Fraud Risk Management: Monitoring & Reporting Your Progress
By Ali Wagner, MACCT, CFE, REDW Financial Forensics & Litigation Services Analyst
In light of Internal Audit Awareness Month, this five-part series on managing fraud risk has outlined the essential steps for building an effective program that will help your organization stay ahead of the fraud game. After assessing your risk factors and putting controls in place to mitigate those risks, the final step in the overall process will involve measuring the effectiveness of your anti-fraud efforts—and reinforcing a vital, anti-fraud culture across your organization.
Get caught up on the rest of our Internal Audit Awareness Month series:
Fraud Risk Management: Monitoring Your Progress
Conducting continual and periodic evaluations can provide vital insight into the effectiveness of fraud risk management (FRM) programs and help identify opportunities for improvement. And while these evaluations should cover the full spectrum of your FRM program, at a high level they need to include two key steps:
- Implementation of Monitoring & Evaluation Activities
Focus on measuring the outcomes of monitoring and evaluation activities instead of simply reviewing the outputs.
- For example, instead of focusing on the number of attendees who completed anti-fraud training (the output), focus on evaluating how fraud awareness has improved over time (the outcome).
- Examples of activities to monitor include fraud risk assessments, enterprise-wide anti-fraud training, targeted anti-fraud trainings, and your analytics activities.
- Use of Results to Improve Your Fraud Risk Management program
Use the results of monitoring and evaluations to identify opportunities for improvement for FRM activities.
- For example, let’s say in a survey you were evaluating the effectiveness of a targeted anti-fraud training, and results were lower than expected. This would indicate that the outcome of the training was not adequately achieved and that the training should be improved to achieve the desired outcome.
Monitoring Your Progress – Overview
Monitoring and evaluating are proactive measures that can increase the perception of detection and should be communicated and visible throughout your organization. Here are some initial steps you can take to organize your efforts:
- Determine who is responsible for oversight of the monitoring and evaluation efforts. This should align with the established FRM governance structure and define roles and responsibilities across the fraud risk management monitoring process.
- Determine the type of monitoring and evaluation activities you plan to implement, ensuring that all components of your FRM program are covered.
- Set the scope and frequency of monitoring and evaluation activities. If you plan to conduct targeted evaluations of your anti-fraud training initiatives, you may decide that this should occur ad hoc (frequency) and be focused specifically on each occurrence of a new training program or topic (scope).
- Establish measurement criteria for selected monitoring and evaluation activities. Consider using benchmarks from global fraud surveys and resources dedicated by your organization to fraud risk management.
Questions on measurement criteria? Send a message to Ali Wagner.
- Perform both ongoing and separate monitoring and evaluation activities. Consider using established measurement criteria to perform comparative analyses between:
- Frauds identified versus reports or tips received
- Frauds identified versus types previously uncovered
- Frauds discovered versus fraud examinations performed
- Ratios of problems in background checks versus number of checks performed
- Implement corrective actions based on results of monitoring activities, as needed. Ensuring that there are mechanisms in place to track progress on corrective actions is key to closing identified gaps.
Fraud Risk Management: Reporting on Your Progress
Generally communicating results of your fraud risk management program at all levels of your organization is essential to increase awareness, showcase accomplishments, and motivate senior leaders to prioritize anti-fraud efforts.
However, ensuring that you communicate results, insights, and takeaways on a periodic basis to relevant parties at all levels of your organization will take your anti-fraud activities to the next level.
You can and should tell the story of your FRM efforts in the aggregate; by not doing so, you miss an opportunity not only to showcase the value of your efforts, but also to improve anti-fraud efforts overall.
The information that should be shared with leadership or across the organization can vary depending on its nature.
When determining how best to communicate insights and outcomes, as well as showcase program accomplishments, make sure to consider your organizational structure, corporate culture, and the intended audience. You may want to consider the use of reports, dashboards, or other visual representations of relevant information based on what has been shown to work best in reporting on similar initiatives in your organization.
The diagram below outlines various considerations as you develop your periodic fraud risk management report (and mirror this five-part article series.) As part of development, be sure to consider these factors both individually and together.
Reporting Elements to Consider:
- Determine target audiences. You may develop different reports for your governing council, board of directors or senior leadership than you would for individual organizational units or functions.
- Determine the frequency of reporting. This may differ per audience—annually, quarterly, etc.
- Identify the key insights and accomplishments. Consider key insights and accomplishments across individual activities and at the aggregate level to identify trends, patterns, and other relevant data points to showcase the program’s accomplishments and changes.
Remember: it is best to focus on measuring the outcomes rather than simply reviewing outputs.
- Evaluate the effectiveness and impact of reporting and make changes based on the results and feedback.
Overall, monitoring and reporting your organization’s anti-fraud efforts provides for valuable optimization opportunities, improves your odds of staying ahead of the fraud game, and reinforces an anti-fraud culture that is vital to your organization’s operations.
We hope you will consider applying all five principles of fraud risk management (established in Part 1 of this series from the ACFE/COSO Fraud Risk Management Guide), and that the organizational steps and considerations laid out in this #FraudPreventionFridays series can serve as a helpful guide!
How REDW Can Help
For questions or assistance with fraud risk management monitoring and reporting activities, or if you have concerns that a fraud has occurred, please contact REDW Financial Forensics & Litigation Services Analyst Ali Wagner, or REDW Principals Ed Street or Jessica Bundy.
Our professional team maintains specialized training and credentials in the area of fraud examination and maintains considerable experience performing thorough analyses of indicators and allegations of fraud for both private and government organizations. We respect client concerns and conduct examinations in a discreet manner to minimize any disruption of operations.
Learn more about our commitment to integrity and objectivity in performing a fraud examination.
Sources of Information:
ACFE 2020 Report to the Nations. Copyright 2020 by the Association of Certified Fraud Examiners, Inc.
ACFE The Anti-Fraud Playbook: The Best Defense Is a Good Offense. Copyright 2020 by the Association of Certified Fraud Examiners, Inc.
Fraud Risk Management Guide Executive Summary. Copyright 2016 by the Committee of Sponsoring Organizations of the Treadway Commission and the Association of Certified Fraud Examiners, Inc.
Cyber-attacks are increasing. How is your organization managing business risk? Participate in our Risk Management Survey.