The Strategic Approach to Managing Fraud Risk
Best Practice Guidance
In 2008, an important piece of anti-fraud guidance was published entitled “Managing the Business Risk of Fraud: A Practical Guide”.1 This work was sponsored jointly by: The Institute of Internal Auditors, the American Institute of Certified Public Accountants, and the Association of Certified Fraud Examiners. This guidance makes the key point that “diligent and on-going effort” is needed if an organisation is to protect itself against significant fraud threats. It sets out five key principles for proactive fraud risk management as follows:
- Principle 1: a fraud risk management programme should be in place, as part of the organisation's governance structure. This will include a written policy stating the expectations of the board of directors and senior management regarding managing fraud risk.
- Principle 2: there should be an assessment of fraud risk carried out by the organisation periodically to identify specific threats and changes to the risk profile that need to be controlled and mitigated.
- Principle 3: the organisation should have prevention controls and techniques in place to avoid potential key fraud risk events.
- Principle 4: the organisation should have detective controls and techniques available to uncover fraud events when preventative measures fail or unmitigated risks are realised.
- Principle 5: a reporting process should be in place, together with a coordinated approach to investigation and corrective ...
Get Managing Fraud Risk: A Practical Guide for Directors and Managers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
