CISO2CISO.COM & CYBER SECURITY GROUP

ANTI-FRAUD PLAYBOOK – THE BEST DEFENSES IS A GOOD OFFENSE BY ACFE – FRAUD RISK GOVERNANCE – Playbooks are not only for Cyber, they are also to combat business fraud.

The Anti-Fraud Playbook: The Best Defense Is a Good Offense

Fraud is happening at your organization; you just don’t know it.
Then again, maybe you do, but you are not sure how pervasive the problem is, where to begin your
anti-fraud journey, or how to enhance your current fraud risk management practices. Either way, fraud
is big business at organizations across the globe. According to the ACFE 2020 Report to the Nations,
CFEs estimate that organizations lose 5% of their revenue to fraud each year. This playbook is designed
to reduce this risk and increase profit. The contents include a five-phased approach with ten plays drawn from best practices and leading guidance. Designed to align with the fraud risk management framework provided by the Association of Certified Fraud Examiners (ACFE) and the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the plays in this playbook provide
easy-to-use, actionable guidance to help you fight fraud at your organization.
Combating fraud is an ongoing challenge, but this playbook will help you stay a step ahead.

Why this playbook was developed
In 1992, COSO released its original Internal Control—Integrated Framework. COSO revised this Framework in 2013 to incorporate 17 principles, including a new principle focused specifically
on fraud risk. Principle 8, one of the Framework’s principles pertaining to risk assessment, states:
The organization considers the potential for fraud in assessing risks to the achievement of objectives.
In 2016, the ACFE and COSO published the Fraud Risk Management Guide (the Guide), which is intended to support and be consistent with the revised Framework. The Guide is designed to serve as best-practice guidance for organizations to follow in addressing this COSO’s fraud risk assessment
principle.
This playbook is intended to provide practical guidance for organizations looking to begin, advance, or benchmark their fraud risk management (FRM) programs against industry best practices. It draws on insights from the Guide and seeks to clarify and operationalize the concepts put forward in that guidance.
As such, this playbook includes key questions, checklists, and insights that will enhance your FRM program and ultimately facilitate proactive FRM at your organization.
For additional resources, see the supplemental FRM tools provided by the ACFE to accompany the Guide.

How the playbook is organized
The playbook includes ten plays, which are organized into five phases based on the Guide’s five key FRM principles:
• Fraud Risk Governance
The organization establishes and communicates an FRM program that demonstrates the expectations of the board of directors and senior management and their commitment to high integrity and ethical values regarding managing fraud risk.
• Fraud Risk Assessment
The organization performs comprehensive fraud risk assessments to identify specific fraud schemes and risks, assess their likelihood and significance, evaluate existing fraud control activities, and implement actions to mitigate residual fraud risks.
• Fraud Control Activities
The organization selects, develops, and deploys preventive and detective fraud control activities to mitigate the risk of fraud events occurring or not being detected in a timely manner.
• Fraud Investigation and Corrective Action
The organization establishes a communication process to obtain information about potential fraud and deploys a coordinated approach to investigation and corrective action to address fraud appropriately and in a timely manner.
• Fraud Risk Management Monitoring Activities
The organization selects, develops, and performs ongoing evaluations to ascertain whether each of the five principles of FRM is present and functioning and communicates FRM program deficiencies in a timely manner to parties responsible for taking corrective action, including senior management and
the board of directors.
The playbook also includes several appendices that provide additional information, templates, and tools that you can use to implement the ten plays.

Leave a Reply

Your email address will not be published. Required fields are marked *