Managing the risk of fraud is a challenge for organizations of all sizes.
A typical organization loses 5% of revenues in a given year as a result of fraud, according to the 2016 global fraud survey results contained in the Association of Certified Fraud Examiners' (ACFE) Report to the Nations on Occupational Fraud and Abuse.
But governing boards, senior management, staff at all levels, and internal auditors can deter fraud in their organizations by following guidance contained in a newly updated Fraud Risk Management Guide published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), of which the AICPA is a member. The ACFE co-sponsored the report.
The guide builds upon Managing the Business Risk of Fraud: A Practical Guide, which was published in 2008 by the AICPA, the Institute of Internal Auditors, and the ACFE. The updates consider recent developments in risk management practices, including information related to technology and data analytics.
The guide's executive summary, which is available at COSO's website (coso.org), explains that fraud deterrence is achieved when an organization implements a fraud risk management process that:
- Establishes a visible and rigorous fraud governance process.
- Creates a transparent and sound anti-fraud culture.
- Includes a thorough fraud risk assessment periodically.
- Designs, implements, and maintains preventive and detective fraud control processes and procedures.
- Takes swift action in response to allegations of fraud, including actions against those involved in wrongdoing where appropriate.