PO4-Event IdentificationPO4.1 Define Event Identification Methodology that includes brainstorming, defines the categories andclassifications for various <strong>fraud</strong> and corr<strong>up</strong>tion risks, applies a consistent methodology to facilitate the comparisonof risks across business units, departments and gro<strong>up</strong>s, includes consideration of unique pressures and businessmethods in particular industries and geographies that pose greater <strong>fraud</strong> risk, and past instances of <strong>fraud</strong>ulent orcorr<strong>up</strong>t conduct like management override of controls and the remediation measures already put in place. (SeeAppendix C and see p. 4 for sources of risk universe information).PO4.2 Identify and Analyze Events within the organization’s culture, product and service mix, processes and systems,trends and changes in the entity’s markets, and in society that may introduce specific <strong>fraud</strong> and corr<strong>up</strong>tion relatedrisks like changes in accounting procedures, mergers and consolidation, shifts toward outsourcing or sourcing inareas with weaker detection of risks in the extended enterprise.PO5-Risk AssessmentPO5.1 Define Risk Assessment Methodology that identifies the frequency of or triggers that require reassessment,utilizes “strategic reasoning” and includes criteria for determining likelihood, impact (monetary, compliance andreputational) and relative priority of risks identified through historical information, known <strong>fraud</strong> schemes, experienceof internal and external audit, subject matter experts for particular geographies and industries, and interviews ofbusiness process owners. (See Appendix C).PO5.2 Analyze Likelihood / Impact in accordance with prescribed methodology and consistently across the enterpriseto be able to make meaningful comparison and facilitate prioritization.PO5.3 Define Priorities to properly allocate available resources to highest priority <strong>fraud</strong> risks.PO6-Program Design & StrategyPO6.1 Define Initiatives to Address Risks whether these are completing initiatives already underway or newinitiatives designed to prevent, detect, and mitigate <strong>fraud</strong> risk based <strong>up</strong>on an analysis that the initiative is mandatedby legal requirements or its projected benefits exceed costs.PO6.2 Define Initiatives to Address Opportunities & Values to enhance the ethical culture resulting in anenvironment that is more resistant to <strong>fraud</strong> risk.PO6.3 Select Initiatives, Controls & Accountability based <strong>up</strong>on allocated resource, and relative ranking, identify theparticular <strong>fraud</strong> risk management initiatives and controls that will be pursued, placing them against a portfolioimplementation plan and assigning accountability for project management and effectiveness.PO6.4 Define Crisis Responses to include the scenario where the degree or nature of the <strong>fraud</strong>ulent or corr<strong>up</strong>tconduct poses catastrophic financial or reputational risk.PO6.5 Define Strategic Plan in the form substantially like the Fraud Control Strategy or Policy Template that:• Defines <strong>fraud</strong>.• Communicates the entity’s commitment to <strong>fraud</strong> <strong>prevention</strong>, detection and deterrence.• Outlines the <strong>fraud</strong> control strategies, including training and the internal audit strategy relative to <strong>fraud</strong>control.• Reflects the <strong>fraud</strong> control initiatives, including accountability and resources for those initiatives andmitigating resistance to change.• Reflects the <strong>fraud</strong> risk management methodology, including identification, assessment and prioritization.• Documents the <strong>fraud</strong> roles and responsibilities at all levels of the organization.• Communicates the procedures for reporting and investigating <strong>fraud</strong>, including disclosure and discipline.• Addresses employment considerations, conflict of interest, change challenges and approval.• Communicates how frequently and by what methods the program will be measured and evaluated.73
PR-Prevent, Protect & PreparePR1-General Controls, Policies & ProceduresPR1.1 Develop Controls, Policies & Procedures that represent a mix of controls designed to prevent, detect, monitor,and respond to <strong>fraud</strong> risk, including:• Policy defining <strong>fraud</strong>, irregularities, authority to conduct investigations, confidentiality, and reporting ofresults of investigations, and potential disciplinary action should <strong>fraud</strong> be confirmed.• Policies encouraging high ethical standards and empowering employees, customers and vendors to insistthose standards are met.• Policy that everyone be 100% open and honest with external auditors.• Policy that <strong>fraud</strong> involving senior management or that causes a material misstatement of financialstatements be reported directly to the audit committee.• Policy that <strong>fraud</strong> detected by either internal audit or external audit be brought to the attention of theappropriate level of management.• Procedures regarding the nature and extent of communications with the audit committee about <strong>fraud</strong>committed by lower level employees.• Preventive controls like exit interviews, background <strong>check</strong>s, training, segregation of duties, performanceevaluation, compensation practices, physical and logical access restrictions.• Detective controls like anonymous reporting, internal audit, and process controls.PR1.2 Implement and Manage Controls, Policies & Procedures confirming roles and responsibilities related to the<strong>fraud</strong> policy (See Appendix B), proper communication, implementation of, adherence to, and operation of <strong>fraud</strong> riskmanagement controls, policies and procedures.PR1.3 Automate Controls, Policies & Procedures to protect against the risk that <strong>fraud</strong>ulent or corr<strong>up</strong>t conduct goundetected due to inherent variation in human-centric activities.PR2-Code Of ConductPR2.1 Develop Code of Conduct to include expectations about proper conduct in the face of opportunities for <strong>fraud</strong>or corr<strong>up</strong>tion, non-retaliation for and the proper procedures for reporting identified <strong>fraud</strong>ulent or corr<strong>up</strong>t conductregardless of whether the opportunity arises from conflict of interest, use of corporate assets, customer, s<strong>up</strong>plier,government or other business dealings.PR2.2 Distribute and Manage Code of Conduct publicly and across all levels of the organization so that each levelunderstands and receives training on their respective roles and responsibilities in relation to <strong>fraud</strong> and corr<strong>up</strong>tionrisk management, keeping the Code refreshed based <strong>up</strong>on changes in laws, operating conditions and policies.PR3-Training & EducationPR3.1 Design / Develop Training related to ethical conduct in the face of stressors or opportunities for <strong>fraud</strong>ulentor corr<strong>up</strong>t behavior that occur at all levels of the organization and through the extended enterprise, assuring thatsuch training is timely attended based <strong>up</strong>on changes in roles or responsibilities, and that individuals are meetingcomprehension goals.PR3.2 Implement and Manage Training to confirm that <strong>fraud</strong> risk management training appropriate to each person’srole has been delivered in accordance with the training plan and has met all performance targets.74
- Page 1 and 2:
ACFE FRAUD PREVENTIONCHECK-UP
- Page 3 and 4:
ACFE FRAUD PREVENTIONCHECK-UPThe Be
- Page 5 and 6:
ACFE FRAUD PREVENTIONCHECK-UPACFE F
- Page 7 and 8:
ACFE FRAUD PREVENTIONCHECK-UPACFE F
- Page 9 and 10:
ACFE FRAUD PREVENTIONCHECK-UPACFE F
- Page 11 and 12:
ACFE FRAUD PREVENTIONCHECK-UPACFE F
- Page 13 and 14:
Sponsored by:The Institute of Inter
- Page 15 and 16:
Team Members:Toby J.F. Bishop, CPA,
- Page 17 and 18:
Managing the Business Risk of Fraud
- Page 19 and 20:
establish their own fraud risk mana
- Page 21 and 22:
Fraud risk identification may inclu
- Page 23 and 24:
Thus, to properly address fraud ris
- Page 25 and 26:
The board also has the responsibili
- Page 27 and 28:
• Implementing adequate internal
- Page 29 and 30:
Fraud Risk Management Program Compo
- Page 31 and 32:
ecently been hired in the purchasin
- Page 33 and 34:
Organizations can identify and asse
- Page 35 and 36: The Risk Assessment TeamA good risk
- Page 37 and 38: This also involves understanding th
- Page 39 and 40: - Invoices for goods not received o
- Page 41 and 42: Other RisksRegulatory and Legal Mis
- Page 43 and 44: SECTION 3: FRAUD PREVENTIONPrincipl
- Page 45 and 46: An organization’s HR group is oft
- Page 47 and 48: SECTION 4: FRAUD DETECTIONPrinciple
- Page 49 and 50: Process ControlsProcess controls sp
- Page 51 and 52: keep such information confidential.
- Page 53 and 54: will vary depending on the nature,
- Page 55 and 56: Conducting the InvestigationPlannin
- Page 57 and 58: • Extended investigation — Cond
- Page 59 and 60: Fraud ControlsDeloitte Forensic Cen
- Page 61 and 62: APPENDIX B: SAMPLE FRAMEWORK FOR A
- Page 63 and 64: APPENDIX C: SAMPLE FRAUD POLICY 41N
- Page 65 and 66: CONFIDENTIALITYThe ______________ U
- Page 67 and 68: Sample Fraud Policy Decision Matrix
- Page 69 and 70: Identified Fraud Risksand Schemes (
- Page 71 and 72: 2) Misappropriation of:a) Tangible
- Page 73 and 74: ) Embezzlement(1) False accounting
- Page 75 and 76: Fraud Prevention Area, Factor, or C
- Page 77 and 78: Fraud Prevention Area, Factor, or C
- Page 79 and 80: Fraud Prevention Area, Factor, or C
- Page 81 and 82: Fraud Prevention Area, Factor, or C
- Page 83 and 84: O-Organization / PersonnelO1-Leader
- Page 85: O4.3 Enhance Operational Skills & C
- Page 89 and 90: E-Periodic EvaluationE1-Evaluation
- Page 91 and 92: I2-CommunicationI2.1 Develop Commun
- Page 93 and 94: CriminologyFraud Prevention Program
- Page 95 and 96: CriminologyFraud Prevention Program
- Page 97 and 98: CriminologyFraud Prevention Program
- Page 99 and 100: CriminologyFraud Prevention Program
- Page 101 and 102: CriminologyFraud Prevention Program
- Page 103 and 104: CriminologyFraud Prevention Program
- Page 105 and 106: CriminologyFraud Prevention Program
- Page 107 and 108: CriminologyFraud Prevention Program
- Page 109 and 110: CriminologyFraud Prevention Program
- Page 111 and 112: CriminologyFraud Prevention Program
- Page 113 and 114: CriminologyFraud Prevention Program
- Page 115 and 116: CriminologyFraud Prevention Program
- Page 117 and 118: Sample Fraud PolicyAssociation of C
- Page 119 and 120: Sample Fraud PolicyCONFIDENTIALITYT
- Page 121 and 122: Sample Fraud PolicyFraud Policy Dec
- Page 123 and 124: Fraud’s Worst Enemyhttp://www.fra
- Page 125 and 126: ACFE Insights - ACFE Insightshttp:/
- Page 127: ACFE Insights - ACFE Insightshttp:/