By Nature L. Mogotsi, Operational Risk Manager, Banking
As a Master of Philosophy in Fraud Risk Management graduate, the topic of fraud risk management will always be close to my heart. Also, in light of the upcoming 14th Annual ACFE Africa Conference & Exhibition (see Association of Certified Fraud Examiners), to which I have been invited as one of the expert speakers, I write this particular article with much enthusiasm: focusing on why organisations need a fraud risk management programme.
The ACFE Africa Conference is the largest fraud conference on the continent and the second largest of its kind in the world. This year’s edition brings together 52 experts in the field of Governance, Risk and Compliance, mostly those in the Forensic and Fraud Risk Management space. I am therefore really excited about this opportunity.
In terms of “The ‘WHY’ of Fraud Risk Management,” it is worth noting that a fraud risk management is programme designed to ensure effective management of the risk of fraud in the organisation or business. The sad reality is that we may not always eliminate fraud, but the objective of the programme is to ensure that the losses thereof are lesser than they could otherwise have been if mitigation strategies were not in place. The global estimated fraud loss amounts to $3.6 billion. Bringing this down to organisational level, it is about 5 percent loss in annual revenue. These are funds that could otherwise be used for more productive development projects in our organisations and businesses, such as driving digital migration or improving staff welfare. For this reason, the need to manage fraud cannot be over-emphasised. It is imperative for every organisation and business to have a fraud risk management programme in place.
Fraud risk management can be defined as a process of identifying fraud risks within a business or organisation and then developing a customised anti-fraud programme to address fraudulent activities and illicit conduct proactively. This then implies that fraud risk management is a set of principles that provide guidelines for managing fraud, including policies and frameworks, as well as ensuring that the people, processes and systems are fully aligned to managing fraud.
FRM has gradually formed part of the bloodline of many organisations, and those with more robust programmes realise lower losses and maximize on profits. Logically, fraudsters target where there is no oversight on the risk of fraud and are often discouraged where they are aware that there is close monitoring of people, processes and system gaps that may give rise to fraud. Developing a fraud risk management programme ensures proactive management of the risk of fraud, as opposed to a reactive arrangement where the organisation loses a lot of money to fraudulent activities only to apply controls thereafter.
While there are many benefits to fraud risk management, this article will cover three reasons of why we need an FRM programme as follows: Fraud Prevention, Fraud Detection and Fraud Response.
- Prevention:
An FRM programme aims to prevent the risk of fraud from materialising. It ensures that there are adequate preventative measures or controls in place to ensure that fraud does not happen. Preventing fraud is key in every business and organisation. This is where a fraud risk assessment comes into play. It promotes fraud risk identification to ensure that all key fraud risks and vulnerabilities are identified and known. These risks are then risk-rated to ensure that a risk-based approach is adopted where focus is on prioritising the high risks. Controls are then identified for all the risks noted. These controls must also be effective to ensure that they prevent the fraud risks from materialising.
- Detection:
Where the preventative controls set out in a fraud risk management programme fail to avert the risk of fraud from materialising, an effective fraud risk management programme must be designed to ensure that fraud is discovered sooner. It has been proven that when fraud takes longer to be discovered, the losses thereof may be greater. An FRM programe assists with detective controls that are inbuilt to foster a robust detection and a culture that promotes reporting. While some detective controls may be costly, it is important to employ systematic detective controls which can trigger fraud events in real time. This will be very beneficial in the short-term and the long run.
- Response:
Once fraud has been detected, an FRM programme also ensures that there is a robust response plan to deter the fraud from recurring. The fact that potential fraudsters know that there is oversight in processes and a robust investigative regime in place, they are less likely to commit fraud. A fraud risk management programme must embed a culture of accountability and consequence management of offenders. This will drive the right behaviour to deter fraud. People generally fear punishment and a threat of being punished for offending reduces the incentive to commit fraud. It is also important that consequence management, especially in the workplace, is well publicised to limit repeat offences and to demonstrate accountability on the part of management.
For Risk Advisory and related offerings: moriskibynature@gmail.com