C O S O ’S F R A U D R I S K M A N A G E M E N T G U I D E : R E A S O N A B L E

STEPS, REWARDING RE TURNS

06.21.2017 | Berdon Industry Insights

Five Fraud Risk Management Principles

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has taken steps in guiding companies in
establishing formidable fraud risk management practices. In an environment where company defenses seem more porous
than ever, COSO has augmented and aligned its 17 principles of internal control, issued in 2013, with an additional five fraud
risk management principles. These principles should be accepted as integral components of corporate governance and a
sound internal control environment.

The measures discussed in the Fraud Risk Management Guide (the “Guide”) are practical, and if properly implemented, can
add another layer of security in a business environment.

The Guide sets out specific processes for effective fraud risk management. In order to achieve optimal results, best practice is
to implement a program that covers the following five principles:

• Principle 1 recommends establishment of fraud risk governance, which would begin with an assessment of the
organization’s commitment to integrity and ethics. A positive corporate environment should encompass anti-fraud
sentiment by all layers of the organization, starting with the board of directors and filtered down to the rest of the
organization.

• Principle 2 requires companies to perform a comprehensive fraud risk assessment addressing and evaluating “fraud risk
scenarios” specific to each organization. The scenarios should cover various possibilities of fraudulent acts, such as
fraudulent financial reporting, and misappropriation of assets, including fraud committed by employees, customers or
vendors. Other illegal acts may include bribery, money laundering, cybersecurity breaches, and violation of labor and L
consumer protection regulations and laws. C

• Principle 3 recommends examination and augmentation of existing control activities to ensure that both preventative and
detective control activities are in place.

• Principle 4 suggests organizations set up protocols and mechanisms, which can be easily deployed for identification of
fraudulent activities, timely investigations, identification of root causes, and formulation of remediation steps.

• Principle 5 covers both on-going and separate evaluations of effectiveness of the first four principles described above.
The evaluations can be achieved with the help of internal or external resources, such as internal audits, or monitoring of
key risk indicators.

Only by covering all of these bases can a business hope to establish a solid defensive shield against fraud. COSO stresses
that internal control issues stemming from errors differ from basic flaws that open a business to fraud. It is the difference
between accident and intent. By not assessing the internal control environment thoroughly to identify possibilities where
intentional acts of fraud may be committed, a business can be vulnerable to:

This communication is for general information purposes only. It is not intended as professional advice in connection with any specific
circumstances.

Any actions based on the content of this communication should only be undertaken after consulting your professional advisor.

© Copyright 2022 Berdon LLP. All rights reserved. Berdon reserves the right to reproduce our material as it appears in other print or
electronic media
 • Misstated financial information

• Misstated nonfinancial information

• Misappropriated assets

• Direct illegal acts and corruption

The Guide acknowledges that fraud risk can be present in many areas of a business and recommends that multiple
stakeholders have roles in mitigating risk. These soldiers in the war on fraud can include:

• Board members

• Audit committee members

• Senior management

• Management at lower department levels

• Internal auditors

• External auditors

• Service providers

Data Analytics

The Guide, which was co-sponsored by the Association of Certified Fraud Examiners (ACFE), is essentially a blueprint for
helping businesses establish an overall fraud risk management program. The Guide covers recent developments in risk
management, including details on the use of technology, in particular, the value of data analytics.

Data analysis enables an organization to examine massive volumes of data and activities within entire business processes to
assess fraud risk and highlight indicators of where risks of fraud may exist. Companies may also be able to detect
circumstances where existing fraud prevention controls failed, were breached, circumvented, or bypassed entirely. Companies
may even uncover areas where they do not have, or never had, proper controls in place.
L
Anti-fraud Program Development C

The Guide provides examples of key program components and resources that organizations can tap into in order to develop a
fraud risk management program. Still, further, the Guide offers references to other sources of guidance for developing a
fraud risk management program for specific industries.

The ideas, thoughts, and recommendations in the Guide are both reasonable and prudent. The steps that an organization can
take based on the information in the Guide can deliver a return that may not be easily measured. Unless, of course, peace of
mind, security, profitability, and the ongoing existence of a business can be quantified. The Guide is a resource that crosses
industries and business sectors. The only question a company owner should ask now is: “How much risk am I willing to take?”

If you have questions about the best approach to fraud risk management for your company or would like to discuss having a
fraud risk assessment performed, contact your Berdon advisor.

Berdon LLP, New York Accountants

This communication is for general information purposes only. It is not intended as professional advice in connection with any specific
circumstances.

Any actions based on the content of this communication should only be undertaken after consulting your professional advisor.

© Copyright 2022 Berdon LLP. All rights reserved. Berdon reserves the right to reproduce our material as it appears in other print or
electronic media
 L
C

This communication is for general information purposes only. It is not intended as professional advice in connection with any specific
circumstances.

Any actions based on the content of this communication should only be undertaken after consulting your professional advisor.

© Copyright 2022 Berdon LLP. All rights reserved. Berdon reserves the right to reproduce our material as it appears in other print or
electronic media