acfe fraud prevention check-up - BKD

Thus, to properly address fraud risk within the organization, principles described in the following sections of thispaper are needed to make sure:• Suitable fraud risk management oversight and expectations exist (governance) — Principle 1.• Fraud exposures are identified and evaluated (risk assessment) — Principle 2.• Appropriate processes and procedures are in place to manage these exposures (prevention and detection)— Principles 3 & 4.• Fraud allegations are addressed, and appropriate corrective action is taken in a timely manner (investigationand corrective action) — Principle 5. 9SECTION 1: FRAUD RISK GOVERNANCEPrinciple 1: As part of an organization’s governance structure, a fraud risk management program shouldbe in place, including a written policy (or policies) to convey the expectations of the board of directorsand senior management regarding managing fraud risk.Corporate governance has been defined in many ways, including “The system by which companies are directedand controlled,” 10 and “The process by which corporations are made responsive to the rights and wishes ofstakeholders.” 11 Corporate governance is also the manner in which management and those charged with oversightaccountability meet their obligations and fiduciary responsibilities to stakeholders.Business stakeholders (e.g., shareholders, employees, customers, vendors, governmental entities, communityorganizations, and media) have raised the awareness and expectation of corporate behavior and corporategovernance practices. Some organizations have developed corporate cultures that encompass strong boardgovernance practices, including:• Board ownership of agendas and information flow.• Access to multiple layers of management and effective control of a whistleblower hotline.• Independent nomination processes.• Effective senior management team (including chief executive officer (CEO), chief financial officer, and chiefoperating officer) evaluations, performance management, compensation, and succession planning.• A code of conduct specific for senior management, in addition to the organization’s code of conduct.• Strong emphasis on the board’s own independent effectiveness and process through board evaluations,executive sessions, and active participation in oversight of strategic and risk mitigation efforts.These corporate cultures also include board assurance of business ethics considerations in hiring, evaluation,promotion, and remuneration policies for employees as well as ethics considerations in all aspects of theirrelationships with customers, vendors, and other business stakeholders. Effective boards and organizations will also9The Open Compliance and Ethics Group (OCEG) Foundation principles displayed in Appendix F of this document also provide guidance onunderlying principles of good governance relative to fraud risk management.10Sir Adrian Cadbury, The Committee on the Financial Aspects of Corporate Governance.11Ada Demb and F. Friedrich Neubauer, The Corporate Board: Confronting the Paradoxes.10