Fraud Risk Management - Road Show in KL, Malaysia
by Tommy Seah, Chief Fraud Examiner at CFE-In-Practice on Mar 20, 2009
- 3,689 views
The Reason why u need FRA
Passage of the Sarbanes-Oxley Act (SOX) caused more and more companies, public and private, to assess their vulnerability to fraud and abuse. Section 404(a) of the Act requires management of public companies to assess and report on its internal financial reporting controls, largely to ensure that financial statements are fairly presented in accordance with generally accepted accounting principles (GAAP). Fraudulent financial reporting that leads to a material misstatement in the financial statements is one key risk management should assess. This assessment focuses on accounts, processes, GAAP disclosures and the assertions in the financial statements and other required disclosures. Countries in Asia do not necessarily have their own version of SOX. But they have seen the benefits in SOX in the prevention of occupational fraud. Fraud Risk Assessment is now an integral part of good corporate governance.
Such assessments aren’t new. Organizations have assessed business and organizational risks for years. But fraud risk analysis has rarely been the primary focus. Times have changed, and now many companies and organizations are considering conducting specific fraud risk assessments.
Prevent, Deter and Detect Fraud
A fraud risk assessment is designed to examine the controls specifically created to prevent, deter and detect fraud. This assessment is fraud scheme and scenario-based. Fraud risk assessments also communicate a companywide policy of zero tolerance for fraud and abuse.
To conduct an effective fraud risk assessment, follow these steps:
1. Organize and define the assessment objectives with company management and your internal audit committee. Form a team of fraud and control experts, and get senior management and audit committee buy-in: Ask them to communicate their endorsement and sponsorship of both the process and a strong antifraud program to the entire organization.
2. Determine the business and accounting process(es) to be assessed and investigated. Usually, the initial processes selected are those where fraud or abuse has previously occurred or that management has identified as critical business processes that may be susceptible to fraud or abuse.
3. Identify potential schemes and scenarios specific to the process(es) to be examined against current controls. Fraud schemes and scenarios should be selected based on the specific business process, the industry, physical location of the process operation and any known frauds or abuses concerning the process.
4. Determine the likelihood of a fraud occurring within each scheme and scenario. The Public Company Accounting Oversight Board has defined risk levels as remote, more than remote or reasonably possible, and probable. If assessing a public company, assess the risk levels in relation to SOX compliance efforts.
5. After the fraud risks for individual processes have been identified, documented, and rated as to risk level, match the controls within each process to the identified fraud risks. Determine the effectiveness of each control in preventing or providing a means of early detection for the fraud risk. Group the risks as to their probability of occurring within the process.
6. Estimate the probable loss in dollars should the fraud or abuse occur. Try to place a value on loss of reputation if that is a possible outcome.
7. Prepare recommendations for strengthening controls and present to management.
Fraud Risk Assessment Benefits
Some benefits of a fraud risk assessment are obvious — compliance with Sarbanes-Oxley, protection of company assets, and a possible increase in profitability due to a reduction in fraud losses, waste and abuse. But another important benefit doesn’t appear in financial statements or government filings: the enhanced reputation of a highly ethical company that supports a strong internal and external antifraud policy and program.
- Total Views
- Views on SlideShare
- Embed Views