© 2020 Association of Certified Fraud Examiners, Inc.

Developing an Integrated

Anti-Fraud, Compliance, and

Ethics Program

Assessing the Organization

© 2020 Association of Certified Fraud Examiners, Inc.

Discussion Questions

1. Has your organization performed an

assessment of its ethical culture? If yes, what

criteria were used?

2. Does your organization use risk assessments to

evaluate its compliance and ethics program? If

so, how are the assessments performed?

3. Does your organization undertake regular or

periodic fraud risk assessments?

© 2020 Association of Certified Fraud Examiners, Inc.

Assessing the Organization

▪ Results should form

the foundation of the

overall program.

▪ An assessment is a

critical piece of a

risk-based program.

▪ The assessment

supports the move

from a reactive to a

proactive approach.

© 2020 Association of Certified Fraud Examiners, Inc.

Goals of the Assessment

▪ Identify critical risk areas and program gaps.

▪ Develop a plan to enhance processes and

positively influence the organization’s ethical

culture.

▪ Identify training and communications needs and

opportunities.

▪ Raise risk awareness and promote a culture of

integrity.

© 2020 Association of Certified Fraud Examiners, Inc.

Assessment Techniques

▪ Interviews

▪ Surveys

▪ Focus groups

▪ Exit interviews

▪ Helpline reports

▪ Reviews of prior violations

▪ Benchmarking

▪ Program metrics

© 2020 Association of Certified Fraud Examiners, Inc.

Ethics Assessments

▪ To what extent are the organization and its

employees influenced by ethics when making

decisions?

▪ Ideally, an independent third party conducts the

assessment.

© 2020 Association of Certified Fraud Examiners, Inc.

Ethics Assessments

1. What is the relationship between ethics and

other performance metrics in the company?

2. Is required ethics training more than a check-

the-box exercise?

3. Does management exercise effective due

diligence in hiring, promotions, and mergers

and acquisitions?

4. Does management undertake periodic risk

assessments to identify weaknesses?

© 2020 Association of Certified Fraud Examiners, Inc.

Ethics Assessments

5. What is the tone at the top?

6. What is the mood in the middle and the buzz

at the bottom?

7. Who is responsible for paying attention to the

ethical culture?

8. Is the code of conduct more than “shelf ware”?

© 2020 Association of Certified Fraud Examiners, Inc.

Ethics Assessments

9. Are employees familiar with and comfortable

using reporting mechanisms?

10.Does management pay adequate attention to

the ethical posture of third parties?

© 2020 Association of Certified Fraud Examiners, Inc.

Ethics Assessments

▪ Employee self-

assessments

provide additional

insight from those

on the front lines.

© 2020 Association of Certified Fraud Examiners, Inc.

Risk Assessments

▪ Regulators are

increasingly emphasizing

a risk-based approach to

compliance.

▪ To implement a risk-based

program, management

must first understand the

organization’s risks.

© 2020 Association of Certified Fraud Examiners, Inc.

Risk Assessments

© 2020 Association of Certified Fraud Examiners, Inc.

Risk Assessment Framework

1. Identify potential inherent risks of violations,

such as:

Risks from use of third-party

intermediaries

Risks from joint ventures or acquisitions

Risks related to gifts and

entertainment

Risks related to contracts and procurement

Risks from related-party transactions

Import/export risks

Money laundering

risks

Competition/antitrust risks

Occupational fraud risks

Risks of fraud by external

parties

Insider trading risks

© 2020 Association of Certified Fraud Examiners, Inc.

Risk Assessment Framework

2. Assess the risks’ likelihood of occurrence:

• Probability that violation will occur

• Frequency with which violation will occur

3. Assess the risks’ impact on the organization.

4. Evaluate which people and departments are

most likely to engage in violations and

misconduct.

© 2020 Association of Certified Fraud Examiners, Inc.

Risk Assessment Framework

5. Identify and map existing preventive and

detective controls to the relevant risks.

6. Evaluate whether the identified controls are

operating effectively and efficiently.

7. Identify and evaluate residual risks resulting

from ineffective or nonexistent controls.

© 2020 Association of Certified Fraud Examiners, Inc.

Risk Assessment Framework

8. Prioritize and respond to residual risks:

• Establish an acceptable level of risk.

• Prioritize and rank residual risks.

• Determine the appropriate responses to each risk

(avoid, transfer, mitigate, or assume).

© 2020 Association of Certified Fraud Examiners, Inc.

Identifying Risk Factors

▪ Organizational structure

▪ Corporate governance

▪ Compliance and ethics policies

▪ Ethical tone

▪ Management climate and style

▪ Management team

▪ Employee base

© 2020 Association of Certified Fraud Examiners, Inc.

Identifying Risk Factors

▪ Ethics training and resources provided

▪ Internal control environment

▪ Hiring and employment practices

▪ Reporting program

▪ Anti-fraud program

▪ Incident response

© 2020 Association of Certified Fraud Examiners, Inc.

Ongoing Assessment Process

▪ Assessment should be an ongoing exercise,

with results continuously informing other parts

of the program.

▪ Includes updating prior results based on:

• Audit results

• Recent litigations or lawsuits

• Helpline complaints

• Employee claims

• Adequacy of policies

• Changes in operations