Measure the report program effectiveness. A fraud risk management program is required to be periodically evaluated to assess the program’s performance. Management and Board Audit Committee (BAC) must know whether the fraud risk management program is effective or not.
Measure The Report Program Effectiveness: Step 8 In Fraud Risk Management
Assessing the program’s effectiveness requires specialist knowledge and procedures performed to test the operating effectiveness of controls. The measurement and evaluation of the program may be achieved through the organization’s external auditor. As external auditors perform the audit of the company’s financial statements, as an independent third party, they may identify clues about the fraud incidents leading to the conclusion that the fraud risk management program is not operating as desired.
Program performance is also assessed by identifying several fraud cases that occurred during a particular period. For example, if the number of fraud incidents is not declined after the implementation of fraud risk management programs and components, then it suggests that the program developed and implemented is not effective. On the other hand, if the number of fraud cases is declined after implementing the fraud management program, then one may say that, due to the operating effectiveness of the program and its components, the fraud incidents and cases are reported.
Board and senior management must be informed about the program’s effectiveness in the form of formal reports. Departmental heads are required to measure and evaluate their respective fraud program controls and present the facts and findings with the senior management periodically.
Assessed Program Performance
The assessed program performance should be compared with the industry best practices and internal expectations about the program effectiveness. Deviations must be analyzed and recorded in the form of formal fraud risk management program reports.
During its periodic management meeting, senior management must be provided with the formal fraud risk management program effectiveness reports. Senior management team members must include agenda for discussion on the program effectiveness for different departments and key risk areas of the organization.
For example, senior management may start reviewing the number of fraud cases reported in the Treasury and Cash Management functions in a particular period. If the number of fraud incidents is high, senior management must take appropriate measures to address the program’s ineffectiveness.
Board committee such as BAC or BRMC is also apprised of the effectiveness of the program, for its review and feedback.
Fraud Risk Assessment
To effectively and efficiently protect itself and its stakeholders from fraud, an organization must first understand fraud risk and the specific risks that apply directly or indirectly to the organization. A structured fraud risk assessment should be performed and updated on a regular basis, depending on the organization’s size, complexity, industry, and goals. The assessment can be combined with an overall organizational risk assessment or performed separately, but it must include risk identification, risk likelihood and significance assessment, and risk response.
Gathering external information from regulatory bodies (e.g., securities commissions), industry sources (e.g., law societies), key guidance setting groups (e.g., Cadbury, King Report7, and The Committee of Sponsoring Organizations of the Treadway Commission (COSO)), and professional organizations may be used to identify fraud risk.
The Institute of Internal Auditors (IIA), the American Institute of Certified Public Accountants (AICPA), the Association of Certified Fraud Examiners (ACFE), the Canadian Institute of Chartered Accountants (CICA), The CICA Alliance for Excellence in Investigative and Forensic Accounting, The Association of Certified Chartered Accountants (ACCA), and the International Federation of Accountants are all members of the International Federation of Accountants (IFAC).
Interviews and brainstorming with personnel representing a wide range of activities within the organization, as well as a review of whistleblower complaints and analytical procedures, should all be used to identify fraud risks.
Final Thoughts
An assessment of the incentives, pressures, and opportunities to commit fraud is part of an effective fraud risk identification process. Employee incentive programs and the metrics that underpin them can provide a road map for where fraud is most likely to occur. The potential override of controls by management, as well as areas where controls are weak or there is a lack of segregation of duties, should be considered when assessing fraud risk.