New guidelines for fighting fraud have been released jointly by three leading professional organizations.
"Managing the Business Risk of Fraud: A Practical Guide" is sponsored by the Association of Certified Fraud Examiners (ACFE), the American Institute of Certified Public Accountants (AICPA), and The Institute of Internal Auditors (IIA). Principles for establishing effective fraud risk management, regardless of the type or size of an organization, are outlined in the guide.
"Regulations throughout the world assign the responsibility for preventing fraud to management," said ACFE President James D. Ratley, CFE. "But beyond regulatory requirements, organizations that value ethical behavior as a core principle and actively manage their fraud risks ultimately will be more competitive and earn and preserve a more positive corporate reputation."
The new guidance provides a practical approach for companies committed to preserving stakeholder value. It can be used to assess or improve an organization's fraud risk management program, or to develop an effective program where none exists.
Five key principles within the guidance address governance, risk assessment, fraud prevention and detection, investigation, and corrective action. Following the guidance will help ensure that there is suitable oversight of fraud risk management, that fraud exposures are identified and evaluated, that appropriate processes and procedures are in place to manage those exposures, and that fraud allegations are addressed in a timely manner.
"Many organizations need to do more to deter fraud," said AICPA President and Chief Executive Officer Barry C. Melancon, CPA. "Preventing fraud requires a dedicated commitment from management. This guide provides best practices, tools, and examples that organizations can use to help manage their fraud risks."
The guidance outlines the relationship between fraud prevention and governance, pointing out that the board's role is critically important because most major frauds have historically been perpetrated by senior management in collusion with other employees. The guidance further explains that personnel at all levels of an organization have responsibility for confronting fraud risk. Those from the board room to the mailroom should understand how the organization is responding to heightened regulations and public and stakeholder scrutiny; what form of fraud risk management program is in place; how fraud risks are identified; what is being done to prevent and detect fraud, and what processes are in place to investigate fraud and take corrective action.
"In many cases, boards of directors and management do not expect to have fraud in their organizations -- and articulate that loudly," said IIA President David A. Richards, CIA. "But just saying 'we don't want fraud' or 'we don't tolerate fraud' does not ensure that fraud will not occur. Organizations must take a proactive stance to ensure that effective fraud prevention and detection techniques are properly used in response to key risks."
A team of more than 20 fraud management experts from the private and public sectors, as well as academia, worked to compile the guidelines over a two-year period. The guidance is endorsed by the Association of Chartered Certified Accountants, the Canadian Institute of Chartered Accountants, the Institute of Management Accountants, the Open Compliance & Ethics Group, the Society of Corporate Compliance and Ethics, and The Value Alliance.
According to the ACFE's 2006 Report to the Nation on Occupational Fraud, U.S. organizations lose an estimated 5 percent of their annual revenues due to fraud. When applied to the estimated 2006 GDP, those losses added up to approximately $653 billion. The report also concluded that organizations without anti-fraud programs -- such as fraud hotlines, internal audit departments, and anti-fraud training -- lost approximately twice the amount of revenue to fraud when compared to organizations with anti-fraud programs. For example, organizations without an anonymous fraud hotline suffered a median annual loss of $200,000, whereas organizations with hotlines suffered a median annual loss of only $100,000.
"Managing the Business Risk of Fraud: A Practical Guide" can be downloaded for free from the sponsoring organizations' Web sites at http://www.acfe.org/, http://www.aicpa.org/, and http://www.theiia.org/.