This should be read in conjunction with the Presentation uploaded by me for Fraud Risk Assessments. This was presented along with presentation at the ACFE Middle East 2016 conference at Dubai by me
In these slides we discuss the three aspects to committing fraud that are found in the fraud triangle and some steps that can be taken to begin a fraud risk assessment.
I presented this at ACFE Middle East conference in Dubai on 15th Feb 2016. I would also attach another document which has some other relevant details and was provided to participants.
Fraud Risk Assessment: An Expert’s BlueprintFraudBusters
Webinar series from FraudResourceNet LLC on Preventing and Detecting Fraud in a High Crime Climate. Recordings of these Webinars are available for purchase from our Website fraudresourcenet.com
This Webinar focused on the subject in the title
FraudResourceNet (FRN) is the only searchable portal of practical, expert fraud prevention, detection and audit information on the Web.
FRN combines the high quality, authoritative anti-fraud and audit content from the leading providers, AuditNet ® LLC and White-Collar Crime 101 LLC/FraudAware.
In these slides we discuss the three aspects to committing fraud that are found in the fraud triangle and some steps that can be taken to begin a fraud risk assessment.
I presented this at ACFE Middle East conference in Dubai on 15th Feb 2016. I would also attach another document which has some other relevant details and was provided to participants.
Fraud Risk Assessment: An Expert’s BlueprintFraudBusters
Webinar series from FraudResourceNet LLC on Preventing and Detecting Fraud in a High Crime Climate. Recordings of these Webinars are available for purchase from our Website fraudresourcenet.com
This Webinar focused on the subject in the title
FraudResourceNet (FRN) is the only searchable portal of practical, expert fraud prevention, detection and audit information on the Web.
FRN combines the high quality, authoritative anti-fraud and audit content from the leading providers, AuditNet ® LLC and White-Collar Crime 101 LLC/FraudAware.
Tips for Implementing a Whistleblower HotlineCase IQ
Shannon Walker, President of Whistleblower Security, shares tips for setting up a whistleblower hotline and answers some important questions and concerns often brought up when implementing and maintaining a whistleblower program.
To watch the entire webinar, visit: http://i-sight.com/webinar-how-to-set-up-a-whistleblower-hotline/
Operational Risk Management under BASEL eraTreat Risk
Operational risk have always ignored by Banks as they thought Credit and market risks can cause catastrophe. But history of misfortunes taught us different lessons. Controls and internal audit have long been construed as guard till BASEL II dictates forced banks to look with insight. Understand the dimension of ORM in this presentation.
Operational Risk : Take a look at the raw canvasTreat Risk
Operational risks by banks have never been recognised till BASEL II imposed on banks to look forward. Take a look at the broad canvas of Operational risks applicable for banks
Risk assessment and management seminar presented 18 March 2015 for Nepali bankers and government officials. Basel III compliance issues addressed with recent examples from Thailand, US, and Nepal.
How to Create a Risk Profile for Your Organization: 10 Essential StepsCase IQ
Understanding your organization’s risks is the first step in developing an effective anti-corruption compliance program. But for many businesses, identifying and understanding their risks is a complex process, involving research, analysis and cooperation from all levels of the organization. Since every company needs a robust compliance program, an effective risk analysis is crucial. The consequences of getting this step wrong can be astronomical.
Join anti-corruption experts Marc Tassé and Patrice Poitevin, as they outline the steps and tools necessary to create a risk profile for your organization.
The webinar will cover:
Tools to help determine areas of risk
Factors to evaluate
The importance of due diligence once risks are identified
Continuous evaluation of your compliance program
How to achieve accountability and transparency
Operational risk management and measurementRahmat Mulyana
a short description in mixed English and Bahasa Indonesia on Operational Risk Management and Measurement, in particular value at risk calculation using Monte carlo Simulation. Another method using EVT (Extree Value Theory) will be delivered shortly. regards
The role of internal auditors in fraud risk management and the skill sets required in the current scenario...
The focus of audit has to change from transaction audit to value addition..
Fraud, bribery and corruption: Protecting reputation and valueDavid Graham
In support of International Fraud Awareness Week, Deloitte Risk Advisory has published a series of articles, the second of which has been introduced below. This article lists ten areas that executives and the audit committee should evaluate to help mitigate reputational risks of fraud, bribery and corruption
Tips for Implementing a Whistleblower HotlineCase IQ
Shannon Walker, President of Whistleblower Security, shares tips for setting up a whistleblower hotline and answers some important questions and concerns often brought up when implementing and maintaining a whistleblower program.
To watch the entire webinar, visit: http://i-sight.com/webinar-how-to-set-up-a-whistleblower-hotline/
Operational Risk Management under BASEL eraTreat Risk
Operational risk have always ignored by Banks as they thought Credit and market risks can cause catastrophe. But history of misfortunes taught us different lessons. Controls and internal audit have long been construed as guard till BASEL II dictates forced banks to look with insight. Understand the dimension of ORM in this presentation.
Operational Risk : Take a look at the raw canvasTreat Risk
Operational risks by banks have never been recognised till BASEL II imposed on banks to look forward. Take a look at the broad canvas of Operational risks applicable for banks
Risk assessment and management seminar presented 18 March 2015 for Nepali bankers and government officials. Basel III compliance issues addressed with recent examples from Thailand, US, and Nepal.
How to Create a Risk Profile for Your Organization: 10 Essential StepsCase IQ
Understanding your organization’s risks is the first step in developing an effective anti-corruption compliance program. But for many businesses, identifying and understanding their risks is a complex process, involving research, analysis and cooperation from all levels of the organization. Since every company needs a robust compliance program, an effective risk analysis is crucial. The consequences of getting this step wrong can be astronomical.
Join anti-corruption experts Marc Tassé and Patrice Poitevin, as they outline the steps and tools necessary to create a risk profile for your organization.
The webinar will cover:
Tools to help determine areas of risk
Factors to evaluate
The importance of due diligence once risks are identified
Continuous evaluation of your compliance program
How to achieve accountability and transparency
Operational risk management and measurementRahmat Mulyana
a short description in mixed English and Bahasa Indonesia on Operational Risk Management and Measurement, in particular value at risk calculation using Monte carlo Simulation. Another method using EVT (Extree Value Theory) will be delivered shortly. regards
The role of internal auditors in fraud risk management and the skill sets required in the current scenario...
The focus of audit has to change from transaction audit to value addition..
Fraud, bribery and corruption: Protecting reputation and valueDavid Graham
In support of International Fraud Awareness Week, Deloitte Risk Advisory has published a series of articles, the second of which has been introduced below. This article lists ten areas that executives and the audit committee should evaluate to help mitigate reputational risks of fraud, bribery and corruption
Don’t let the title fool you. Establishing a comprehensive AML Program may involve “Five Steps” – but the steps are giant. We’ll break them down, but each area is time-consuming and takes a focused mindset.
We don’t suggest holding someone new to the AML profession solely responsible for implementing an AML Programme. Senior Management needs to understand that there are significant financial and reputational risk exposures if you have an underdeveloped AML Programme. Seek the input of an experienced advisor rather than trying to build a programme alone if you don’t have the experience.
Presented at the MENA-OECD Business Integrity Training, 22-25 April, Kuwait. Organised by the MENA-OECD Investment Programme in cooperation with the IMF-Middle East Center for Economics and Finance
The Risk and Control Self Assessment (RCSA) is an integral part of most operational risk management frameworks. RCSAs provide a structured mechanism for estimating operational
exposures and the effectiveness of controls. In so doing RCSAs help organisations to prioritise risk exposures, identify control weaknesses and gaps, and monitor the actions taken to address any weaknesses or gaps.
A well designed and implemented RCSA can help to embed operational risk management across an organisation, improving management attitudes towards operational risk management and enhancing the overall risk culture. In contrast, an inefficient or unnecessarily complex RCSA can damage the reputation of the (operational) risk function and reinforce the perception that
operational risk management is a bureaucratic, compliance-focused, exercise that does not support the achievement of organisational objectives.
Learn more about Risk Management and the essentials with IRM’s level 1 certification.
https://www.theirmindia.org/level1
Level 1 qualified or risk management professionals with 2-3 years of experience can also enroll for level 2 certification.
https://www.theirmindia.org/level2
Visit: https://www.theirmindia.org/
Address: IRM India Affiliate, 907,908,909, Corporate Park II, 9th Floor, VN Puran Marg, Near Swastik Chambers, Chembur Mumbai 400071
Anti-Bribery and Corruption Compliance for Third PartiesDun & Bradstreet
In this white paper, Kelvin Dickenson, Managing Director of D&B Global Compliance Solutions, discusses thoughtful approaches to buidling a scalable, effective and proportionate anti-corruption program for third-party due dilligence.
How to Reduce Risk in FinTech Operations360factors
As regulatory scrutiny increases, FinTechs are focusing on optimizing operational risk practices and minimizing potential operational risks. Risk mitigation is an essential responsibility for operations management. Hiring professional risk management assistance and implementing an established and verified risk assessment methodology are common first steps in risk mitigation. There really is nothing unusual with this strategy, but the higher risk exposure is frequently found in the organization’s operations processes – or absence thereof.
Facilitated Risk Analysis Process - Tareq HanayshaHanaysha
One of the most popular methods to perform a risk analysis is called Facilitated Risk Analysis Process (FRAP),FRAP will allow any organization to implement risk management techniques in a highly cost-effective way,develop an efficient and disciplined process to ensure that information-related risks to business operations are considered and documented.
The role of audit committees continues to expand to keep pace with the modern business operating environment. In addition to responsibility for a company’s financial reporting and management, audit committees increasingly take an active role in an organization’s risk management strategy.
Audit committees can be instrumental in helping their organizations implement procedures to address the challenges they face. They can also assist with addressing internal and external audit findings or with exploring best practices for addressing areas of operations that may be vulnerable to disruption or extraordinary risks.
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
Skye Residences | Extended Stay Residences Near Toronto Airportmarketingjdass
Experience unparalleled EXTENDED STAY and comfort at Skye Residences located just minutes from Toronto Airport. Discover sophisticated accommodations tailored for discerning travelers.
Website Link :
https://skyeresidences.com/
https://skyeresidences.com/about-us/
https://skyeresidences.com/gallery/
https://skyeresidences.com/rooms/
https://skyeresidences.com/near-by-attractions/
https://skyeresidences.com/commute/
https://skyeresidences.com/contact/
https://skyeresidences.com/queen-suite-with-sofa-bed/
https://skyeresidences.com/queen-suite-with-sofa-bed-and-balcony/
https://skyeresidences.com/queen-suite-with-sofa-bed-accessible/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-king-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed-accessible/
#Skye Residences Etobicoke, #Skye Residences Near Toronto Airport, #Skye Residences Toronto, #Skye Hotel Toronto, #Skye Hotel Near Toronto Airport, #Hotel Near Toronto Airport, #Near Toronto Airport Accommodation, #Suites Near Toronto Airport, #Etobicoke Suites Near Airport, #Hotel Near Toronto Pearson International Airport, #Toronto Airport Suite Rentals, #Pearson Airport Hotel Suites
What are the main advantages of using HR recruiter services.pdfHumanResourceDimensi1
HR recruiter services offer top talents to companies according to their specific needs. They handle all recruitment tasks from job posting to onboarding and help companies concentrate on their business growth. With their expertise and years of experience, they streamline the hiring process and save time and resources for the company.
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...BBPMedia1
Marvin neemt je in deze presentatie mee in de voordelen van non-endemic advertising op retail media netwerken. Hij brengt ook de uitdagingen in beeld die de markt op dit moment heeft op het gebied van retail media voor niet-leveranciers.
Retail media wordt gezien als het nieuwe advertising-medium en ook mediabureaus richten massaal retail media-afdelingen op. Merken die niet in de betreffende winkel liggen staan ook nog niet in de rij om op de retail media netwerken te adverteren. Marvin belicht de uitdagingen die er zijn om echt aansluiting te vinden op die markt van non-endemic advertising.
[Note: This is a partial preview. To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
Sustainability has become an increasingly critical topic as the world recognizes the need to protect our planet and its resources for future generations. Sustainability means meeting our current needs without compromising the ability of future generations to meet theirs. It involves long-term planning and consideration of the consequences of our actions. The goal is to create strategies that ensure the long-term viability of People, Planet, and Profit.
Leading companies such as Nike, Toyota, and Siemens are prioritizing sustainable innovation in their business models, setting an example for others to follow. In this Sustainability training presentation, you will learn key concepts, principles, and practices of sustainability applicable across industries. This training aims to create awareness and educate employees, senior executives, consultants, and other key stakeholders, including investors, policymakers, and supply chain partners, on the importance and implementation of sustainability.
LEARNING OBJECTIVES
1. Develop a comprehensive understanding of the fundamental principles and concepts that form the foundation of sustainability within corporate environments.
2. Explore the sustainability implementation model, focusing on effective measures and reporting strategies to track and communicate sustainability efforts.
3. Identify and define best practices and critical success factors essential for achieving sustainability goals within organizations.
CONTENTS
1. Introduction and Key Concepts of Sustainability
2. Principles and Practices of Sustainability
3. Measures and Reporting in Sustainability
4. Sustainability Implementation & Best Practices
To download the complete presentation, visit: https://www.oeconsulting.com.sg/training-presentations
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
Falcon stands out as a top-tier P2P Invoice Discounting platform in India, bridging esteemed blue-chip companies and eager investors. Our goal is to transform the investment landscape in India by establishing a comprehensive destination for borrowers and investors with diverse profiles and needs, all while minimizing risk. What sets Falcon apart is the elimination of intermediaries such as commercial banks and depository institutions, allowing investors to enjoy higher yields.
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
Implicitly or explicitly all competing businesses employ a strategy to select a mix
of marketing resources. Formulating such competitive strategies fundamentally
involves recognizing relationships between elements of the marketing mix (e.g.,
price and product quality), as well as assessing competitive and market conditions
(i.e., industry structure in the language of economics).
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
Memorandum Of Association Constitution of Company.pptseri bangash
www.seribangash.com
A Memorandum of Association (MOA) is a legal document that outlines the fundamental principles and objectives upon which a company operates. It serves as the company's charter or constitution and defines the scope of its activities. Here's a detailed note on the MOA:
Contents of Memorandum of Association:
Name Clause: This clause states the name of the company, which should end with words like "Limited" or "Ltd." for a public limited company and "Private Limited" or "Pvt. Ltd." for a private limited company.
https://seribangash.com/article-of-association-is-legal-doc-of-company/
Registered Office Clause: It specifies the location where the company's registered office is situated. This office is where all official communications and notices are sent.
Objective Clause: This clause delineates the main objectives for which the company is formed. It's important to define these objectives clearly, as the company cannot undertake activities beyond those mentioned in this clause.
www.seribangash.com
Liability Clause: It outlines the extent of liability of the company's members. In the case of companies limited by shares, the liability of members is limited to the amount unpaid on their shares. For companies limited by guarantee, members' liability is limited to the amount they undertake to contribute if the company is wound up.
https://seribangash.com/promotors-is-person-conceived-formation-company/
Capital Clause: This clause specifies the authorized capital of the company, i.e., the maximum amount of share capital the company is authorized to issue. It also mentions the division of this capital into shares and their respective nominal value.
Association Clause: It simply states that the subscribers wish to form a company and agree to become members of it, in accordance with the terms of the MOA.
Importance of Memorandum of Association:
Legal Requirement: The MOA is a legal requirement for the formation of a company. It must be filed with the Registrar of Companies during the incorporation process.
Constitutional Document: It serves as the company's constitutional document, defining its scope, powers, and limitations.
Protection of Members: It protects the interests of the company's members by clearly defining the objectives and limiting their liability.
External Communication: It provides clarity to external parties, such as investors, creditors, and regulatory authorities, regarding the company's objectives and powers.
https://seribangash.com/difference-public-and-private-company-law/
Binding Authority: The company and its members are bound by the provisions of the MOA. Any action taken beyond its scope may be considered ultra vires (beyond the powers) of the company and therefore void.
Amendment of MOA:
While the MOA lays down the company's fundamental principles, it is not entirely immutable. It can be amended, but only under specific circumstances and in compliance with legal procedures. Amendments typically require shareholder
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraAvirahi City Dholera
The Tata Group, a titan of Indian industry, is making waves with its advanced talks with Taiwanese chipmakers Powerchip Semiconductor Manufacturing Corporation (PSMC) and UMC Group. The goal? Establishing a cutting-edge semiconductor fabrication unit (fab) in Dholera, Gujarat. This isn’t just any project; it’s a potential game changer for India’s chipmaking aspirations and a boon for investors seeking promising residential projects in dholera sir.
Visit : https://www.avirahi.com/blog/tata-group-dials-taiwan-for-its-chipmaking-ambition-in-gujarats-dholera/
Unveiling the Secrets How Does Generative AI Work.pdfSam H
At its core, generative artificial intelligence relies on the concept of generative models, which serve as engines that churn out entirely new data resembling their training data. It is like a sculptor who has studied so many forms found in nature and then uses this knowledge to create sculptures from his imagination that have never been seen before anywhere else. If taken to cyberspace, gans work almost the same way.
Unveiling the Secrets How Does Generative AI Work.pdf
Fraud Risk Assessment_Notes
1. FRAUD RISK ASSESSMENTS IN FINANCIAL INSTITUTIONS
Investigation reports and loss data provide the fertile ground on which the
seeds of a fraud risk assessment (FRA) can be sowed, and the ensuing
process should involve walk-throughs, sample testing, and, if allowed,
mystery shopping to identify the risk scenarios, efficiency of existing
controls, and residual risks.
CHARANJEET SINGH, CFE, CISM Head of Group Fraud Risk
Management A Leading Abu Dhabi–Based Bank
Charanjeet has experience of more than 18 years in the financial services
industry, of which the last 12 years have been in the field of control
functions, which include Fraud Risk Management and Internal Audit. He
has worked in three regions: India, Africa, and UAE. Charanjeet’s current
responsibilities include fraud risk management for one of the leading
banking groups in UAE, which also has international presence. His
responsibilities include creation and implementation of fraud risk policy,
along with management of the complete lifecycle of fraud risk, including
prevention, detection, and investigation, including regulatory reporting
related to fraud risk.
“Association of Certified Fraud Examiners,” “Certified Fraud Examiner,”
“CFE,” “ACFE,” and the ACFE Logo are trademarks owned by the Association
of Certified Fraud Examiners, Inc. The contents of this paper may not be
transmitted, re-published, modified, reproduced, distributed, copied, or sold
without the prior consent of the author.
FRAUD RISK ASSESSMENTS IN FINANCIAL INSTITUTIONS
What FRA Is and Why It Should Be Done
This is a frequently asked question and the answer lies in the fraud
triangle. The aim of FRA is to identify opportunities (fraud risks) that can
be exploited by fraudsters, both internal and external. Once the risks are
identified, they need to be mitigated or accepted, since it might not be
possible to eliminate them. FRA is usually part of fraud prevention tools
but sometimes it can become a detection tool. Fraud risk assessment
allows the organisation to identify the potential risks before they cause any
financial, reputational, or customer losses.
2. FRA can be done at two levels, the first being organisation wide to cover
areas related to organisational policies, and it is more of a checklist-based
activity. This helps in benchmarking the fraud risk management function
and can provide input in charting the roadmap.
The second type of FRA is done at the process or product level and is more
detailed. Even if an organisation is already conducting RCSA, internal
audits, and so on, it makes sense to conduct an FRA, because usually other
control tests evolve around pure operational risks and might not be as
detailed as the FRA in terms of approach. FRA involves meetings with
stakeholders, including people running the process on the floor, review of
SOPs and policies, data analytics, and testing of controls for design and
effectiveness. Depending on the organisational structure, process-level
FRA can be done jointly with RCSA or ops-risk teams.
FRA can also provide assurance to the stakeholders like board, regulators,
and insurance providers, but at the same time, if not conducted properly, it
can raise questions about the people who conducted it.
A process-level FRA should not be pitched as a control testing or control
evaluation exercise; rather, it should be presented as a joint exercise with
stakeholders to identify potential risk, map existing controls with those as
applicable, and identify residual risks and risk mitigating measures. The
tone of the FRA should be advisory and not mandatory for it to be
accepted.
In an organisation with minimal fraud incidents, a process- level FRA
might be a hard sell, but one look at operational losses and credit write offs
could provide an opening.
Ideally first step should be to conduct an organisation-level FRA as that
covers reorganization-level policies. The second stage should be the
process-level FRA.
How the FRA Should Be Done
For a stage-one FRA, which is organisational wide, a benchmarking
checklist provided by ACFE can be consulted. It covers prevention,
detection, and response. Some topics include:
1
3. ! Staff, vendor, and contractor background checks
! Presence of key policies like fraud risk, anti-bribery and
corruption, ethics and code of conduct declarations, whistleblowing,
mandatory leave, job rotation, and so on
! Response plan with responsibilities and accountability
! Presence of fraud awareness programs
A stage-two FRA is more comprehensive and for specific processes;
it involves control testing along with identification of mitigating
controls and acceptance of residual risks.
1
www.acfe.com/frat.aspx?id=6797 and www.acfe.com/uploadedfiles/acfe_website/
content/documents/fraud_pr ev_checkup_dl.pdf
It starts with identification of areas that are usually prone to fraud risk.
Common understanding is that there are certain high-risk functions, such
as procurement, sales, and other customer-facing functions. As FRA is a
resource-intensive process, one might want to focus on areas that are most
vulnerable and can cause high financial losses. Some factors to consider
while shortlisting the processes for FRA are:
! Past incidents in the company or in the industry
! Losses due to customers, staff, or vendors—sometimes
fraud is camouflaged under bad debts, operational
errors, etc.
! Cover all the processes under one department or cover
one process start to finish across the organisation
! Recent visits by other control functions like audit, OPS
risk, etc. Too many visits by control functions to a specific
department might result in a non-conducive environment for FRA. In
4. fact is it’s better to plan FRA before audit as buy in from
stakeholders could be higher.
! Resource availability with relevant skill set
Once the specific process or product has been identified, the idea of
an FRA should be discussed with stakeholders to check the
acceptance level. It might not be a great idea to push an FRA very
hard if there’s no buy-in from stakeholders. One should try to time
the FRA proposal with discussions of what has happened or what can
happen.
Though it is generally known that control functions are not the
masters of all trades, they are masters of control and risk domain.
Therefore, the FRA should be pitched for the areas where the fraud
risk team has good expertise. Additionally, the team should do the
groundwork before pitching FRA for any process so that certain
high-level risks can be shared with the stakeholders. This would get
the FRA team due respect, which can be leveraged during the FRA.
Expectations and deliverables should be discussed with the stakeholders to
ensure they are aligned and the usual disclaimers should be provided to
reassure the stakeholders that it’s a joint exercise unlike any audit and
would help the stakeholders in strengthening the process. This could be
done in the introductory meeting with the stakeholders. Usually it should
involve the head of the department, who should be asked to nominate key
people from the department for participation in the FRA.
Once the final decision and approval has been obtained for the FRA, team
should request all the relevant data, including the SOP, product notes,
policy, RCSA register, and so on. It’s always useful to read all the relevant
documents and identify the risks and mitigating controls. During this stage,
there could be scenarios wherein:
! Risk is identified in the process and a mitigating control is in place.
! Risk is identified in the process but a mitigating control does not exist
or is insufficient.
! A new risk is identified during the planning stage.
To ensure comprehensive recording of all the risks and mitigating
controls, it is advisable to document all of the above type of risks in
5. the FRA register.
During this stage, it’s not uncommon to ask the concerned team for
clarifications based on review of documents.
Once the FRA register is ready, the team should initiate the
fieldwork; some of the activities that can be undertaken during
fieldwork are:
! Meet with nominated people for brainstorming; they should be
encouraged to think of scenarios. Basic themes could be external
fraud (customer, vendor, third parties), internal fraud, collusion, etc.
! One should be able to create scenarios in terms of “what if....” Once a
risk scenario is visualized, then mitigating measures can be discussed
and agreed.
! It might be a good idea to take input from other stakeholders, for
example for an FRA of procurement function, consider input from
users of the products or services, whether they come across
specification changes, product quality, etc.
! Conduct a process walk-through to go through the process from start
to end, which also validates whether SOP and practice are aligned.
! Sample test to check whether controls are working as intended.
During the stakeholder meeting, they should be reassured regarding
objective of the FRA. It’s always fruitful to not have managers
present during such meetings; participants should include the people
who are processors. Later on, managers can be invited and asked for
their input. This is important as sometimes process executives might
not know about certain controls but managers might be aware of
them.
It is natural for managers to deny the existence of a risk and overrate
the effectiveness of a control; in such cases data gathered during the
planning stage can be very effective. The first step should be to get
the acknowledgement of the risk. It should be made clear that even if
a risk is completely mitigated, it needs to be documented in the FRA
6. register.
At least two rounds of meetings should be done with process executives
and process owners so that they have time to think about the risks and
mitigating measures. Effectiveness of controls can be tested during sample
testing. It might come as a surprise to the business team that controls that
exist in SOP are nonexistent in sample testing. It’s advisable to pick up
samples during the process walkthrough rather than asking for samples in
advance.
For example, in an FRA of the procurement function, the following type of
samples can be tested:
! RFP (request for proposal) process
! Vendor-selection process
! Vendor-empanelment process
! Vendor payment (how is it validated, quality/scope
coverage, TAT for payments, how the payments are made, if it’s
electronic fund transfer how are the bank details obtained from the
vendor, process for changing bank details of vendor, how are the
duplicates identified)
In an FRA of HR (hiring process), some risks could be:
! Routing of direct candidates through an agency
! Agency hiring process
! Payment of joining bonus—candidate not paid anything
or paid a lower amount but records indicate a higher
payment
! Payment of unclaimed allowances to account of an
accomplice
7. ! Not conducting background checks or conducting
inadequate background checks
! Candidate providing fictitious degrees or certificates
! Staff collusion resulting in defective maker-checker
control
! Fake resume, work experience, specific projects, length
of service, designation, compensation, etc.
! Stage-managed background checks
! ID theft, remote testing
! Terminated ex-staff is able to join back in a different
division, department, or subsidiary
In the FRA of a process that has an OTP (one-time password) or
callback, some of the important risk factors could be identified by
asking:
! How was the phone number on which OTP is sent
added?
! What is the process for updating a phone number?
! How is the risk of the phone number being
compromised mitigated?
! How is the risk of MITM/MITB mitigated through an
OTP or callback?
! Are the callback questions limited to only the
transaction confirmation or do they also include
customer identification?
8. ! Are the customer identification questions based on
static data or do they include dynamic questions?
All the risks identified based on SOP review, brainstorming exercises,
process walkthroughs, and control testing should be documented and
shared with the concerned business team for review and input on the
mitigating controls. This could result in:
! Risks that are sufficiently mitigated ! Risks that are partiality mitigated
! Risks that can’t be mitigated
All of these should be evaluated in terms of probability of occurrence,
impact, control design, control implementation effectiveness, residual risk,
and risk rating of the same.
Some of the risks identified through FRA might require action planning as
at times mitigating controls can’t be implemented immediately due to
various reasons. These could include changes to process, policies, and
certain non- mitigated risks that might require management
acknowledgement through signoffs.
Sometimes certain operational risks get identified during FRA activity and
they should be classified as such in case they are not documented already
under RCSA. Similarly if a risk is identified but it can’t be owned by the
process under FRA, it should be referred to the concerned team to address
it.
Presenting the Findings
After finalisation of risks and completion of FRA register, high-level risks
can be shared with stakeholders in the executive summary along with
detailed report covering all the identified risks. One can consider rating the
process but the ratings should be well defined to bring out the objectivity,
otherwise it can result in challenges. Ideally the overall report format
should be discussed with stakeholders in the planning stage.
For effective action tracking of FRA findings, it is advisable to conduct a
closure meeting with the department head, and findings can be jointly
presented by a team comprising fraud risk and business.
9. Action Follow-Up
Action follow-up can be done on due dates if the fraud risk team has the
resources, or in the report this responsibility can be assigned to the
business team and an annual declaration can be obtained confirming the
implementation of action plan as per the agreed dates. These reports could
be shared with internal audit department as they could test controls during
the audit of concerned business team in due course.
Any fraud incidents that happen subsequent to the FRA should be checked
to see if they form part of identified risks or if it is a new risk that could
not be identified during the FRA. Similarly if a fraud scenario was already
identified during the FRA, someone should check whether the control
design was defective or if the control did not work as intended. Such
incidents should be considered when scheduling the next FRA for the
specific process area.
Supporting Steps:
Fraud risks can be identified in planning stage through:
! Review of SOP, policies, and product papers
! RCSA or operational risk assessment reports
! Loss data
! Customer complaints
! Regulatory reporting
! Insurance claims
! Industry sources
A sample FRA register might have the following sections:
! Fraud risk type: internal, external, combination
! Fraud risk scenario
! Risk identification stage: planning, fieldwork, existing
risk (RCSA/ORA etc.)
10. ! Probability of occurrence
! Risk impact
! Mitigating control
! Residual risk
! Residual risk impact
! Action planning
! Action owner (there could be some risks for which
ownership is outside the specific process so concerned
people should be informed about it)
! Action completion date
Probability could be classified as high likely, likely, or not likely. Control
design could be classified as effective or defective. Control effectiveness
can be classified as no exceptions noted, exceptions noted, or not being
followed. Residual risk could be high, medium, or low.
Some of the high-risk functions across industries include: ! Sales function
! HR
! Procurement
! Payments
! Admin: leasing, services management ! Operations
Broadly, customer-facing and vendor-facing functions are prone to
corruption and bribery. Processing teams could either aid the fraud due to
negligence or be tempted by internal or external entities.