KEYS TO PROACTIVE FRAUD RISK MANAGEMENT

On the surface, the management of fraud risk shares many characteristics with the management of other risks. At a high level, fraud risk management involves the following components: identification of fraud risks, assessment of the risks, evaluation and improvement of fraud-related internal controls, and monitoring and auditing of ongoing performance of the fraud risk management process.

While these components mirror those applied in other areas of risk management, there are several unique considerations in applying them to the management of fraud risks. Additionally, an investigative function is a critical component of a fraud risk management programme that may not be present in all other areas of risk management.

A detailed exploration of the many elements that comprise each of these components is not possible in a short article. Rather, the approach here will be to point out a few areas where improvements can often be made to strengthen the fraud risk management process.

Consider risk drivers

Risk managers often begin the process by identifying specific fraud risks that the organisation may be susceptible to and then immediately jump into assessing those risks. An extremely valuable step to consider in connection with identifying risks, however, is to evaluate what drives fraud risk. Drivers of fraud risk impact both the nature of the frauds that a company is exposed to as well as the assessment factors, such as each risk’s likelihood or impact.

What do we mean by risk ‘drivers’? Drivers are events that give rise to new risks or changes in existing risks. Examples include: changes in technologies used by the organisation, changes in the people employed by the organisation and external developments such as changes in competition and economic factors.

Apr-Jun 2023 Issue

SCCE & HCCA