What’s New?
On May 2, 2023, a joint task force between the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the Association of Certified Fraud Examiners (ACFE), released the second edition of the Fraud Risk Management Guide (Guide). The Guide provides organizations with a comprehensive framework for identifying, assessing, and mitigating fraud risk.
The following are key changes made in the 2023 edition:
- Fraud risk management and deterrence.
- Relationships between COSO’s two frameworks and fraud risk management.
- Expanded information on the use of data analytics to detect fraud.
- Internal control and fraud risk management.
- Assessing the effectiveness of existing control procedures as related to fraud risk.
- Changes in the legal and regulatory environment.
- Fraud reporting systems or hotlines.
- Changes in the external environment and fraud landscape.
This update emphasizes the importance of using technology in fraud mitigation efforts and the impact of external factors when assessing fraud risk.
Explore expert Risk Management solutions that solve real-world problems
Increase the value of internal audit and transform your enterprise risk function holistically to stay ahead of new standards, complexities, technologies, and threats.
Fraud’s Fresh Face
As the world changes, so do the factors impacting an organization’s fraud risk management program. The updated Guide specifically calls out newly evolving external factors that organizations must consider when assessing fraud risk. Some examples include:
- Environmental, Social, and Governance (ESG) initiatives and reporting: Fraudulent and unethical reporting of ESG initiatives is increasingly important with the evolving standards around this topic. The Guide specifically outlines considerations organizations must make when assessing their ESG framework.
- Blockchain, cryptocurrency, and digital assets: As the use of digital assets expands beyond the financial services sector, organizations must be prepared to understand and adapt to these risks. The updated framework emphasizes fraud risk management strategies specific to the incorporation of cryptocurrency payment methods, technical evaluations of blockchain-related risks, and committing appropriate resources to monitor these risks.
- Remote working and hybrid working environments: Remote work is now the norm in many sectors. This has opened the door for more cybersecurity attacks and forces organizations to consider the implications of fraud risk management tactics.
- Innovative and virtual management tools and accounting procedures: The use of technology through artificial intelligence (AI) and robotic process automation (RPA) comes with its benefits, but also with risks. Additionally, virtual audit techniques (such as remote inventory observations) are becoming more prevalent as organizations strive to reduce compliance costs. These innovative tools and techniques require careful consideration by management to ensure relevant fraud mitigation practices are in place.
Constant monitoring of current events and business practices helps organizations to ensure the implementation of a comprehensive fraud risk management program. In other words, as part of ensuring a complete assessment of fraud risks impacting an organization, management should continually assess real-world fraud events and ask two important questions 1) “Could this happen to us?” and 2) “How are we prepared?”
“Fraud risk management isn’t just about reacting to fraud after it has occurred. It’s also about being proactive and taking steps to prevent fraud from happening in the first place. One way to do this is through the use of evolving technologies like RPA and AI.”
Jordan Schweinsberg, Accounting & Risk Manager
A Toolkit for Practitioners
Practitioners can be better prepared by understanding the changes outlined in this updated fraud risk guide, as well as by collaborating with management, incorporating the use of emerging technologies, and being proactive.
The fraud risk management process should be a collaborative effort between internal audit and management. Management is responsible for establishing and implementing the organization’s fraud risk management program, and internal audit can provide valuable assistance in this effort by understanding and incorporating the key changes outlined in the Guide.
Additionally, fraud risk management is not just about reacting to fraud after it has occurred. It is also about being proactive and taking steps to prevent fraud from happening in the first place. One way to do this is through the use of evolving technologies.
Harnessing Tech to Outsmart Fraud
The Guide underscores the importance of expanding the use of data analytics and advanced technologies, such as AI, to support fraud risk management efforts within an organization. COSO states that “technology can be a powerful tool for fraud prevention and detection.” The Guide provides a number of examples of how technology can be used to deter and detect fraud, including:
- Using AI to identify suspicious transactions: AI can be used to analyze large amounts of data to identify patterns that may indicate fraud and that may not be visible to the naked eye through manual fraud detection techniques. For example, AI can identify suspicious or unusual transactions in financial data or identify employees submitting unusually large expense reports, indicating the presence of fraud.
- Using RPA to automate tasks that are susceptible to fraud: RPA can automate tasks that are susceptible to fraud, such as reconciling bank statements or reviewing expense reports.
- Using cybersecurity solutions to protect against cyberattacks: Cyberattacks, including hacking, economic espionage, or unauthorized access to data, are an increasingly relevant and evolving threat to businesses of all sizes. And the prevalence of remote work has created new opportunities for fraudsters to exploit vulnerabilities in remote access systems. Cybersecurity solutions can help to protect businesses from cyberattacks, which are used to commit fraud.
Securing the Future
The updated Fraud Risk Management Guide is available to all practitioners and is designed to aid in the ongoing establishment of an effective fraud risk management program.
Leading organizations are fast at work implementing standardized processes for embedding a technology-enabled fraud-prevention culture, allowing them to remain ahead of the risk curve as much as possible.
For expert support navigating the fraud landscape and designing transformative risk solutions, contact CrossCountry Consulting.