Fraud is now so common that its occurrence is no longer remarkable, only its scale.
Any organization that fails to protect itself faces increased vulnerability to fraud.
It is common for all of us to welcome in a new year by making resolutions and plans. That makes the beginning of 2016 an opportune time for ethics and compliance professionals to assess potential fraud risks and to evaluate their firms’ readiness to prevent those risks from occurring.
The Association of Certified Fraud Examiners (ACFE) provides a helpful tool—its “Fraud Prevention Check-Up” questionnaire (ACFE, 2012). The purpose of ACFE’s check-up is to help an organization and its ethics and compliance staff to identify any major gaps in its fraud prevention processes. “There is no passing grade other than 100 points,” according to ACFE, because any missing points could identify essential prevention measures that the firm is not taking advantage of.
Questions fall into the following categories. Each category contains examples and scoring recommendations, to aid those involved in the assessment to arrive at a meaningful score.
Risk oversight: To what extent has the organization established a process for oversight of fraud risks by the board of directors or others charged with governance?
Risk ownership: To what extent has the organization created “ownership” of fraud risks by identifying a member of senior management as having responsibility for managing all risks within the organization and by explicitly communicating to business unit managers that they are responsible for managing risks within their area?
Risk assessment: To what extent has the organization implemented an ongoing process for regular identification of the significant fraud risks to which it is exposed?
Risk tolerance and risk management policy: To what extent has the organization identified and had approved by the board of directors its tolerance for different types of fraud risks and a policy on how it will manage its fraud risks?
Process-level anti-fraud controls/reengineering: To what extent has the organization implemented measures to eliminate or reduce through process reengineering each of the significant fraud risks identified in its risk assessment? To what extent has the organization implemented measures at the process level designed to prevent, deter, and detect each of the significant risks identified in its risk assessment?
Environment-level anti-fraud controls: To what extent has the organization implemented a process to promote ethical behavior, deter wrongdoing, and facilitate two-way communication on difficult issues?
Proactive detection: To what extent has the organization established a process to detect, investigate, and resolve potentially significant fraud?
Armed with the results of this general assessment, ethics and compliance professionals can dig deeper into significant areas of risk and take steps to introduce appropriate fraud prevention measures to address those risks.
Ethical Advocate provides comprehensive ethics and compliance solutions, including ethics and compliance training and confidential and anonymous hotlines. Please contact us for additional information.
Association of Certified Fraud Examiners. “ACFE Fraud Prevention Check-Up”, 2012. http://www.acfe.com/uploadedFiles/ACFE_Website/Content/documents/Fraud_Prev_Checkup_DL.pdf