COSO and ACFE update fraud risk guide

The Committee of Sponsoring Organizations of the Treadway Commission and the Association of Certified Fraud Examiners have refreshed their guide to establishing a fraud risk management program for today's vulnerabilities.

"Fraud Risk Management Guide: Second Edition" updates the 2016 guide from COSO and the ACFE with recent anti-fraud developments, revised terminology, and additional information related to technology developments like data analytics.

Like the earlier edition, the guide draws on a 2008 publication from the American Institute of CPAs, the Institute of Internal Auditors and the ACFE. COSO is jointly sponsored by the AICPA, the IIA, the American Accounting Association, Financial Executives International and the Institute of Management Accountants.

The guide aligns with COSO's widely used 2013 internal control and 2017 enterprise risk management frameworks and explains how internal control and fraud risk management relate and support each other but differ in important ways. It discusses how fraud risk management supports fraud deterrence and contains expanded information on data analytics. But technology alone can't detect and deter fraud, and the human factor can't be ignored, so the guide stresses the importance of interviewing people and establishing whistleblower systems. The guide also includes updated information on recent legal and regulatory developments in the U.S. pertaining to fraud and fraud risk management since the first edition was published seven years ago.

"The 2016 Fraud Risk Management Guide became recognized as containing a widely accepted set of leading practices for anti-fraud professionals and organizations intent on deterring fraud," said Paul Sobel, a former COSO chair who oversaw the project, in a statement. "Fraud is not static. Accordingly, COSO and the ACFE initiated an update process that included reaching out to a broad range of users for recommendations on where the guide can be improved, and assembled a team to take a refreshed look at the guide and assess how and where it should be updated."

The guide offers examples of program components and resources that organizations can use to develop a fraud risk-management program, and references to other sources of guidance for customizing a fraud risk-management program for specific industries.

"It is impossible to eliminate all fraud in all organizations," said ACFE president and CEO Bruce Dorris in a press release. "However, effective leaders address fraud risk as they do any risk — they manage it. The Fraud Risk Management Guide gives organizations, whether large or small, government or private, profit or nonprofit, the information necessary to design a plan specific to the risks for that entity. There is no 'one size fits all approach' to managing fraud risk, but by applying the guidance in the updated guide, an organization can create a custom-fitted program tailored to its specific needs."

The updated guide builds on COSO's internal control integrated framework.

"COSO's mission is to help organizations improve performance by developing thought leadership that enhances internal control, risk management, governance and fraud deterrence," said COSO chair Lucia Wind in the news release. "The Fraud Risk Management Guide is a key tool for furthering this mission, mainly with respect to fraud deterrence, particularly through the principled alignment supported by COSO's existing 2013 ICIF." 

For more information, or to request a copy of the report, visit www.coso.org or www.ACFE.com.