A multi-region perspective on fraud
Fraud is a major concern for organizations worldwide—and for good reason. This type of criminal activity has the potential to damage shareholder and consumer trust, erode brand value and result in serious financial and legal implications And in today’s highly-interconnected digital world, these negative impacts can be disseminated in seconds.
Canada: A regional fraud perspective
As in every global region, fraud takes a variety of complex forms in Canada—ranging from sophisticated cyber breaches and holding corporate data for ransom, to spoofing executive email addresses to gain access to internal systems. While all these threats are real, businesses often overlook one of the largest risks to their companies: occupational fraud, which is fraud committed against an organization by its own people.
Taking action: How to win the fight against fraud
The ACFE estimates that an average organization loses five percent of revenue annually to fraud. The extent of fraud an organization suffers depends largely on its business model and how seriously it manages fraud risk. The more “fraud-aware” an organization is, the less fraud it is likely to experience, as almost half of all frauds committed are due to weaknesses in internal controls (ACFE Report to the Nations 2018). Fraud-aware organizations are those that adopt strong anti-fraud controls and focus on proactive fraud detection.
In September 2016, the ACFE and the Committee of Sponsoring Organizations of the Treadway Commission (COSO) jointly issued a framework for a proactive fraud risk management approach. The Fraud Risk Management Guide describes five phases of a leading fraud risk management program.
In the United States, the Government Accountability Office (GAO) issued the Framework for Managing Fraud Risks in Federal Programs in July 2015, which describes a similar anti-fraud approach for government agencies. These approaches focus on creating a culture conducive to anti-fraud efforts by identifying and combating fraud risks through enterprise-wide fraud risk assessments and implementing fraud-focused analytics.
Develop a fraud risk management program
An effective fraud risk management program starts by assessing all forms of organizational risk—both internal and external—and defining a company’s risk appetite. Once these parameters are established, it becomes easier to devise effective prevention strategies, implement early detection controls, create avenues for internal reporting, mitigate third-party risk and establish clearly-defined anti-fraud policies.