based on: Organizational structure Nature of operations Environment(s) Size Nature of risks 2017 Association of Certified Fraud Examiners, Inc. 18 of 27

Fraud Risk Management Guide 2016 Published by COSO in collaboration with ACFE Five principles of FRM One aligned with each of the five components of internal control Supported by individual points of focus for each principle Not formally linked to COSO ERM 2016D, but several obvious connections 2017 Association of Certified Fraud Examiners, Inc. 19 of 27

IC FRM ERM IC 2013 Component FRM 2016 Principle ERM 2016D Component Control environment The organization establishes and communicates a Fraud Risk Management program that demonstrates the expectations of the board of directors and senior management and their commitment to high integrity and ethical values regarding managing fraud risk. Risk governance and culture Risk assessment The organization performs comprehensive fraud risk assessments to identify specific fraud schemes and risks, assess their likelihood and significance, evaluate existing fraud control activities, and implement actions to mitigate residual fraud risks. Risk, strategy and objective-setting 2017 Association of Certified Fraud Examiners, Inc. 20 of 27

IC FRM ERM IC 2013 Component FRM 2016 Principle ERM 2016D Component Control activities The organization selects, develops, and deploys preventive and detective fraud control activities to mitigate the risk of fraud events occurring or not being detected in a timely manner. Risk in execution Information & communication The organization establishes a communication process to obtain information about potential fraud and deploys a coordinate approach to investigation and corrective action to address fraud appropriately and in a timely manner. Risk information, communication & reporting 2017 Association of Certified Fraud Examiners, Inc. 21 of 27

IC FRM ERM IC 2013 Component FRM 2016 Principle ERM 2016D Component Monitoring activities The organization selects, develops, and performs ongoing evaluations to ascertain whether each of the five principles of fraud risk management is present and functioning and communicates Fraud Risk Management Program deficiencies in a timely manner to parties responsible for taking corrective action, including senior management and the board of directors. Monitoring risk management performance 2017 Association of Certified Fraud Examiners, Inc. 22 of 27

IC FRM ISO 31000 IC 2013 Component FRM 2016 Principle ISO 31000 Framework ISO 31000 Process Control environment The organization establishes and communicates a Fraud Risk Management program that demonstrates the expectations of the board of directors and senior management and their commitment to high integrity and ethical values regarding managing fraud risk. Mandate and commitment (4.2) Design of framework for managing risk (4.3) Establish the context (5.3) Risk assessment The organization performs comprehensive fraud risk assessments to identify specific fraud schemes and risks, assess their likelihood and significance, evaluate existing fraud control activities, and implement actions to mitigate residual fraud risks. Design of framework for managing risk (4.3) Implementing risk management (4.4) Risk Assessment (5.4): Identification Analysis Evaluation 2017 Association of Certified Fraud Examiners, Inc. 23 of 27

IC FRM ISO 31000 IC 2013 Component FRM 2016 Principle ISO 31000 Framework ISO 31000 Process Control activities The organization selects, develops, and deploys preventive and detective fraud controls activities to mitigate the risk of fraud events occurring or not being detected in a timely manner. Implementing risk management (4.4) Risk Treatment (5.5) Information and communication The organization establishes a communication process to obtain information about potential fraud and deploys a coordinate approach to investigation and corrective action to address fraud appropriately and in a timely manner. Implementing risk management (4.4) Monitoring and review of the framework (4.5) Communication and Consultation Throughout the Process (5.2) 2017 Association of Certified Fraud Examiners, Inc. 24 of 27

IC FRM ISO 31000 IC 2013 Component FRM 2016 Principle ISO 31000 Framework ISO 31000 Process Monitoring activities The organization selects, develops, and performs ongoing evaluations to ascertain whether each of the five principles of fraud risk management is present and functioning and communicates Fraud Risk Management Program deficiencies in a timely manner to parties responsible for taking corrective action, including senior management and the board of directors. Monitoring and review of the framework (4.5) Continual improvement of the framework (4.6) Monitoring and Review of Controls, Risks, etc. (5.6) 2017 Association of Certified Fraud Examiners, Inc. 25 of 27

IC ISO 31000 2017 Association of Certified Fraud Examiners, Inc. 26 of 27

The Fraud Risk Management Process Establish a fraud risk management policy as part of organizational governance. Monitor the fraud risk management process, report results, and improve the process. Perform a comprehensive fraud risk assessment. Establish a fraud reporting process and coordinated approach to investigation and corrective action. Select, develop, and deploy preventive and detective fraud control activities. 2017 Association of Certified Fraud Examiners, Inc. 27 of 27

What Is Fraud Risk? The vulnerability that an organization has to those capable of overcoming the three elements of the fraud triangle Comes from both internal and external sources Differs from other risks because fraud, by definition, entails intentional misconduct designed to evade detection 2017 Association of Certified Fraud Examiners, Inc. 28 of 27

Types of Fraud Risk Inherent risk risk present before management takes action Residual risk risk that remains after management takes action 2017 Association of Certified Fraud Examiners, Inc. 29 of 27

Factors Influencing Fraud Risk The nature of the business Economic conditions The operating environment The ethics and values of the company and its people Technology The legal environment The effectiveness of internal controls 2017 Association of Certified Fraud Examiners, Inc. 30 of 27

Who Is Responsible for Managing Fraud Risk? Team responsible for executing, monitoring, and ensuring success: Executive management Internal audit Audit committee Investigations group Compliance Controller s group IT Security Legal department Human resources 2017 Association of Certified Fraud Examiners, Inc. 31 of 27

Who Is Responsible for Managing Fraud Risk? The team should have a designated leader. Synergy and communication are keys. 2017 Association of Certified Fraud Examiners, Inc. 32 of 27

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback