Fraud. The dreaded word no organization wants to hear. Or do you? I would say it’s one word you do want to hear – and talk about – well before it happens to your institution.
Combating fraud is always a challenge, and with recent indicators pointing to a significant uptick in fraud instances since the pandemic set in, now is a great time to institute or reevaluate your current fraud risk management practices.
A strong fraud risk management program will help you prepare for, protect and enable your organization to develop a response plan in the event fraud risk elevates to unacceptable levels. Our recommended approach leverages recognized frameworks and guidance from COSO and the ACFE. Some critical steps to consider would be.
Step one in the process is to understand where your organization’s fraud risk management program currently stands and to assess where you’d like the program to be in the future. Evaluating the current state of your organization will help you develop a plan to achieve your long-term vision.
Second, determine how fraud awareness can be promoted throughout your organization, whether it’s through creating a fraud risk governance policy, instituting a fraud risk training program, or simply by communicating fraud risk management roles and responsibilities to employees. This exercise will lead you to build a unique program that fits your needs, since there’s no cookie-cutter model when it comes to fraud risk management.
The remaining steps dovetail with identifying fraud risk schemes your institution may be vulnerable to, assessing how you’re managing those schemes, and how you’re evaluating and managing fraud risk areas that are not properly mitigated. When identifying fraud risk schemes relevant to your institution, we recommend considering your risk universe, looking at what’s occurring in the industry at-large and leveraging the FDIC Bank Fraud and Insider Abuse Framework.
Once the initial assessment is complete, it’s imperative to perform ongoing monitoring and periodic evaluations to ensure the assessment doesn’t become stale, and mitigation of fraud risk schemes don’t “slip through the cracks” to open up vulnerable areas. During this stage, we also recommend evaluating the level of assurance you have on existing fraud mitigants through first-, second- and third-line defenses.
If your institution doesn’t currently have a fraud risk management program in place, or has never performed a fraud risk assessment, it’s highly recommended you do, since it can add great value to your organization. If you have any questions regarding fraud risk assessments for your institution, contact Jessica Miller or James Yard of the Risk Advisory group at Schneider Downs.