Thursday, June 16, 2005
Facing up to fraud - The need for a risk-based approach
Fraud Risk Management
Times are changing fast. In October 2004 the Financial Services Authority (‘FSA’) unveiled its new regulatory approach to dealing with financial fraud. The FSA has now put financial fraud risk management on its agenda of ‘risk-based’ regulation through its existing supervisory regime it will seek to measure and evaluate the degree of compliance with expected best practice. Notwithstanding this announcement, the FSA also published a report in November 2004 highlighting concerns over poor IT security which may be exploited to commit financial fraud through internal or external attacks on firms’ IT infrastructure.
Equally publications such as ISA 240 and the Basel Committee on Banking Supervision’s paper number 96 on Operational Risk have underlined the critical nature of internal and external fraud risks and the need for institutions to have appropriate fraud risk management systems in place with appropriate management responsibility and oversight to manage these vulnerabilities.
It will therefore be increasingly important for management teams to operate in the knowledge that they have reviewed their fraud risk management strategies and methodologies to ensure that they are appropriate and will withstand regulatory scrutiny. Management will need to demonstrate a serious commitment to dealing with financial fraud risk and be able to talk in an informed fashion about their relevant systems and controls within the context of a ‘risk-based’ approach.
Any institution subject to the requirements of Sarbanes-Oxley will already need to be addressing such issues whether as a US listed company or as a ‘foreign-based issuer’.
Reducing the risk of fraud is an achievable corporate objective
Effective fraud risk management and the design and implementation of effective preventative and detective strategies requires a joined-up understanding of the risks associated with a firm’s operational cornerstones – people, process, and technology and a willingness on the part of all stakeholders to face up to the difficult questions of "could it, and might it happen to us – and how?" It also requires adopting measures that transform corporate culture, establish an effective control environment, and secure data assets.
posted by Brian Moran @ 11:22 AM