It is critical to recognize that fraud risk is not exclusively about the “good guys” catching “bad guys.” Given the right (wrong) circumstances, even the best people can do some of the worst things. In light of that, an organization should approach fraud risk in a comprehensive manner so that the business does not put any individual in a position where they will be tempted to do something that they would not normally do—as well as rigorously prevent, detect, and respond to the “bad guys” where they exist.
