The Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the Association of Certified Fraud Examiners (ACFE) jointly announced the release of the Fraud Risk Management Guide: Second Edition, a new publication that offers a blueprint for helping organizations establish an overall Fraud Risk Management Program.
The Guide updates the first edition of the Fraud Risk Management Guide published in 2016. It also draws from a 2008 publication published and sponsored by the American Institute of CPAs (AICPA), Institute of Internal Auditors (IIA), and the ACFE. Updates reflect recent anti-fraud developments, revise terminology, and add important information related to technology developments – specifically data analytics.
Since its inception, COSO has provided guidance on internal control, enterprise risk management, and fraud deterrence. This Guide will be familiar to COSO Framework users. It contains principles and points of focus, aligned with the internal control framework and principles outlined in COSO’s 2013 Internal Control – Integrated Framework (2013 ICIF) .
“The 2016 Fraud Risk Management Guide became recognized as containing a widely accepted set of leading practices for anti-fraud professionals and organizations intent on deterring fraud,” said Paul Sobel, past COSO Chair who oversaw this project. “Fraud is not static. Accordingly, COSO and the ACFE initiated an update process that included reaching out to a broad range of users for recommendations on where the Guide can be improved, and assembled a team to take a refreshed look at the Guide and assess how and where it should be updated.”
Key updates in the Second Edition include:
- Fraud risk management and deterrence: Explains how fraud risk management relates to and supports fraud deterrence — a key theme in COSO’s mission.
- Relationships among COSO’s two frameworks and fraud risk management: Explains how the COSO 2013 Internal Control — Integrated Framework, the COSO 2017 Enterprise Risk Management — Integrating with Strategy and Performance Framework and the Fraud Risk Management Guide are related and support each other.
- Expanded information on data analytics: Includes expanded and updated information on data analytics, while continuing to emphasize the importance of interviewing and whistleblower systems.
- Internal control and fraud risk management: Explains how internal control and fraud risk management are related and support each other but are different in some important respects.
- Changes in the legal and regulatory environment: Includes updated information with respect to recent legal and regulatory developments in the U.S. pertaining to fraud and fraud risk management.
“It is impossible to eliminate all fraud in all organizations. However, effective leaders address fraud risk as they do any risk — they manage it,” said ACFE President and CEO Bruce Dorris, “The Fraud Risk Management Guide gives organizations, whether large or small, government or private, profit or non-profit, the information necessary to design a plan specific to the risks for that entity. There is no ‘one size fits all approach’ to managing fraud risk, but by applying the guidance in the updated Guide, an organization can create a custom-fitted program tailored to its specific needs.”
The Guide includes examples of key program components and resources that organizations can use to develop a fraud risk-management program effectively and efficiently. In addition, it contains references to other sources of guidance for tailoring a fraud risk-management program to a specific industry.
“COSO’s mission is to help organizations improve performance by developing thought leadership that enhances internal control, risk management, governance and fraud deterrence. The Fraud Risk Management Guide is a key tool for furthering this mission, mainly with respect to fraud deterrence, particularly through the principled alignment supported by COSOs existing 2013 ICIF,” added Lucia Wind, COSO Chair.