The Brydon report makes it clear that businesses need to be providing more information about what they’re doing to prevent and detect material fraud. We look at how you can use the ACFE playbook to decrease your risk.
Recent reviews into the audit market have highlighted expectations of what companies and their external auditors should be doing to prevent and detect material fraud. Given the current economic climate has heightened the risk of fraud, we expect to see a greater focus on this area from management and audit committees.
While consideration of fraud has been a longstanding requirement for both directors and external auditors, there has been a lack of clarity around what is required. The Brydon report recognises this and recommends that obligations for companies and their auditors be clarified and expanded, specifically:
a new reporting duty on directors to set out the actions they have taken each year to prevent and detect material fraud
a requirement for external auditors to review and conclude on this statement
an expanded obligation for external auditors to endeavour to detect material fraud in all reasonable ways.
Assessing and strengthening internal audit fraud risk management frameworks
In our experience, while many companies have shown good practice in anti-fraud activity across their business, this is often fragmented with limited central knowledge, oversight or governance structures.
Grant Thornton US have recently partnered with the Association of Certified Fraud Examiners (ACFE) to publish an anti-fraud playbook, which provides a series of practical steps that businesses can take to assess and strengthen their fraud risk management framework. These align with the Committee of Sponsoring Organizations of the Treadway Commission's (COSO) five key principles, as set out below:
Fraud risk governance
Understand where you are and where you want to be
Create a culture that promotes fraud awareness
Fraud risk assessment
Think like a fraudster
Discover what you don’t know
Fraud control activities
Use data to uncover fraud
Knowledge is power, so offer targeted and role-based anti-fraud training
Fraud investigation and corrective action
Lay the groundwork for investigations
Fraud risk management monitoring activities
Monitor your progress
Report on your progress
The role of internal audit
While management is responsible for fraud prevention and detection, internal audit should be considering how the business manages fraud risk and auditing relevant processes and controls. It’s likely that many internal audit teams will be asked to support a review of their company’s fraud risk management framework.
The playbook includes an anti-fraud maturity assessment model, which is a useful tool. It can also facilitate conversations around future state aspirations.
Fraud risk assessment
The playbook includes a template and some practical guidance for identifying key fraud risk areas and related control activities.
This should be familiar to internal audit teams, and they can use their expertise to support the business in developing an anti-fraud analytics programme.
Monitoring controls and reporting
As the fraud risk framework matures, internal audit can also support with the development of monitoring controls and reporting, so that the business can provide assurance that the program is designed effectively and operating as intended.
Fitting it all together with internal audit
Unsurprisingly, there is a clear focus on what companies are doing to prevent and detect material fraud, with the Brydon report recommending greater disclosure of actions taken to address this and external auditors adopting a suspicious, rather than sceptical, mindset. Internal audit should look at existing fraud risk and assurance activities and consider how it all fits together.
For more information on the playbook and pragmatic advice for how your organisation can review and strengthen its fraud risk management framework, contact Eddie Best.
UK SOX: what should businesses be doing now to prepare?Find out more