Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
© 2020 Association of Certified Fraud Examiners, Inc.
Developing an Integrated
Anti-Fraud, Compliance, and
Ethics Program
Assessing the Organization
© 2020 Association of Certified Fraud Examiners, Inc.
Discussion Questions
1. Has your organization performed an
assessment of its ethical culture? If yes, what
criteria were used?
2. Does your organization use risk assessments to
evaluate its compliance and ethics program? If
so, how are the assessments performed?
3. Does your organization undertake regular or
periodic fraud risk assessments?
© 2020 Association of Certified Fraud Examiners, Inc.
Assessing the Organization
▪ Results should form
the foundation of the
overall program.
▪ An assessment is a
critical piece of a
risk-based program.
▪ The assessment
supports the move
from a reactive to a
proactive approach.
© 2020 Association of Certified Fraud Examiners, Inc.
Goals of the Assessment
▪ Identify critical risk areas and program gaps.
▪ Develop a plan to enhance processes and
positively influence the organization’s ethical
culture.
▪ Identify training and communications needs and
opportunities.
▪ Raise risk awareness and promote a culture of
integrity.
© 2020 Association of Certified Fraud Examiners, Inc.
Assessment Techniques
▪ Interviews
▪ Surveys
▪ Focus groups
▪ Exit interviews
▪ Helpline reports
▪ Reviews of prior violations
▪ Benchmarking
▪ Program metrics
© 2020 Association of Certified Fraud Examiners, Inc.
Ethics Assessments
▪ To what extent are the organization and its
employees influenced by ethics when making
decisions?
▪ Ideally, an independent third party conducts the
assessment.
© 2020 Association of Certified Fraud Examiners, Inc.
Ethics Assessments
1. What is the relationship between ethics and
other performance metrics in the company?
2. Is required ethics training more than a check-
the-box exercise?
3. Does management exercise effective due
diligence in hiring, promotions, and mergers
and acquisitions?
4. Does management undertake periodic risk
assessments to identify weaknesses?
© 2020 Association of Certified Fraud Examiners, Inc.
Ethics Assessments
5. What is the tone at the top?
6. What is the mood in the middle and the buzz
at the bottom?
7. Who is responsible for paying attention to the
ethical culture?
8. Is the code of conduct more than “shelf ware”?
© 2020 Association of Certified Fraud Examiners, Inc.
Ethics Assessments
9. Are employees familiar with and comfortable
using reporting mechanisms?
10.Does management pay adequate attention to
the ethical posture of third parties?
© 2020 Association of Certified Fraud Examiners, Inc.
Ethics Assessments
▪ Employee self-
assessments
provide additional
insight from those
on the front lines.
© 2020 Association of Certified Fraud Examiners, Inc.
Risk Assessments
▪ Regulators are
increasingly emphasizing
a risk-based approach to
compliance.
▪ To implement a risk-based
program, management
must first understand the
organization’s risks.
© 2020 Association of Certified Fraud Examiners, Inc.
Risk Assessments
© 2020 Association of Certified Fraud Examiners, Inc.
Risk Assessment Framework
1. Identify potential inherent risks of violations,
such as:
Risks from use of third-party
intermediaries
Risks from joint ventures or acquisitions
Risks related to gifts and
entertainment
Risks related to contracts and procurement
Risks from related-party transactions
Import/export risks
Money laundering
risks
Competition/antitrust risks
Occupational fraud risks
Risks of fraud by external
parties
Insider trading risks
© 2020 Association of Certified Fraud Examiners, Inc.
Risk Assessment Framework
2. Assess the risks’ likelihood of occurrence:
• Probability that violation will occur
• Frequency with which violation will occur
3. Assess the risks’ impact on the organization.
4. Evaluate which people and departments are
most likely to engage in violations and
misconduct.
© 2020 Association of Certified Fraud Examiners, Inc.
Risk Assessment Framework
5. Identify and map existing preventive and
detective controls to the relevant risks.
6. Evaluate whether the identified controls are
operating effectively and efficiently.
7. Identify and evaluate residual risks resulting
from ineffective or nonexistent controls.
© 2020 Association of Certified Fraud Examiners, Inc.
Risk Assessment Framework
8. Prioritize and respond to residual risks:
• Establish an acceptable level of risk.
• Prioritize and rank residual risks.
• Determine the appropriate responses to each risk
(avoid, transfer, mitigate, or assume).
© 2020 Association of Certified Fraud Examiners, Inc.
Identifying Risk Factors
▪ Organizational structure
▪ Corporate governance
▪ Compliance and ethics policies
▪ Ethical tone
▪ Management climate and style
▪ Management team
▪ Employee base
© 2020 Association of Certified Fraud Examiners, Inc.
Identifying Risk Factors
▪ Ethics training and resources provided
▪ Internal control environment
▪ Hiring and employment practices
▪ Reporting program
▪ Anti-fraud program
▪ Incident response
© 2020 Association of Certified Fraud Examiners, Inc.
Ongoing Assessment Process
▪ Assessment should be an ongoing exercise,
with results continuously informing other parts
of the program.
▪ Includes updating prior results based on:
• Audit results
• Recent litigations or lawsuits
• Helpline complaints
• Employee claims
• Adequacy of policies
• Changes in operations