A new report from the Committee of Sponsoring Organizations of the Treadway Commission (COSO) offers a blueprint to organizations for establishing an overall fraud risk management program.
Fraudsters are ever-changeable chameleons who adjust their strategies to the times and newly available technologies. Organizations seeking to deter and detect fraud must adapt as well.
The executive summary of COSO’s “Fraud Risk Management Guide: Second Edition” noted performing periodic fraud risk assessments is an important element of good governance. The report “explains how fraud risk management relates to and supports fraud deterrence” and provides information on how previous COSO reports and frameworks are related and can support each other.
The guide provides implementation guidance for a fraud risk management program “that defines principles and points of focus for fraud risk management and describes how organizations of various sizes and types can establish their own fraud risk management programs.” It “includes examples of key program components and resources that organizations can use as a starting place to develop a fraud risk management program effectively and efficiently.”
New in the second edition of the report includes:
- Expanded information on data analytics, including a new point of focus for five fraud risk management principles.
- How internal control and fraud risk management are related to and support each other. The report noted many “go-to” internal control processes and procedures “may be adequate for ensuring accuracy in accounting and financial reporting but may not provide sufficient fraud protection.”
- Changes in the legal and regulatory environment, including the Department of Justice’s Evaluation of Corporate Compliance Programs; the Government Accountability Office’s Framework for Managing Fraud Risks in Federal Programs; and the Securities and Exchange Commission’s climate and environmental, social, and governance (ESG) task force reports.
- Changes in the external environment and fraud landscape, including ESG initiatives and reporting; cyber fraud; blockchain, cryptocurrency, and digital assets; ransomware; Covid-19 response efforts; remote and hybrid working environments; and innovative and virtual management tools and accounting procedures.
COSO’s latest guidance builds on the organization’s first fraud risk management guide, published in 2016.