COSO And The ACFE Release New Guide On Managing Fraud Risk
W IN N IN GTH ER IS KGA M ECOSO and the ACFErelease new guide onmanaging fraud riskOrganizations can prevent massive, paralyzing frauds. And they can detectsmall frauds before they become massive frauds. Practical anti-fraud supportis available in the new COSO/ACFE Fraud Risk Management Guide.“Fraud can’t happen to us.”Tell that to the C-suite of Wells Fargo. Or the devastated Madoff investors. Or the managers at LehmanBrothers. Or the more than 20,000 former employees of defunct Enron. Or the millions of fraud victimsaround the world.In spite of evidence that fraud can occur inorganizations when individuals are motivated inthat direction, many organizations sometimes underemphasize the importance of fraud deterrence,prevention and detection.Fraud is almost always devastating to an organization. It’s not just the monetary and reputationaldamage; the sense of betrayal and loss of trust in employees and leaders can have long-lasting impacts.Organizations can prevent massive, paralyzingfrauds. And they can detect small frauds before theybecome massive frauds. Fraud risk managementguidance is available for well-run organizations thatcommit to protecting stakeholder assets. Managingfraud risk is a systematic process that has benefitsbeyond protecting assets and reputations.Now, many of you work for organizations thathave been intensely looking for ways to preventfraud for years. But just as many of you (possiblymore) have been trying to persuade managementBy David L. Cotton, CFE, CPA, CGFM; Sandra Johnigan, CFE, CPA/CFF; and Leslye Givarz, CPAFRAUD-MAGAZINE.COMJANUARY/FEBRUARY 2017FRAUD MAGAZINE47
Winning the risk gameto learn the techniques of fraud examination and construct realistic measuresto fend off fraud in its many forms. Thisarticle is for both groups — and all thosein between.Here’s renewed hope for organizations of all sizes: the new COSO/ACFEFraud Risk Management Guide. (Visit ACFE.com/fraudrisktools and read the sidebaron page 53.)The new guide is built on the foundation of the efforts of many since the 1980s.The Committee of Sponsoring Organizations of the Treadway Commission (COSO)has been tackling fraud-fighting issuessince it released its first report in 1987. (Seethe sidebar on page 54.) The COSO’s 2013Internal Control – Integrated Framework — arevision and update of COSO’s 1992 version— contains a specific focus on fraud riskmanagement, which became an explicitrequirement for COSO followers.The 2013 framework includes (alongwith its three internal control objectivesand five internal control components) 17internal control principles. These principles represent the “fundamental conceptsassociated with each component.”Taken aback by principle 8Principle 8 of COSO’s 2013 Internal Control– Integrated Framework is: The organizationconsiders the potential for fraud in assessingrisks to the achievement of objectives.In response to the 2013 COSO framework, organizations began trying to implement its new principles and seeking guidance on how to comply with principle 8.Many organizations — even thosethat had been conforming to the 1992framework for 21 years — were takenaback by this new fraud addition. SinceCOSO’s roots were fraud-focused (theTreadway Commission Report was titledThe National Report on Fraudulent FinancialReporting, after all), shouldn’t fraud riskhave always been the central focus of theframework? Shouldn’t sound systems of48FRAUD MAGAZINEinternal control have protected organizations from fraud? Perhaps. It dependedon how organizations viewed and implemented the framework.It’s one thing to design a system ofbaseline controls to guard against unintentional errors and misstatements, suchas installing checks and balances, usingcomputer programs to ensure accuracy,requiring management approvals, segregating duties and pre-approving vendors. It’s a different matter, however, toShouldn’tsound systemsof internalcontrol haveprotectedorganizationsfrom fraud?design a system that protects against intentional misstatements and fraudulenttransactions.When organizations consider intent,controls designed to guard against unintentional errors or misstatements might nolonger do the job. For example, it’s possibleto deliberately circumvent checks and balances, surreptitiously alter computer programs, forge or evade managerial approvals,override the segregation of duties and addbogus vendors to an approved vendor list.It’s likely that many organizations following the 1992 COSO framework hadn’tspecifically and explicitly consideredfraud risk as part of their internal controlsand that many of them assumed that baseline controls were more than sufficient.JANUARY/FEBRUARY 2017FRAUD-MAGAZINE.COMHowever, COSO principle 8 warrantsthat all organizations pause and reconsider the adequacy of their controls by asking a simple extra question with respectto every control: Is this control adequateif someone tries to intentionally override orcircumvent it? Another — more important— consideration regarding the establishment of principle 8 is to prompt all wellrun and forward-thinking organizationsto address fraud risk in a more comprehensive and proactive manner.Task force yields newCOSO/ACFE guideTo meet the demand for more comprehensive guidance on fraud risk management, COSO and the ACFE formed a taskforce in January 2015. This 31-member taskforce’s mission was to update the 2008publication Managing the Business Riskof Fraud — A Practical Guide (MBRF) tomake it consistent with and supportive ofthe 2013 COSO Framework. (In that earlier guide, the ACFE, Institute of InternalAuditors and the American Institute ofCPAs explained how to establish a comprehensive fraud risk management programconsisting of fraud risk governance, fraudrisk assessments, fraud prevention anddetection controls, and an investigationand reporting process.)The task force completed its efforts bythe end of 2015, and the Fraud Risk Management Guide was published in September2016.In addition to aligning with the 2013COSO Framework’s internal control components, the Fraud Risk Management Guidesupports its five principles with numerouspoints of focus that also are consistent withthose in the 2013 COSO Framework.Five essential processesThe Fraud Risk Management Guide describesimplementation of the five principlesthrough five essential processes (see Figure
Figure 1: Ongoing, comprehensive fraud risk management process (from the FraudRisk Management Guide)1 above) to protect stakeholder assets andinterests from fraud risks.1. Establish fraud risk governance policyThe commitment to implement the fraudrisk management process will come fromthe highest organizational level — ideally, the governing board. It’s usually notdifficult to convince a governing boardto embrace and promote comprehensive fraud risk management; when anorganization falls victim to fraud, boardmembers almost always absorb muchor most of the blame because of theirgovernance responsibilities.Implementing the fraud risk management commitment then entails ap-The fraud risk governance policyestablishes and documents the commitment to managing fraud risk; summarizesfraud control strategies; outlines the fraudrisk management program; defines procedures for reporting fraud; establishesemployment conditions; defines conflictof interest policies; establishes proceduresfor fraud investigation; sets forth an internal audit strategy; and explains the review,monitoring and feedback process.Good news here: An organizationdoesn’t need to develop a fraud risk governance policy from scratch. The Fraud RiskManagement Guide contains a “SampleFraud Control Policy Framework” and a“Sample Fraud Risk Management Policy”that can be adapted to any organization.pointment of a “champion” to overseethe process. That person needs to be at2. Assess fraud riska high enough organizational level toThis step is the most important fraud riskmanagement step, because it establishesthe baseline for succeeding steps. Assembling a fraud risk assessment teamensure that employees take the processseriously, have adequate resources andsee it through to completion.FRAUD-MAGAZINE.COMcomprising employees from all parts of theorganization — not just financial management and accounting personnel but alsooperations personnel — is important. Thefraud risk assessment team then meets tocarry out a comprehensive brainstormingprocess. (Merriam-Webster defines brainstorming as “A group problem-solvingtechnique that involves the spontaneouscontribution of ideas from all members ofthe group; also: the mulling over of ideasby one or more individuals in an attemptto devise or find a solution to a problem.”)The goal is to think of every potentialway that fraud could happen to or withinthe organization. Effective brainstormingrequires energy, imagination and creativity. Numerous meetings held over severalweeks enable participants to maintainhigh levels of these characteristics, whichwill promote comprehensive results.The fraud risk assessment documentation chart, Figure 2 on page 50, can helpyou organize the results of your brainstorming sessions.The goal is to fill that first columnwith a thorough, comprehensive list of potential fraud vulnerabilities and schemes.Keep brainstorming until that list is complete. (During this process, participantsinevitably will discuss fraud cases at otherorganizations, and you’ll ask, “Could thathappen to us?” Check to see if you’ve addressed those same frauds in your initialfraud risk assessment.)More good news here. The new guidecontains a comprehensive list of the mostcommon fraud schemes as good startingpoints for the risk assessment process.After the team members completethe first column in the fraud risk assessment documentation chart (page 50),they assess each potential fraud schemefrom the perspectives of likelihood (Whatare the chances this might happen?) andsignificance (If this happens, how muchdamage would it cause?). In assessingsignificance, don’t think just in monetaryJANUARY/FEBRUARY 2017FRAUD MAGAZINE49
Winning the risk gameterms. Reputational damage is often agreater consideration — especially fortax-exempt, academic and governmentalorganizations.The team then creates a “heat map”(Figure 3, page 52) that plots the likelihood of occurrence and significance ofspecific frauds. The numbers representidentified fraud risks in an organization.Organizations often use employee surveys,facilitated sessions and other data-gathering techniques to gain a more reflectiveperspective on fraud risks.Every organization has its own “tolerance for risk.” One organization mightdecide that it can ignore low-likelihood,low-significance potential frauds (andthus not put preventive controls in place),while another might want controls forevery possible fraud.Completing the fraud risk assessmentdocumentation then entails: Identifying who might be involvedin each possible fraud scheme orexposure. Identifying any existing fraud controlprocedures already in place withrespect to each fraud scheme orexposure. Assessing the effectiveness of eachexisting fraud control procedure. Determining the residual risk afterconsidering the effectiveness of existing controls. Deciding on the fraud risk responsewhere residual risk exists.The fraud risk responses column inthe fraud risk assessment documentationchart (below) is the trigger for the nextsteps in the process. Wherever the teamfinds residual risks, it considers additionalprevention and detection controls.3. Design and implement fraud controlactivitiesFraud prevention control activities aredesigned to stop a fraud before it happens. These activities can include suchelements as segregating duties, requiringhigher-level approvals and incorporating better physical security over assets.Prevention control activities don’t needto be complex or expensive to be effective.The key in designing prevention control activities is to work from the fraud riskassessment documentation and to carefully and methodically devise the mostcost-effective controls that should preventeach type of fraud. Internal auditors canbe effective at designing these controls.And if the organization is too small tohave an internal audit staff, it can retainan accountability professional such as aCertified Fraud Examiner to help in thatpart of the process.Fraud detection control activities aredesigned to identify any frauds that happen as soon as possible after they happen.If an organization detects frauds quickly,the crimes are unlikely to grow to becomecatastrophic. (As a colleague of ours always says, “There are no such things assmall frauds, just frauds that haven’t matured yet.”)Figure 2: Fraud risk assessment documentation (from the Fraud Risk Management Guide)50FRAUD MAGAZINEJANUARY/FEBRUARY 2017FRAUD-MAGAZINE.COM
fraud concerns is that an employee mightset up a phony vendor and process payments to that vendor, the organizationcan easily set up a data analytic processthat periodically compares the employeedatabase and vendor database to identifyany matching names, addresses, phonenumbers, bank routing numbers, etc. Thatprocess should identify any bogus vendorsas soon as they’re set up. (This exampledemonstrates why it’s important that suchcontrol procedures are covert.)4. Establish reporting and investigationprocessesAccording to the 2016 ACFE Report to theNations on Occupational Fraud and Abuse(ACFE.com/RTTN), the No. 1 source ofdiscovered frauds is tips, usually fromemployees of the victim organization. Insmaller organizations (100 employees ontributions and memberships are tax deductible. cybercrime lieswhite-collar crimeBecome a member today.An industry/universitycooperative researcheffort dedicated to:fraud preventeddetectedliesscamImproving the Ability of Business andGovernment to Combat Financial Fraud Crimescaughtembezzlementforgeryillegal crimebribes cookingthe booksmisapplicationclosed-circuit TV cameras in all the dressing rooms. While these controls probablywill stop shoplifting, the business is likelyto quickly lose all its customers.So, organizations need to allow thatreasonable prevention controls won’t stopevery fraud scheme. Therefore, it’s important for organizations to install detection controls to detect each possible fraudscheme if it happens.While most prevention controls arein the open and visible for employees andstakeholders to see, the most effectivedetection control procedures are usuallycovert; they operate quietly in the background, and only a small group knowsabout them.Because almost every organizationnow has electronic records, data analyticcontrol procedures can be the least costlyand most effective detection controls toimplement. For example, if one of themisappropriationIf an organization does a great jobdesigning prevention controls, does itneed detection controls? Good question.There are two reasons for detection control activities.First, it’s simply impossible to thinkof every fraud scenario that might occur;fraud perpetrators are clever, resourceful and sometimes desperate enough totake foolish chances. Second, and perhapsmore importantly, prevention controls cancome with a cost — not just the cost of theprocedures themselves but also the costof operational disruption.For example, consider a retail clothing business. Because shoplifting canerode profits, the company could designprevention controls and put them in placeto stop all shoplifting. The business couldrequire all shoppers to check their shopping bags and purses at the door whenthey enter the store. And it could installmulti-disciplinary researcheducationprevention of fraud & corruptionproviding cutting-edge research to detect and deter fraudFRAUD-MAGAZINE.COMJANUARY/FEBRUARY 2017Visit www.theifp.org to get involved or for more informationFRAUD MAGAZINE51
Winning the risk gameless), 29.6 percent of discovered fraudscome from this source; in larger organizations, 43.5 percent of discovered fraudscome from this source (Figure 22, page22). And, according to the report, organizations with fraud hotlines experiencedfrauds that were 50 percent less costly anddetected frauds 50 percent more quickly(Figures 59 and 60, page 44).Given those statistics, an organization that’s fully committed to managingfraud risk will set up a hotline reportingmechanism. But aren’t hotlines expensive? Not any more. Organizations cansubscribe to an independent, external,web- or telephone-based reporting system for a few hundred dollars per year.(A caution: Perform due diligence whenselecting an external hotline vendor. Makesure the vendor has sound informationsecurity controls to protect the sensitiveinformation it possesses.)Although the risk assessment teamdesigns and implements preventive anddetective control activities for all fraudschemes, your organization will needmore fraud risk management work. Thenext step is to anticipate what can happenif a fraud perpetrator succeeds despitefraud risk management efforts.A common mistake many organizations make is waiting until they’re victimsto decide what to do. It’s far better to have awell-thought-out plan that you can implement immediately rather than having tomake hasty and ill-advised decisions inthe chaotic and emotional environmentimmediately following the discovery of afraud. Your organization must be committed to taking swift, decisive and appropriateactions against the fraud perpetrator onceyou’ve discovered and proven the fraud.Your organization might be temptedto settle the unpleasant fraud matter quietly and quickly by letting the perpetratorsimply resign and disappear. While thatmight minimize the reputational impact tothe organization, it allows the perpetrator52FRAUD MAGAZINE— now a smarter criminal — to victimizeanother organization. Further, and perhaps more importantly, despite any effortsto keep the matter quiet, other employeeswill almost undoubtedly know what hashappened. The organization should beprepared for more fraud if it sends themessage that the only consequences ofcommitting fraud are collecting a severance payment and finding a new job.And, of course, it’s also important tomake sure that you fix the control breakdown that allowed the fraud.5. Monitor the entire fraud risk management processAfter your organization has establishedfraud risk governance, performed a fraudrisk assessment, implemented controlactivities, and established reporting andinvestigation processes, the fraud management work still isn’t complete.Just as internal control documentation doesn’t necessarily mean that controls are being carried out as documented,designing a fraud risk management process doesn’t mean that the process willcontinue to work as designed. Monitoring the overall process, and each component, ensures that everything operatesas planned.All organizations are dynamic andalways changing. They grow, merge, combine, and develop new products and linesof business. Personnel change. Managerialstructures change. Industries, marketsand operating environments change.Consequently, implementing a fraud riskmanagement program is not a one-anddone exercise. Any changes will triggerthe need to reassess fraud risk.Even if your organization doesn’t facethat many changes, it’s important thatyou conduct a new fraud risk assessmentFigure 3: Fraud risk assessment heat map (from the Fraud Risk Management Guide)JANUARY/FEBRUARY 2017FRAUD-MAGAZINE.COM
at least annually. The good news is thatreassessments now should be much lesstime-consuming because they build onprevious COSO and ACFE work. Considerusing a new risk assessment team to engender fresh perspectives.Finally, keep your governing boardinformed about fraud risk managementefforts and results. The board will wantto know the assessment’s rigorousnessand effectiveness of the process and controls. And, of course, the board will wantto know of any hotline reports, fraud examination results and remediation efforts.Deterring fraudInvestigating and remediating fraudsis expensive. Designing and maintaining preventive and detective controlsalso comes with a cost. Deterring fraud— establishing an atmosphere and perception that the likelihood of getting caughtis so high that it scares potential fraudperpetrators away — is by far the best wayto manage fraud risk, and it’s cheaper.An organization can deter fraud whenit a) establishes a rigorous fraud governance process and ensures that employeesare aware of that process, b) conducts aperiodic, aggressive fraud risk assessment,c) designs, implements and maintains effective fraud prevention and detectioncontrol processes and procedures, andd) takes swift actions against those whoattempt to commit fraud.According to the 2016 ACFE Report tothe Nations, the presence of anti-fraud controls in the study was correlated with bothlower fraud losses and quicker detection.Where controls were present, fraud losseswere 14.3 percent to 54 percent lower andfrauds were detected 33.3 percent to 50percent more quickly. (See page 5 of thereport or the Executive Summary at http://tinyurl.com/j6bketx.)The 2016 COSO/ACFE Fraud Risk Management Guide contains an executive summary and five chapters — each explainingone of the five fraud risk managementprinciples. The guide also contains valuable appendices and links to additionalinteractive tools that will facilitate theentire process.Are the costs worth the benefits?At this point, your organization’s executives might think this whole fraud riskmanagement thing is expensive and timeconsuming because it will take time awayfrom other more important activities.Visit website for Fraud Risk Management Guide and other toolsVisit ACFE.com/fraudrisktools topurchase the new COSO/ACFEFraud Risk Management Guide anddownload its executive summary.You can also access frameworks andreports, and magazine articles plusthese free tools:Interactive scorecardsUse the scorecards to access thefive principles for determining thecomprehensiveness and effectiveness of your organization’s fraud riskmanagement program. (For moreinformation about the principles, seethe Fraud Risk Management Guide.)Library of anti-fraud data analytictestsExplore an interactive tool thatdetails, by fraud risk type, how tointegrate data analytics tests intoyour fraud risk assessment or investigative work plans. The library of testexamples displays a variety of teststo consider and is organized by categories of occupational fraud risks.Risk assessment and follow-upaction templatesThis Excel spreadsheet provides arisk assessment matrix — which youcan use with the foundational matrixin the Fraud Risk Management Guide— to document your organization’sfraud risks and controls.The template automaticallycreates a heat map that shows thesignificance and likelihood of eachidentified fraud exposure, a fraudrisk ranking page that displays eachfraud risk exposure from most toleast severe and a control-activitiesmatrix that shows the identificationFRAUD-MAGAZINE.COMand evaluation of existing controlactivities related to each fraud riskexposure.The template also providesspace to identify additional controlactivities and to record your organization’s response plan for eachexposure. In addition, the templatecontains pages to record allegationsof suspected fraud plus documentinvestigations, outcomes plus fraudrisk management monitoring plans.Points of focus documentationtemplatesUse these Excel templates to helpcreate consistent and uniformdocumentation related to fraud riskgovernance, fraud risk assessment,fraud control activities, fraud examination and follow up, and fraud riskmanagement monitoring.JANUARY/FEBRUARY 2017FRAUD MAGAZINE53
Winning the risk gameHowever, here are some additionalbenefits of implementing a fraud riskmanagement program beyond “just” mini-and more respect. We can’t think of a bet-improvement”), or green (“we have fullyter way to persuade your C-suite.implemented this attribute”). Completingeach scorecard should only take aboutmizing fraud risk. The risk assessmentStill not sure?30 minutes (perhaps longer for largergives your organization a much betterFortunately, we have an easy way for yourorganizations). You should be worried ifunderstanding of how it operates. Strongexecutives to find out if making the in-controls protect honest employees. And,the best, most trusted and most respectedorganizations take proactive measureslike fraud risk management. Sending thesignal to stakeholders that the organization is committed to the strongest fraudrisk management processes conveys animportant message: your money, your timeand effort, and your trust are safe with us.That message will attract more in-vestment in fraud risk management is theright thing for your organization. Download and give them the guide’s five “scorecards.” See ACFE.com/coso-scorecard.These scorecards can help them assess your organization’s existing fraudrisk management process. They providekey attributes of strong fraud risk governance, risk assessments, control activities,reporting and investigations, and monitoring. Each attribute can be scored as:vestments, more business, more dona-red (“we have a problem”), yellow (“wetions, more volunteer efforts, more trustare making progress but have room forCOSO began anti-fraud mission in 1985The Committee of SponsoringOrganizations of the TreadwayCommission (COSO), an independent private-sector initiative, beganin 1985 to study the causal factorsthat can lead to fraudulent financialreporting.The COSO member organizations are the American AccountingAssociation, American Instituteof Certified Public Accountants(AICPA), Financial ExecutivesInternational, The Association ofAccountants and Financial Professionals in Business, and The Instituteof Internal Auditors (IIA). Accordingto its website, COSO “is dedicatedto providing thought leadershipthrough the development of frameworks and guidance on enterpriserisk management, internal controland fraud deterrence.”The Treadway Commissionissued its Report of the NationalCommission on Fraudulent FinancialReporting in 1987. (James C. Treadway Jr. was a former commissionerof the U.S. Securities and ExchangeCommission.)COSO continued to operateand focused its efforts on improvinginternal controls and managing enterprise risk. In 1992, COSO issuedits initial Internal Control—Integrated Framework.The 1992 framework quicklybecame the best-practice roadmapfor designing, implementing andmaintaining a system of internalcontrol. All publicly traded companies in the U.S. and most forwardthinking non-public companies,not-for-profit organizations andacademic institutions also adheredto that framework.the results include a lot of reds becausethe organization probably is vulnerableto fraud.We probably don’t have to convinceyou that your organization should havea dynamic fraud risk management program. Now we’ve given you some tools tohelp persuade your C-suite. These planswill benefit your community and yourorganization’s employees, reputation andshareholders.If we were to ask the devastatedMadoff investors, the managers at LehmanBrothers, the more than 20,000 formeremployees of defunct Enron or the millions of fraud victims around the world ifthey believe a small investment in fraudrisk management would have been worthwhile, what do you suppose they mightsay?nFMDavid L. Cotton, CFE, CPA, CGFM, ischairman of Cotton & Company, LLP, inAlexandria, Virginia. His email addressis: dcotton@cottoncpa.com.Sandra Johnigan, CFE, CPA/CFF,is the owner of Johnigan, P.C., inDallas, Texas. Her email address is:skj@johniganpc.comLeslye Givarz, CPA, was a technicaleditor for both the AICPA and the PublicCompany Accounting OversightBoard. Her email address is:lgivarz@gmail.com.The authors were key task force members and principal authors of the COSO/ACFE“Fraud Risk Management Guide.” — ed.54FRAUD MAGAZINEJANUARY/FEBRUARY 2017FRAUD-MAGAZINE.COM
Fraud Risk Management Task ForceBarbara AndrewsAICPADan GeorgeUSACJ. Michael PeppersUniversity of TexasMichael BirdsallComcast CorporationJohn D. GillACFEKelly Richmond PopeDePaul UniversityToby BishopFormerly ACFE, DeloitteLeslye GivarzFormerly AICPA, PCAOBCarolyn Devine SaintUniversity of VirginiaMargot CellaCenter for Audit QualityCindi HookComcast CorporationJeffrey SteinhoffKPMGDavid CoderreCAATSSandra K. JohniganJohnigan, PCWilliam TiteraFormerly EYDavid L. Cotton, chairCotton & Company LLPBill LeoneNorton Rose FulbrightMichael UeltzenUeltzen & CompanyJames DalkinGAOAndi McNealACFEPamela VerickProtivitiRon DurkinDurkin Forensic, Inc.Linda MillerGAOVincent WaldenEYBert EdwardsFormerly State DepartmentKemi OlatejuGeneral ElectricBill WarrenPwCFrank FaistCharter CommunicationsChris PembrokeCrawford & Associates, PCRichard WoodfordU.S. Coast Guard InvestigativeServiceEric FeldmanAffiliated Monitors, Inc.Fraud Risk Management Advisory PanelDan AmiramColumbia University Business SchoolMolly DawsonCotton & Company LLPZahn BozanicThe Ohio State UniversityEric EisensteinCotton & Company LLPGreg BrushTennessee Comptroller of TreasuryMichael JustusUniversity of NebraskaTamia BuckinghamMassachusetts School BuildingAuthorityTheresa Nellis-MatsonNew York Office of the StateComptrollerAshley L. ComerJames Madison UniversityJennifer PapermanNew York Office of the StateComptrollerDaniel RossiNew York Office of the StateComptrollerLynda Harbold SchwartzUpland Advisory LLCRosie TomfordeRegional GovernmentThe COSO Board gratefully acknowledges David L. Cotton, chair of the Fraud Risk Management Task Force, for hisoutstanding leadership and efforts toward the completion of the Fraud Risk Management Guide.FRAUD-MAGAZINE.COMJANUARY/FEBRUARY 2017FRAUD MAGAZINE55
nance policy from scratch. The Fraud Risk Management Guide contains a "Sample Fraud Control Policy Framework" and a "Sample Fraud Risk Management Policy" that can be adapted to any organization. 2. Assess fraud risk This step is the most important fraud risk management step, because it establishes the baseline for succeeding steps. As-
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Joseph R. Dervaes, CFE, CIA 1995 ACFE Distinguished Achievement Award 2003 ACFE Donald R. Cressey Award 2007 ACFE Outstanding Achievement in Community Service and Outreach Award 2009 ACFE Superior Service Award 2010 ACFE Certificate of Appreciation – Fraud Magazine ACF
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
1992 on the Internal Controls-Integrated Framework. Because, Internal control has different meanings to different parties, COSO tries to establish a common definition and standard that can serve such parties. Under COSO’s report, (quoted from July 1994 Edition of COSO Internal Controls-Integrated Framework, “COSO Report”), “Internal
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
