Fraud Risk Management
Take calculated risks. That is quite different from being rash.
—General George S. Patton, American General in World Wars I and II (1885–1945)
After studying this chapter, the reader should be able to:
- Identify appropriate fraud risk management techniques in order to establish the corporate fraud risk profile.
- Clarify the roles of internal, external, and forensic audit in the fight against fraud.
- Design and implement effective whistleblowing both within and external to the organization as a fraud preventive and detective measure.
When people indulge in fraud, they do not do so with the expectation of being caught and punished. They commit fraud because they believe they can get away with it. To implement effective fraud risk management, risks need to be examined from the potential fraudster’s perspective. Where conventional risk assessment methodologies start with inherent risk and move toward limiting those risks by the quality of the system of internal controls, fraud-related assessment looks at the controls from the perspective of how can they be bypassed, who can bypass them, whether it be known, by whom, and how.
In a 2010 survey, Ernst & Young reported that one in seven of those organizations they interviewed had never conducted a formal risk assessment and more than one quarter of those who had conducted such an assessment admitted that they had not updated their fraud risk assessment in the previous year.1 Although board members were ...