Managing the Business Risk of fRaud: a PRactical guide

exeCUtiVe SUmmary As noted, fraud is any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain. Regardless of culture, ethnicity, religion, or other factors, certain individuals will be motivated to commit fraud. A 2007 Oversight Systems study5 discovered that the primary reasons why fraud occurs are “pressures to do ‘whatever it takes’ to meet goals” (81 percent of respondents) and “to seek personal gain” (72 percent). Additionally, many respondents indicated that “they do not consider their actions fraudulent” (40 percent) as a reason for wrongful behavior. Only through diligent and ongoing effort can an organization protect itself against significant acts of fraud. Key principles for proactively establishing an environment to effectively manage an organization’s fraud risk include: principle 1: as part of an organization’s governance structure, a fraud risk management program6 should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk. principle 2: Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate. principle 3: prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization. principle 4: Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized. principle 5: a reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely. The following is a summary of this guide, which provides practical evidence for organizations committed to preserving stakeholder value. This guide can be used to assess an organization’s fraud risk management program, as a resource for improvement, or to develop a program where none exists.