Something to Consider March 2019 – Where Does Ownership of Fraud Risk Lie?
Who should take the lead on detecting and preventing fraud? Most peoples answers would involve internal audit, or a compliance team. But is this too narrow a focus?
With the advances in the sophistication of phishing and other forms of cybercrime, fraud is no longer an academic debate. The exposure is not just financial, but affects business reputation and customers directly. Senior management and boards must lead from the top and implement company-wide processes and procedures which proactively, continuously and sustainably assess and manage fraud-specific risks.
The most effective fraud prevention programs will ensure that implementation and assessment of controls is not where the process stops: tackling the human factor in fraud, and creating a company wide ethos where all employees feel knowledgeable and accountable is a key step and one that has been ignored by the fraud triangle model.
We cannot afford to isolate risk management (of fraud and other risks!) as the responsibility of one department. The decisions we make across the business affect our exposure. It now really is a team game! But this has to start at the top to create and promote a work environment that transcends mere compliance. You can read more about how and who should take the lead on combatting fraud here.