Structuring an effective risk management program.
| Author | Hedley, Timothy P. |
| Position | FRAUD |
Strikingly, nearly two-thirds (65 percent) of senior executives questioned last year in KPMG's 2009 Fraud Survey cited fraud and misconduct as significant threats within their industry. Yet, even though executives appear to understand the significance of the risk of fraud and misconduct, few of them seem to assess these risks in a systematic, rigorous manner.
After all, such assessments when well executed can help organizations identify the pressure points and incentives that give rise to the most salient, integrity-related risks for organizations and their stakeholders. Further, a fraud and misconduct risk assessment can also provide a foundation upon which management can build a process to help avoid losses due to fraud and misconduct.
Based upon experience, the answer to this question may be simply that many executives do not actually understand how to conduct an effective assessment.
For those who want to conduct their own fraud and misconduct risk assessment, they might consider a framework that consists of five fundamental elements: Design considerations; identification of business units, locations or processes; categorization and inventory; assignment; and remediation.
Design Considerations
Two primary considerations present themselves when starting a fraud and misconduct risk assessment. The first is determining if the assessment will be part of a larger enterprise-wide assessment or if it will stand alone. The second is formulating a team that maintains ultimate responsibility, which includes oversight of the design, implementation and evaluation of the assessment.
Identification of Business Units, Locations or Processes
The team should decide upon which aspects of the organization it will focus. Will the assessment be at the corporate level, the business unit level, the business process/transactional level, by geography or some combination of the above? Once those determinations are made, the team should consider who will provide input into the assessment. The involvement of personnel from across the organization/business unit/geography and at all levels provides a diverse perspective that helps ensure that the broadest range of risks are being considered.
Often, lower-level employees have first-hand knowledge of fraud and misconduct to which senior management might not have visibility. The assessment team may also want to consider, as appropriate, the participation of external sources, such as industry experts, analysts, lawyers...
To continue reading
Request your trialCOPYRIGHT GALE, Cengage Learning. All rights reserved.
