An organization must take three fundamental actions to mitigate
fraud. They include creating a culture of honesty and high ethics,
evaluating antifraud processes and controls, and developing an
appropriate oversight process. The following are some of the
highlights from the document. There are three main headings and 14
subheadings, with brief explanations following.
Creating a Culture of Honesty and High
Ethics
- Setting the Tone at the Top Directors and
Management of an organization set the “tone at the top” for ethical
behavior. Research in moral development strongly suggests that
honesty can be reinforced when a proper example is set.
- Creating a Positive Workplace Environment
Research indicates that less wrongdoings occurs when employees have
positive feelings about work.
- Hiring and Promoting Appropriate Employees If
an organization is to be successful in preventing fraud, it must
have effective policies that minimize the chance of hiring or
promoting individuals with low levels of honesty, especially for
positions of trust.
- Training New employees should be given
training at the time of hiring covering the organization’s values
and its code of conduct.
- Confirmation Management needs to clearly state
that all employees will be held accountable to act within the
organization’s code of conduct.
- Discipline The method an organization reacts
to incidents of alleged or suspected fraud sends a strong deterrent
message throughout the organization.
Evaluating Antifraud Processes and Controls
- Identifying and Measuring Fraud Risks
Management had the primary responsibility for establish and
monitoring all aspects of the organization’s fraud risk assessment
and prevention activities
- Mitigating Fraud Risks It may be possible to
reduce or eliminate certain fraud risks by making changes to the
organization’s activities and processes.
- Implementing and Monitoring Appropriate Internal
Controls Once a fraud risk assessment has taken place, the
organization can identify the processes, controls, and other
procedures that are needed to mitigate the identified risks.
Developing an Appropriate Oversight Process
- Audit Committee The Audit Committee should
evaluate management’s identification of fraud risks, implementation
of antifraud measures, and creation of the appropriate tone at the
top. If the organization does not have an audit committee, then the
board of directors should do the evaluation.
- Management Management is responsible for
overseeing the activities carried out by employees, and does so by
implementing and monitoring processes and controls, such as those
discussed previously.
- Internal Auditors An effective internal audit
team (if the organization has internal auditors) can be extremely
helpful in performing aspects of the oversight function. Their
knowledge about the organization may enable them to identify
indicators that suggest fraud has been committed.
- Independent Auditors Independent auditors can
assist management and the board of directors by providing an
assessment of the organization’s process for assessing and
responding to fraud risks. The board of directors should have an
open and candid dialogue with the independent auditors regarding
management’s risk assessment and the system of internal
control.
- Certified Fraud Examiners Certified Fraud
Examiners may assist the board of directors with aspects of the
oversight process either directly or as a part of the team of
internal auditors or independent auditors. In addition, they can
assist the board of directors in evaluating the fraud risk
assessment and fraud preventive measures implemented by
management.