Managing fraud risk starts at the top with strong CU governance
Thursday, April 5, 2018
Posted by: Trichina Pierce, CCUL Compliance
The first quarter of the year has come to an end, marking an incredibly busy and overwhelming start to 2018. Truly coming in like a lion, the year has brought our industry ADA lawsuits, new regulations, and de-regulation (oh my). It’s times like these when the best way for me to de-stress is to tackle my stack of things that need to be read (or done). During this chore, I came across this great article by Dr. Michael Crain of Kaufman Rossin that shocked me and emphasized the importance of managing fraud risk no matter the size of your organization. And it starts form the top.
The article leads with a study by the Association of Certified Fraud Examiners that states:
“The median loss from a single case of occupational fraud is $150,000, with 23% of cases resulting in losses of $1 million or more.”
Read the full study here.
The study made me more aware, now more than ever, of the need for organizational risk assessments and risk strategies that are properly viewed and discussed throughout the year at the board and committee level. This is something that our regulators are picking up on—that credit union boards lack a risk-based corporate governance structure. Which is one of the leading reasons the Carolinas Credit Union League Compliance Department will be providing this service to our member credit unions starting in the third quarter of 2018.
When it comes to managing fraud risk, understanding the part each governing role plays at your credit union matters. It’s important as you work together to maintain a proper corporate governance structure, and effective policies and procedures for fraud risk assessment, fraud prevention, fraud detection, and fraud investigation.
Some of the article’s key takeaways for each role include:
1. For Board of Directors:
- Implement an effective business ethics program
- Understand fraud risks
- Maintain oversight of fraud risk assessment
- Monitor management fraud and control-related activities
- Oversee internal controls established by management
- Set the appropriate tone at the top
- Have the ability to retain and pay outside experts
- Provide to external auditors’ evidence of active involvement
2. For the Audit Committee:
- Be comprised of independent board members
- Include at least one financial expert (preferably an accountant)
- Meet regularly alone with the internal auditor and out of the presence of management
- Be proactive in overseeing fraud risk management to minimize risk
- Must have a good, open dialog with the external auditor, especially with respect to fraud issues and risks
- Have good, open lines of communication with legal counsel
3. For Organization Management:
While the audit committee serves as the overseer, management is responsible for designing and implementing the fraud risk management program. Part of this task includes: setting the correct tone at the top for the organization, implementing adequate internal controls, and reporting to the board regarding fraud management policies and procedures to evaluate their effectiveness.
All levels of management (and staff) should:
- Understand fraud and its red flags
- Understand their roles in the internal control framework
- Read and understand policy and procedure manuals
- Participate as required in creating and designing a strong control environment
- Participate in monitoring activities
- Report suspicions or incidences of fraud
- Cooperate in investigations.
4. For the internal auditor:
This role is especially important. The internal auditor should provide assurances to the board (via the audit committee) that fraud controls are sufficient for the risks and are functioning effectively. As part of accomplishing this task, the internal auditor should review the adequacy of identified risks, especially risks relating to management override.
The internal auditor’s role and responsibilities should be expressed in a written charter approved by the board. This charter should spell out in detail the internal auditor’s roles and responsibilities for fraud risk management, including those in relation to investigations, monitoring whistle-blowing reports and processes, providing ethics training, and maintaining a code of conduct.
Need Help Managing Fraud Risk?
Credit unions that don’t have the resources to maintain an internal auditor may want to consider using the League’s Audit Department which provides various types of audit services including comprehensive internal audits. CCUL Compliance is available should your credit union need an independent outside risk advisor or someone to conduct your fraud risk assessment.
Contact CCUL Compliance at firstname.lastname@example.org to learn more.
Source: Kaufman Rossin, Strong Corporate Governance Needed for Managing Fraud Risk, November 2017.