Wednesday, January 07, 2009

Managing the Business Risk of Fraud...

Operational Risk Management is in full swing at distressed institutions as the TARP funds continue to flow to these needy corporations. One thing is certain; you can expect increased oversight. The risk management mechanisms to determine how and where funds are being utilized will be the focus. Anti-fraud planning and investigative projects are on the radar of the Board of Directors and the Audit committee chair. The US government Anti-Fraud Task Force is gearing up:

Six more U.S. government agencies, including the Federal Reserve, will take part in a federal anti- fraud task force to strengthen its focus on uncovering mortgage and securities crimes.

Deputy Attorney General Mark Filip announced the expansion yesterday of the President's Corporate Fraud Task Force, which was formed in 2002. Joining the group are the Federal Housing Finance Agency, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, the Department of Housing and Urban Development and the Office of Inspector General for the financial industry rescue program approved last year by Congress.

"These new members reflect the breadth and depth of the mortgage crisis that we are now confronting and the urgency of the task before us," Filip said in a statement.

Current members of the task force include the heads of the Securities and Exchange Commission and the Commodity Futures Trading Commission.

Gil Soffer, associate deputy attorney general, said the task force expansion would let FBI officials coordinate with monitors of the Troubled Asset Relief Program.

"To be able to bring in our resources and to be able to tap into our expertise and to be able to work with our investigators and our prosecutors when there's criminal activity afoot, it's a tremendous boon" to TARP investigators, he said in an interview.

Congress passed the $700 billion TARP rescue package in October, and lawmakers have said oversight is needed to ensure the funds aren't misused.


The business of Fraud Risk Management has been spelled out for years and continues to be a high priority. Most Fortune 50 organizations have established sophisticated frameworks for addressing compliance, ethics and governance in their organizations. However, the question remains how well they understand their respective roles, responsibilities and jurisdictions. This organizational challenge is no different than the battle between the physical security and information security domains who are now converging. The ACFE, AICPA and the Institute of Internal Auditors have released their latest Practical Guide for Managing the Business Risk of Fraud. Here are the key principles:


Only through diligent and ongoing effort can an organization protect itself against significant acts of fraud. Key principles for proactively establishing an environment to effectively manage an organization’s fraud risk include:

  • Principle 1: As part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk.
  • Principle 2: Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate.
  • Principle 3: Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization.
  • Principle 4: Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized.
  • Principle 5: A reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely.


Operational Risk Management issues still exist in Tier II organizations who have market caps below $1B. in assets and are more vulnerable. This is typically due to the lack of resources and extensive staff devoted to a an enterprise wide program that incorporates the mission from the Board of Directors and the "Tone-at-the-Top". 2009 will be busy and you can bet the General Counsel and CxO's will be burning the midnight oil.