Fraud Risk Management

Similar documents
Fraud Prevention and Deterrence

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Enterprise Risk Management

Introduction to Enterprise Risk Management at UVM DRAFT

IFAD Policy on Enterprise Risk Management

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

Policy : Enterprise Risk Management Policy

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

WFP ENTERPRISE RISK MANAGEMENT POLICY

Enterprise Risk Management Framework Strengthening our commitment to risk management

Developing an Effective Enterprise Risk Management Program

Enterprise Risk Management: Taking the First Steps

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

Risk Management Policy Adopted by:

POLICY. Number: Title: Enterprise Risk Management. Authorization

ISO 31000: ISO/IEC & ISO Guide 73: New Standards for the Management of Risk

Effective Enterprise Risk Management with ErmsCo ERM Foundation

Risk, Risk Assessments and Risk Management. Christopher Bowler CPA, CISA August 10, 2015

AMTRAK CORPORATE GOVERNANCE: Implementing a Risk Management Framework is Essential to Achieving Amtrak s Strategic Goals

Get More Out of Your Risk Assessment. Austin Chapter of the IIA

Key Elements of Effective FCPA Remediation: Earning DOJ and SEC s High Premium Jonny Frank Rex Homme * February 2013

Enterprise Risk Management: COSO, New COSO, ISO Review of ERM

Antifraud program and controls assessment grid*

Fraud-Related Compliance

1/17/2013 FRAUD RISK MANAGEMENT PROGRAM SESSION OBJECTIVE AND OUTLINE

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT POLICY

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202)

RSA ARCHER OPERATIONAL RISK MANAGEMENT

Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

Enterprise Risk Management in Compliance 360

Forensic Audit Building a World Class Program

FRAUD RISK ASSESSMENT

Types of Fraud and Recent Cases. Developing an Effective Anti-fraud Program from the Top Down

ERM Program. Enterprise Risk Management Guideline

MEMORANDUM. Comments on the Updating of the LSC Risk Management Program

Audit of the Policy on Internal Control Implementation

Deloitte Forensic Fraud Risk Management

Corporate Resiliency Managing g the Growing Risk of Fraud and Corruption

March Internal audit insights High impact areas of focus

Enterprise Risk Management in Colleges and Universities

Practical and ethical considerations on the use of cloud computing in accounting

Sound Practices for the Management of Operational Risk

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

Matthew E. Breecher Breecher & Company PC November 12, 2008

Operational Risk Management in a Debt Management Office

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

Internal Audit Terms of Reference

The Role of the Board in Enterprise Risk Management

Board oversight of risk: Defining risk appetite in plain English

Risk Management Basics - ISO Standard. Louis Kunimatsu, CRISC IT Security & Strategy, Ford Motor Company

Enterprise risk management: A pragmatic, four-phase implementation plan

Risk Management Framework

Risk Management Policy

Transmittal Letter Objectives and Scope Approach Financial System Permitting Application... 9

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher

Risk Assessment & Enterprise Risk Management

Analyzing Risks in Healthcare. February 12, 2014

ISO and Risk Management

Enterprise Risk Management Process Improvement. Secure Banking Solutions, LLC

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

Avondale College Limited Enterprise Risk Management Framework

Information Technology Governance. Steve Crutchley CEO - Consult2Comply

Enterprise Risk Management & Information Technology

fs viewpoint

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

FRAUD RISK MANAGEMENT

Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm

ENTERPRISE RISK MANAGEMENT FOR BANKS

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

Fraud Risk Management

RSA ARCHER AUDIT MANAGEMENT

Compliance Services CONSULTING. Gap Analysis. Internal Audit

Internal Controls and Risk Management Report

ERM Standards of Practice and Shared Risk Principles

Infosys: Treating Governance and Compliance Strategically with SAP Access Control

Business Continuity Trends, Requirements and Expectations in Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

Fraud Control Theory

RISK ASSESSMENT CHECKLIST

ENTERPRISE RISK MANAGEMENT POLICY

Risk Management Services

Improving Financial Performance, Governance and Compliance

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund

Fraud Risk Management Procedures

How To Understand And Understand Forensic Accounting

defense through discovery

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Enterprise Risk Management in UNHCR

Gilead Clinical Operations Risk Management Program

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Enterprise Risk Management

Fraud Risk Management providing insight into fraud prevention, detection and response

Transcription:

Fraud Risk Management Overview

Discussion Questions 1) Does your organization follow a specific risk management model? If so, which one? Do you think this model adequately addresses the risks your organization faces? Why or why not? 2 of 27

Discussion Questions 2) What are some of the risks your organization faces? Where does the risk of fraud fit into your organization s risk hierarchy? 3 of 27

Discussion Questions 3) Does your organization have a formal risk management function? If so, are anti-fraud initiatives integrated into the risk management initiatives? 4 of 27

Discussion Questions 4) How does your organization categorize the risks that are identified in the risk management process? 5 of 27

Learning Objectives Analyze current state of the risk management landscape. Compare different risk management frameworks. Recognize what fraud risk is and the factors that influence it. Understand the reasons for effectively managing fraud risk. Determine who is responsible for managing fraud risk within an organization. 6 of 27

Introduction to Risk Management Risk management involves: Identification of risks Prioritization of risks Treatment of risks Monitoring of risks 7 of 27

Introduction to Risk Management Balancing risk appetite with ability to meet strategic, operational, reporting, and compliance objectives Requires a proactive, rather than reactive, approach 8 of 27

Report on Current State of Risk Management Risk management initiatives appear relatively immature: 30% describe their risk management implementation as systematic, robust, and repeatable. 43% described their risk management processes as very immature or developing. 9 of 27

Report on Current State of Risk Management 43% minimally or not at all satisfied with the nature and extent of reporting of key risk indicators to senior executives. More than half do not have risk oversight activities formally assigned to a board subcommittee. Boards of directors are placing greater expectations on management to strengthen risk oversight. 10 of 27

Risk Management Frameworks An entity s risk management program should be specifically tailored to its unique needs. But, the use of a framework can provide guidance and structure in developing the program. 11 of 27

COSO Enterprise Risk Management Integrated Framework Internal environment Objective setting Event identification Risk assessment Risk response Control activities Information and communication Monitoring 12 of 27

COSO Enterprise Risk Management Integrated Framework 13 of 27

COSO Internal Control Framework COSO ERM Framework ACFE Fraud Risk Management Control (Internal) environment (1) Internal environment (1) Internal environment Defined roles and reporting Communicate expectations Tone at the top Code of conduct, ethics policy Training -------- Objective setting (2) Objective setting Define program objectives Risk assessment (2) Risk assessment (4) Risk assessment Assemble the right team -------- Event identification (3) Catalogue and evaluate risks Evaluate existing fraud controls Create mitigating controls -------- Risk response (5) Risk reponse Control Activities (3) Control Activities (6) Control Activities Ensure compliance Investigate violations Monitoring (5) Monitoring (8) Monitor - mitigating controls Information and Communication (4) Information and Communication (7) Information and Communication Report Findings Evaluate risk assessment process 14 of 27

ISO 31000:2009 Lays out 11 principles of effective risk management Provides guidance on developing both a framework and a process for managing risk that is based on those principles 15 of 27

ISO 31000:2009 Risk Management Principles Creates value Integral part of organizational processes Part of decision making Explicitly addresses uncertainty Systematic, structured, and timely Based on best available information Tailored Takes human and cultural factors into account Transparent and inclusive Dynamic, iterative, and responsive to change Facilitates continual improvement and enhancement 16 of 27

ISO 31000:2009 (Source: ISO 31000:2009, Risk Management Principles and Guidelines ) 17 of 27

What Is Fraud Risk? The vulnerability that an organization has to those capable of overcoming the three elements of the fraud triangle Comes from both internal and external sources Differs from other risks because fraud, by definition, entails intentional misconduct designed to evade detection 18 of 27

Types of Fraud Risk Inherent risk risk present before management takes action Residual risk risk that remains after management takes action 19 of 27

Factors Influencing Fraud Risk The nature of the business The operating environment The ethics and values of the entity and its people The effectiveness of internal controls 20 of 27

Business Case for Managing Fraud Risk Organizations that deny the true possibility of fraud are at the greatest risk. 21 of 27

Business Case for Managing Fraud Risk The typical organization stands to lose an estimated 5% of its annual revenues to fraud. Recovery is typically very little, if any. Additional time and money invested in: Investigating how frauds happened Pursuing action against perpetrators Remediating system weaknesses 22 of 27

Business Case for Managing Fraud Risk 23 of 27

Business Case for Managing Fraud Risk 24 of 27

Business Case for Managing Fraud Risk A proactive fraud risk management program: Directly increases the bottom line Sends a clear anti-fraud message Demonstrates a sound business strategy Enhances the organization s image and reputation Promotes goodwill Ensures compliance with laws and regulations 25 of 27

Who Is Responsible for Managing Fraud Risk? Team responsible for executing, monitoring, and ensuring success Executive management Audit committee Investigations group Compliance Controller s group Internal audit IT Security Legal department Human resources 26 of 27

Who Is Responsible for Managing Fraud Risk? Team should have designated leader. Synergy and communication are key. 27 of 27

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information