The “ Fraud Risk Management Guide – second edition “ article from the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the Association of Certified Fraud Examiners (ACFE) is an updated guidance for organizations to follow in addressing the specific fraud risk. This Guide updates the first edition of the Fraud Risk Management Guide published in 2016. The Guide’s five principles are consistent with the five COSO Internal Control Components as well as the 17 COSO principles and gives organizations, whether large or small, government or private, profit or non-profit, the information necessary to design a plan specific to the risks for that entity.
Some of the key changes, included in the 2023 edition are: how Fraud risk management supports deterrence; expanded information on data analytics; assessing the effectiveness of existing control procedures as related to fraud risk; changes in the legal and regulatory environment; and many more.
The article suggests two approaches that organizations using the COSO 2013 Internal Controls Framework can take to address the important fraud assessment principle.
- Organizations can use this Guide’s second fraud risk management principle (as shown in the figure below) on a stand-alone basis to conduct a fraud risk assessment that is compliant with COSO 2013 IC Framework Principle 8. Using this approach, an organization would overlay this fraud risk assessment process on its existing internal control structure by revisiting each component of internal control and assessing vulnerabilities to fraud.
- Organizations can implement this Guide as a separate, compatible, and more comprehensive process to not only periodically assess, but to also manage the organization’s fraud risks as part of a broader Fraud Risk Management Program. This approach includes a fraud risk assessment and also encompasses fraud risk governance, designing and implementing fraud control activities, fraud investigation and corrective action, and fraud risk management evaluation and monitoring. Adopting this approach results in an ongoing, comprehensive Fraud Risk Management Program, as illustrated in the figure below.
The full report can be found here.