acfe fraud prevention check-up - BKD

PO4-Event IdentificationPO4.1 Define Event Identification Methodology that includes brainstorming, defines the categories andclassifications for various fraud and corruption risks, applies a consistent methodology to facilitate the comparisonof risks across business units, departments and groups, includes consideration of unique pressures and businessmethods in particular industries and geographies that pose greater fraud risk, and past instances of fraudulent orcorrupt conduct like management override of controls and the remediation measures already put in place. (SeeAppendix C and see p. 4 for sources of risk universe information).PO4.2 Identify and Analyze Events within the organization’s culture, product and service mix, processes and systems,trends and changes in the entity’s markets, and in society that may introduce specific fraud and corruption relatedrisks like changes in accounting procedures, mergers and consolidation, shifts toward outsourcing or sourcing inareas with weaker detection of risks in the extended enterprise.PO5-Risk AssessmentPO5.1 Define Risk Assessment Methodology that identifies the frequency of or triggers that require reassessment,utilizes “strategic reasoning” and includes criteria for determining likelihood, impact (monetary, compliance andreputational) and relative priority of risks identified through historical information, known fraud schemes, experienceof internal and external audit, subject matter experts for particular geographies and industries, and interviews ofbusiness process owners. (See Appendix C).PO5.2 Analyze Likelihood / Impact in accordance with prescribed methodology and consistently across the enterpriseto be able to make meaningful comparison and facilitate prioritization.PO5.3 Define Priorities to properly allocate available resources to highest priority fraud risks.PO6-Program Design & StrategyPO6.1 Define Initiatives to Address Risks whether these are completing initiatives already underway or newinitiatives designed to prevent, detect, and mitigate fraud risk based upon an analysis that the initiative is mandatedby legal requirements or its projected benefits exceed costs.PO6.2 Define Initiatives to Address Opportunities & Values to enhance the ethical culture resulting in anenvironment that is more resistant to fraud risk.PO6.3 Select Initiatives, Controls & Accountability based upon allocated resource, and relative ranking, identify theparticular fraud risk management initiatives and controls that will be pursued, placing them against a portfolioimplementation plan and assigning accountability for project management and effectiveness.PO6.4 Define Crisis Responses to include the scenario where the degree or nature of the fraudulent or corruptconduct poses catastrophic financial or reputational risk.PO6.5 Define Strategic Plan in the form substantially like the Fraud Control Strategy or Policy Template that:• Defines fraud.• Communicates the entity’s commitment to fraud prevention, detection and deterrence.• Outlines the fraud control strategies, including training and the internal audit strategy relative to fraudcontrol.• Reflects the fraud control initiatives, including accountability and resources for those initiatives andmitigating resistance to change.• Reflects the fraud risk management methodology, including identification, assessment and prioritization.• Documents the fraud roles and responsibilities at all levels of the organization.• Communicates the procedures for reporting and investigating fraud, including disclosure and discipline.• Addresses employment considerations, conflict of interest, change challenges and approval.• Communicates how frequently and by what methods the program will be measured and evaluated.73