COSO updates fraud risk management guidance

The document offers strategies for deterrence.

Managing the risk of fraud is a challenge for organizations of all sizes.

A typical organization loses 5% of revenues in a given year as a result of fraud, according to the 2016 global fraud survey results contained in the Association of Certified Fraud Examiners' (ACFE) Report to the Nations on Occupational Fraud and Abuse.

But governing boards, senior management, staff at all levels, and internal auditors can deter fraud in their organizations by following guidance contained in a newly updated Fraud Risk Management Guide published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), of which the AICPA is a member. The ACFE co-sponsored the report.

The guide builds upon Managing the Business Risk of Fraud: A Practical Guide, which was published in 2008 by the AICPA, the Institute of Internal Auditors, and the ACFE. The updates consider recent developments in risk management practices, including information related to technology and data analytics.

The guide's executive summary, which is available at COSO's website (coso.org), explains that fraud deterrence is achieved when an organization implements a fraud risk management process that:

  • Establishes a visible and rigorous fraud governance process.
  • Creates a transparent and sound anti-fraud culture.
  • Includes a thorough fraud risk assessment periodically.
  • Designs, implements, and maintains preventive and detective fraud control processes and procedures.
  • Takes swift action in response to allegations of fraud, including actions against those involved in wrongdoing where appropriate.

SPONSORED REPORT

Tax reform complicates year-end tax planning

Get your clients ready for tax season with these year-end tax planning strategies, which address how to make the most of recent tax law changes, such as the new deduction for qualified business income and the cap on the deductibility of state and local taxes.

VIDEO

What RPA is and how it works

Robotic process automation is like an Excel macro that can work on multiple applications, says Danielle Supkis Cheek, CPA. RPA can complete routine, repetitive tasks such as data entry, freeing up employee time from lower-level chores.