In his recent article, Who Owns Transaction and Controls Monitoring? published in Fraud Magazine, author Vince Walden explored the challenges of assigning responsibility for transaction and control monitoring within organizations. He emphasized the risks of assuming “someone else” is responsible for fraud detection and prevention, particularly within high-risk areas like accounts payable, accounts receivable, and employee expenses. This issue is both a wake-up call and a call to action for corporate compliance professionals. Here are the key lessons from the article and how compliance professionals can implement them in their programs.
Establish Ownership of Fraud Risk Management
One of the central themes is the importance of clearly assigning responsibility for fraud risk management across the organization. Walden cited the Fraud Risk Management Guide’s recommendation that one executive-level member of management be assigned ultimate responsibility for the fraud risk program. This clarity is essential to ensuring accountability and effectiveness.
You can establish this critical element by appointing a dedicated executive to lead your effort. Identify a senior executive sponsor, such as the Chief Compliance Officer (CCO) or Chief Risk Officer (CRO), to oversee the fraud risk management program. This individual should have a comprehensive understanding of fraud risks and process-level controls. The next move is to formalize a governance framework by creating a fraud risk management committee that includes leaders from compliance, finance, HR, IT, internal audit, and other key departments. Ensure this committee meets regularly to review risks and oversee fraud prevention initiatives.
Embrace a Multidisciplinary Approach
Walden highlighted the value of a committee-based, multidisciplinary approach to fraud risk. This structure fosters collaboration and ensures that diverse perspectives are brought to bear on identifying and mitigating fraud risks. Engage multiple stakeholders across multiple corporate functions. Bring together representatives from functions such as internal audit, compliance, legal, finance, and IT to collaborate on fraud detection and prevention strategies. Next, develop cross-functional training to provide fraud awareness training tailored to the unique responsibilities of each department, ensuring that everyone understands their role in mitigating fraud risks.
Align with the Three Lines Model
The “Three Lines Model,” updated by The Institute of Internal Auditors (IIA), provides a framework for distributing fraud risk management responsibilities. Walden underscores the importance of leveraging this model to enhance accountability and effectiveness. The three lines are:
- First Line. Operational managers and staff should focus on implementing fraud prevention controls in daily processes.
- Second Line. Compliance and risk management professionals should provide oversight, monitor emerging risks, and design advanced fraud detection tools.
- Third Line. Internal audits should independently assess the effectiveness of fraud prevention and detection efforts.
The key is effective collaboration. You must ensure seamless communication and coordination among the three lines to prevent gaps in oversight.
Leverage Data and Technology
Walden emphasized the critical role of data-driven monitoring in ineffective fraud prevention. He noted that relying solely on internally generated data, such as surveys, is insufficient. Instead, organizations must analyze transactional data from enterprise systems and external sources. There will be a need for some investment, as you will need to deploy advanced compliance analytics platforms that can process data from enterprise resource planning (ERP) systems, accounting software, and third-party due diligence systems. Implement tools that provide real-time insights into transactional data, identifying unusual patterns or red flags indicative of fraud. Develop in-house expertise by training compliance teams to analyze and interpret complex datasets, enabling them to identify fraud risks proactively.
Cultivate a Culture of Accountability
Fraud prevention is most effective when it is embedded within the organizational culture. Walden noted that visible and engaged leadership is critical to fostering such a culture. Once again, the fundamental ‘Tone at the Top’ must be set. Senior leaders should regularly communicate their commitment to ethical behavior and fraud prevention. This could include messages from the CEO or board-level discussions on fraud risk. Public recognition should be given to your organization’s Fraud Champions. The Department of Justice’s recommendations on monetary awards under anti-corruption compliance are equally valid in the anti-fraud realm, as you should reward employees who identify and report fraud risks, reinforcing the importance of vigilance and accountability. In training, fraud awareness should be integrated into onboarding by making fraud prevention a core part of employee onboarding and ongoing professional development.
Ensure Proactive Monitoring and Response
Walden stressed that fraud risk management cannot be reactive. Compliance professionals must take a proactive approach, using data and technology to monitor risks continuously. It begins and continues with regular fraud risk assessments to identify high-risk areas and prioritize monitoring efforts. Using these timely fraud risk assessments, develop a robust risk management response plan to ensure your organization has clear protocols for investigating and addressing suspected fraud, including escalation procedures and communication plans.
Final Thoughts
Walden’s insights powerfully remind us that fraud risk management is a shared responsibility. Compliance professionals can play a pivotal role in protecting their organizations from fraud and other risks by adopting a multidisciplinary approach, leveraging data-driven tools, and fostering a culture of accountability.
To be effective, these strategies must be implemented thoughtfully and consistently. Start by assessing your current fraud risk management framework and identifying gaps. Then, build on these lessons to create a program that meets regulatory expectations and strengthens your organization’s resilience against fraud. As Walden succinctly puts it: “If it isn’t you, an anti-fraud professional, who monitors and oversees high-risk transactions, then who should it be?” This is a question every compliance professional must ponder and address proactively.
