fraud risk management › uploadedfiles › acfe_website › content › ...fraud risk management...
TRANSCRIPT
© 2020 Association of Certified Fraud Examiners, Inc.
Fraud Risk Management
Ensuring Fraud Awareness
© 2020 Association of Certified Fraud Examiners, Inc.
Discussion Questions
1. What companywide policies does your
organization have in place to address the risks
of fraud? How are these policies disseminated
to employees? Who is responsible for ensuring
compliance with these policies?
© 2020 Association of Certified Fraud Examiners, Inc.
Discussion Questions
2. What information is communicated to
employees in your organization regarding fraud
risks and procedures for reporting suspected
fraud? What methods are used to disseminate
this information?
© 2020 Association of Certified Fraud Examiners, Inc.
Learning Objectives
▪ Understand how to implement effective
employee anti-fraud training.
▪ Recognize the need for and components
of an effective ethics policy, code of conduct,
anti-fraud policy, and whistleblower policy.
▪ Understand how to provide support to
employees who are facing ethical dilemmas.
© 2020 Association of Certified Fraud Examiners, Inc.
Introduction
▪ Employees must
see fraud prevention
and detection as
part of the daily
responsibilities of
employees at all
levels of the
organization.
© 2020 Association of Certified Fraud Examiners, Inc.
Introduction
▪ A fraud awareness program should include:
• A written ethics policy
• Active support of employees with ethical questions
• Ongoing employee education
• A well-publicized reporting mechanism
• Swift and public action in the case of violations
• Monitoring of the overall program’s effectiveness
© 2020 Association of Certified Fraud Examiners, Inc.
Control Activities
▪ Third component of COSO IC 2013
▪ Relates to each of the next three sections:
• Ensuring fraud awareness
• Specific transaction-level controls
• Using automated continuous monitoring tools
© 2020 Association of Certified Fraud Examiners, Inc.
Fraud Risk Management Principle No. 3—
Fraud Control Activities
▪ The organization selects, develops, and
deploys preventive and detective fraud control
activities to mitigate the risk of fraud events
occurring or not being detected in a timely
manner.
© 2020 Association of Certified Fraud Examiners, Inc.
Fraud Control Activities—
Points of FocusPromotes fraud
deterrence through preventive and
detective control activities
Integrates with the fraud risk
assessment
Considers organization-specific factors and relevant business processes
Considers the application of
control activities to different levels of the organization
Uses a combination of fraud control
activities
Considers management
override of controls
Uses proactive data analytics
procedures
Deploys control activities through
policies and procedures
© 2020 Association of Certified Fraud Examiners, Inc.
Using a Combination of Controls
▪ HR-related controls:
• Perform background investigations.
• Provide fraud risk management training.
• Evaluate performance and compensation
programs.
• Conduct annual employee surveys.
• Conduct exit interviews.
• Utilize whistleblower systems.
© 2020 Association of Certified Fraud Examiners, Inc.
Employee Anti-Fraud Education
▪ Establishes and reinforces the tone at the top
▪ Often the responsibility of the HR department:
• Could also involve legal, ethics office, etc.
▪ Effectiveness depends largely on mandatory
attendance with periodic updates and refresher
sessions
© 2020 Association of Certified Fraud Examiners, Inc.
Who Should Attend?
▪ Every employee
should be required
to attend—no
exemptions.
▪ Managers and
executives should
receive special
training.
© 2020 Association of Certified Fraud Examiners, Inc.
Frequency and Length of Training
▪ Frequent exposure is key.
▪ Training should be an ongoing process.
▪ Training should begin at the time of hire.
▪ Refresher training should be held at least
annually.
• Employees should sign an annual statement
acknowledging their understanding of and
commitment to the program.
© 2020 Association of Certified Fraud Examiners, Inc.
Training Delivery Methods
▪ Live, in-class instruction (preferred)
▪ Recorded video or animation
▪ Interactive self-study
▪ Informal communications for reinforcement:
• Periodic newsletters
• Posters in break rooms
• Other casual reminders
▪ Cascading training
© 2020 Association of Certified Fraud Examiners, Inc.
Topics to Cover
▪ Focus on the
organization’s
specific risks.
▪ Provide employees
with practical,
implementable
knowledge.
© 2020 Association of Certified Fraud Examiners, Inc.
Topics to Cover
▪ What fraud is and what it is not
▪ How fraud hurts the organization
▪ How fraud hurts employees
▪ Who perpetrates fraud
▪ How to identify fraud
▪ How to report fraud
▪ The punishment for dishonest acts
© 2020 Association of Certified Fraud Examiners, Inc.
Ethics Policy
▪ Provide a framework for ethical behavior.
▪ Set forth organization’s purpose and core
values.
▪ Define a standard of conduct to guide
employees in making decisions.
▪ Explain how to report violations.
▪ Include an anti-retaliation policy.
▪ Discuss penalties for violations.
© 2020 Association of Certified Fraud Examiners, Inc.
Ethics Policy
▪ Include input from both management and
employees.
▪ Communicate the policy to all personnel in
clear, simple language.
▪ Make the policy easily accessible for quick
reference.
© 2020 Association of Certified Fraud Examiners, Inc.
Ethics Policy
▪ Components to consider:
• Emails and voice mails
• Desks and lockers
• Video surveillance
• Proprietary information
• Managerial performance
benchmarks
• Document retention policies
• Credit reports
• Social media
© 2020 Association of Certified Fraud Examiners, Inc.
Code of Conduct
▪ Might be in the same document or separate
document from ethics policy
▪ Lays out the general expectations of behavior
▪ References ethics policy and other policies and
procedures with which the staff is expected to
comply
© 2020 Association of Certified Fraud Examiners, Inc.
Code of Conduct
▪ Organization should have formal processes in
place for employees to:
• Explicitly affirm that they have read, understood, and
complied with the code of conduct.
• Self-report any potential or existing conflicts of
interest.
• Report misconduct and be accountable for this
responsibility.
© 2020 Association of Certified Fraud Examiners, Inc.
Anti-Fraud Policy
▪ Separate, formal anti-fraud policy sends a
strong message about the anti-fraud stance.
▪ Includes:
• A definition of fraudulent acts
• Specific examples
• Explicit prohibition of kickbacks and false time
reporting
• Consequences for fraudulent acts
© 2020 Association of Certified Fraud Examiners, Inc.
Whistleblower Policy
▪ Makes clear that whistleblowers will not be fired
and that retaliation against them is prohibited
▪ Should explicitly state the expectation for
treatment of whistleblowers and the
consequences for disobeying the policy
© 2020 Association of Certified Fraud Examiners, Inc.
Supporting Employees
▪ Offer guidance on how to
solve ethical dilemmas.
▪ Provide employee
support and counseling
programs.
© 2020 Association of Certified Fraud Examiners, Inc.
Supporting Employees