Fraud Risk Management Flashcards
What are BOD’s responsibilities pertaining to fraud risk management?
Setting realistic expectations of management to enforce an anti fraud culture
gaining knowledge of organisation activities and environments in which it operates
raising awareness of the risks of fraud throughout organisation
overseeing organisation’s fraud risk management activities
developing strategies to assess and manage fraud risks
maintaining open communication
What does a fraud risk management program include?
There should be measures in place to address failures in the design or operation of anti-fraud controls, as well as fraud occurrences
Formal sanctions for intentional noncompliance must be well-publicized and carried out in a consistent and firm manner
A specific team or individual should be designated as responsible for monitoring compliance and handling suspected instances of noncompliance
What is a statement of commitment?
When BOD and senior management provide a formal statement to convey their dedication to the fraud risk management program.
The statement of commitment should:
Be endorsed or authored by a senior executive or board member.
Be provided to employees as part of the orientation process and be reissued periodically.
Stress the importance of fraud risk mitigation.
Acknowledge the organization’s vulnerability to fraud.
Establish the responsibility of each person within the organization to support fraud risk management efforts.
Reinforce management’s “no tolerance” stance on fraudulent behavior.
What are the 8 principles for risk management?
The following eight ISO 31000:2018 principles provide that an effective and efficient risk management program:
Is integrated into all organizational activities
Is structured and comprehensive
Is customized and proportionate to the organization’s operations and objectives
Is inclusive and provides for appropriate and timely consideration of stakeholders’ knowledge, views, and perceptions
Is dynamic and responsive to change
Is based upon the best available information
Takes human and cultural factors into account
Facilitates continuous improvement
What should all levels of staff, including management, do as part of the fraud risk management program?
Understand the organization’s ethical culture and the organization’s commitment to that culture.
Have a basic understanding of fraud and be aware of the red flags.
Understand their individual roles within the organization’s fraud risk management framework, how their job procedures are designed to manage fraud risks, and when noncompliance might create an opportunity for fraud to occur or go undetected.
Read and understand policies and procedures such as the organization’s fraud policy, code of conduct, whistleblower policy, procurement manuals, etc.
As required, participate in creating a strong control environment, designing and implementing fraud control activities, and monitoring activities.
Report suspicions or incidences of fraud.
Cooperate in investigations.
What is risk management?
weighing an organization’s strategic, operational, reporting, and compliance objectives against how much risk management is willing to accept.
involves the identification, prioritization, treatment, and monitoring of risks that threaten an organization’s ability to provide value to its stakeholders
What are the 5 fraud risk management principles?
fraud risk governance (organisation establishes and communicates a fraud risk management program)
fraud risk assessment (organisation performs comprehensive fraud risk assessments to identify specific fraud schemes and risks, assess likelihood and significance, evaluate existing fraud control activities and implement actions to mitigate residual fraud risks)
fraud control activities
fraud investigation and corrective action
fraud risk management monitoring activities (organisation selects, develops and performs ongoing evaluations to ascertain whether each of the 5 principles is present and functioning)
What should fraud risk management programs focus on?
detecting fraud
preventing fraud
responding to identified fraud
What is enterprise risk management?
the culture, capabilities, and practices, integrated with strategy-setting and its performance, that organizations rely on to manage risk in creating, preserving, and realizing value.
What are the 5 components of the ERM Framework>
Governance and culture
Strategy and objective setting
Performance
Review and revision
Information, communication, and reporting
What are the 10 essential components for effectively managing fraud risk?
Statement of commitment—a written statement of commitment to the program from the board of directors and senior management
Fraud awareness—a formal fraud risk awareness program for all employees
Affirmation process—a requirement for directors, employees, and contractors to explicitly affirm that they have read, understood, and complied with the organization’s code of conduct and fraud risk management program
Conflict disclosure—a mechanism for directors, employees, and contractors to self-disclose to the organization any potential or actual conflicts of interest
Fraud risk assessment—the proactive identification and assessment of the organization’s fraud risks
Reporting procedures and whistleblower protection—mechanisms and support for receiving fraud allegations from employees and other parties
Investigation process—a formalized process that is undertaken following all reports of suspected fraud
Corrective action—policies that reflect the consequences and processes for individuals who commit or condone fraudulent activity and that identify and remediate any control deficiencies that allowed the fraud to occur
Process evaluation and improvement (quality assurance)—formal procedures to periodically evaluate the fraud risk management program’s effectiveness
Continuous monitoring—ongoing review of the program to ensure it is addressing the organization’s current needs and risks
What are the audit committee’s responsibilities for fraud risk management?
Receiving regular reports on the status of reported or alleged fraud
Being aware of fraud risks that are common in the organization’s industry
Meeting regularly with key internal parties (e.g., the chief audit executive or other senior financial persons) to discuss identified fraud risks and the steps being taken to prevent and detect fraud
Understanding how internal and external audit strategies address fraud risk
Providing external auditors with evidence that the audit committee is dedicated to effective fraud risk management
Engaging in open conversations with external auditors about any known or suspected fraud
Seeking advice of legal counsel whenever it deals with allegations of fraud
What factors does management have to balance to determine the program’s objectives?
Managements risk appetite (should express risk appetite in a manner that is appropriate for and unique to the organization’s culture and operations)
The investment in anti-fraud controls (must balance the investment in anti-fraud controls with the benefit of those controls and the amount of risk it is willing to accept)
The prevention of frauds that are material in nature or amount (should examine previous fraud occurrences to determine how the ideal fraud risk management program would have prevented them)
