It is critical to recognize that fraud risk is not exclusively about the “good guys” catching “bad guys.” Given the right (wrong) circumstances, even the best people can do some of the worst things. In light of that, an organization should approach fraud risk in a comprehensive manner so that the business does not put any individual in a position where they will be tempted to do something that they would not normally do—as well as rigorously prevent, detect, and respond to the “bad guys” where they exist.
Managing fraud risk is a complex task that involves understanding business processes, controls, and, most importantly, behavioral economics and social psychology. Or, stated differently, understanding both the business and what drives human behavior.
