Page 10 - RMAI Bulletin July 2024
P. 10
RMAI BULLETIN JULY 2024
3. Conducting Investigations and Taking Corrective Regularly report results and improve the process.
Actions 4. Designing Preventive and Detective Fraud
4. Monitoring and Evaluating the Total Fraud Risk Control Activities: Select, develop, and deploy
Management Program effective control measures.
5. Performing Comprehensive Fraud Risk
Implementing a Fraud Risk Manage- Assessments: Continuously identify and evaluate
ment Program fraud risks.
Organizations can choose between two approaches to This method ensures that fraud risk management is
address fraud risk assessment within the COSO 2013 ingrained into the organization's culture and
IC Framework: operations, providing a structured and ongoing
First Approach: Conducting a Stand-Alone Fraud Risk approach to fraud prevention, detection, and
Assessment response.
Organizations can use the Guide's second fraud risk Importance of a Comprehensive
management principle, which involves performing Fraud Risk Management Approach
comprehensive fraud risk assessments to:
Identify specific fraud schemes and risks The comprehensive approach to fraud risk
management is crucial as it recognizes the
Assess their likelihood and significance fundamental difference between errors and fraud:
Evaluate existing fraud control activities intent. Internal control weaknesses that result in fraud
Implement actions to mitigate residual fraud risks are intentional acts designed to misstate financial or
non-financial information, misappropriate assets, or
perpetrate illegal acts or corruption.
This approach involves overlaying the fraud risk
assessment process onto the existing internal control By implementing a focused fraud risk assessment
structure, revisiting each component of internal within a broader Fraud Risk Management Program,
control, and assessing vulnerabilities to fraud. This organizations can better identify and mitigate
method ensures compliance with Principle 8 but is intentional fraud risks. This method results in a more
somewhat limited to periodic assessments.
robust and thorough assessment, leading to stronger
prevention and detection mechanisms.
Second Approach: Implementing a Comprehensive
Fraud Risk Management Program
Conclusion
This approach is more holistic and involves not only Integrating fraud risk management within the COSO
periodic assessments but also continuous management 2013 IC Framework is essential for maintaining an
of fraud risks as part of a broader Fraud Risk effective internal control environment. Whether
Management Program. The comprehensive process through a stand-alone fraud risk assessment or a
includes: comprehensive Fraud Risk Management Program,
1. Establishing a Fraud Risk Management Policy: organizations must prioritize the identification,
Integrate fraud risk management into assessment, and management of fraud risks. By doing
organizational governance. so, they enhance their ability to prevent, detect, and
respond to fraud, thereby safeguarding their assets
2. Developing a Fraud Reporting Process: and ensuring the integrity of their financial reporting.
Implement a coordinated approach to Organizations are encouraged to adopt the
investigations and corrective actions, including comprehensive approach to foster a culture of integrity
root cause analysis and remediation. and accountability, ensuring that their internal control
3. Monitoring the Fraud Risk Management Process: systems are resilient against fraud.
8
