ESG factors have rapidly become as important as financial metrics for corporations, leading to increased pressure and potential for exploitation. Organizations must evaluate their ESG programs, update reporting standards, strengthen controls, and address fraud risks. However, the lack of consistent standards in the regulatory and reporting frameworks poses challenges, giving anti-fraud practitioners a critical role in helping organizations navigate the fraud risks associated with ESG programs.
A recent Report by the Association of Certified Fraud Examiners (ACFE) and Grant Thornton promotes an adapted Occupational Fraud and Abuse Classification System, also known as the Fraud Tree (the initial fraud tree classification is shown in the figure below – for accessing the updated ESG fraud tree please check the link referenced above), which considers fraud risks through an ESG lens. In addition to the original three categories of the ACFE Fraud Tree—corruption, asset misappropriation, and financial statement fraud—the ESG fraud taxonomy includes a fourth category called nonfinancial reporting fraud, which introduces ESG-reporting-related fraud risks. The adapted Fraud Tree serves as a useful foundation for developing a tailored fraud scheme library and can be used for traditional fraud risk assessments, ESG fraud risk assessments or to enhance a traditional risk assessment by considering the entirety of an organization’s operations, including third parties. Organizations should periodically evaluate ESG fraud risks and corresponding internal controls to mitigate financial, compliance, reputational, and other risks.
Furthermore, recommendations are provided on how to mitigate ESG fraud risk and how to develop and mature a fraud risk management program. The article suggests using the five categories of the COSO/ACFE Fraud Risk Management principles, offering actionable guidance for organizations to consider when building an ESG-informed fraud risk management program.
A useful framework has been developed to ensure a holistic approach in addressing ESG fraud risks.