Advisory
Fraud Risk Management White Paper: Developing a Strategy for Prevention, Detection, and Response
A new white paper from KPMG Forensic sets out the fundamental requirements for an effective fraud risk management strategy.
KPMG's recent Profile of a Fraudster Survey 2007 clearly indicated that companies need to take a strategic approach to fraud risk management by aligning corporate values with performance. Fraud risk management must become part of the corporate culture, and in order to succeed, must be viewed as an ongoing process. In the same breath, management should continuously evaluate the effectiveness of their risk strategy and controls, particularly in light of developments in the market or regulatory environment. We see an effective approach as having three primary objectives - prevention, detection and response. In order to align the strategy with these objectives, a comprehensive fraud and misconduct risk assessment will assist management to understand their business unique risks, identify gaps or weaknesses in their controls and develop a plan for targeting the right resources and controls.
Ultimately the strategy adopted by management may seek to include a well-implemented code of conduct that communicates to employees acceptable business standards and management’s commitment to integrity, a carefully planned communications and training program to raise employee awareness of their obligations concerning fraud and misconduct controls; and a comprehensive fraud response plan, documenting the responses to allegations of fraud or misconduct, and which has been communicated to line management. This plan should consider internal and external investigations, the use of the internal disciplinary system (which in turn should detail enforcement and accountability protocols), and the public disclosure of the fraud and misconduct to demonstrate the commitment of management to combat fraud, pre-empt possible negative publicity and assist in putting the matter to rest.
Management may further choose to conduct an appropriate employee and third-party (e.g. vendor) take–on due diligence and implement hotlines that provide employees and third-parties with a way to report possible fraud and misconduct and to seek advice when the appropriate course of action is unclear. Other effective tools to detect possible fraud include the conducting of special audits and use of other monitoring activities, including proactive forensic tools such as sophisticated analytic testing, computer-based cross matching, and non-obvious relationship identification.
Faced with an increasing array of frameworks and standards governing business conduct, many companies continue to struggle with how to mitigate the innumerable risks posed by fraud and misconduct. The development of an integrated fraud risk management program will not only help support compliance with regulatory mandates but also will assist an organization to protect its assets, including its reputation.
To download the KPMG white paper, Fraud Risk Management: Developing a Strategy for Prevention, Detection and Response, please click on the link below.
Ultimately the strategy adopted by management may seek to include a well-implemented code of conduct that communicates to employees acceptable business standards and management’s commitment to integrity, a carefully planned communications and training program to raise employee awareness of their obligations concerning fraud and misconduct controls; and a comprehensive fraud response plan, documenting the responses to allegations of fraud or misconduct, and which has been communicated to line management. This plan should consider internal and external investigations, the use of the internal disciplinary system (which in turn should detail enforcement and accountability protocols), and the public disclosure of the fraud and misconduct to demonstrate the commitment of management to combat fraud, pre-empt possible negative publicity and assist in putting the matter to rest.
Management may further choose to conduct an appropriate employee and third-party (e.g. vendor) take–on due diligence and implement hotlines that provide employees and third-parties with a way to report possible fraud and misconduct and to seek advice when the appropriate course of action is unclear. Other effective tools to detect possible fraud include the conducting of special audits and use of other monitoring activities, including proactive forensic tools such as sophisticated analytic testing, computer-based cross matching, and non-obvious relationship identification.
Faced with an increasing array of frameworks and standards governing business conduct, many companies continue to struggle with how to mitigate the innumerable risks posed by fraud and misconduct. The development of an integrated fraud risk management program will not only help support compliance with regulatory mandates but also will assist an organization to protect its assets, including its reputation.
To download the KPMG white paper, Fraud Risk Management: Developing a Strategy for Prevention, Detection and Response, please click on the link below.
fraud_risk_management_en.pdf, Size: 668.4 KB