The risk of fraud is mainly analyzed according to the specific activities of the company (banking, industrial activity, commercial activity, etc.). As a result, the fraud risk profile of each company is unique.
The Audit Committee’s supervision of risk management begins with the identification of all risks to which the company is exposed. Understanding the risk of fraud then requires a detailed analysis from the specific perspective of fraud: can this weakness in internal control be exploited by a fraudster?
Given the large share of business and company interactions conducted online, as well as the digitalization of most company processes, the risk of cyber fraud is present virtually everywhere.
Risk management requires regular updating. The Audit Committee asks itself: what new risks have emerged? How have previously recognized risks potentially evolved?
What actions should the Audit Committee take?
- First of all, it should be remembered that the Audit Committee focuses on the oversight of risk monitoring by management and then reports to the Board of Directors.
- Oversight of risk management begins, with the help of the Risk Manager, by mapping the risks to which the company is exposed, as well as everything that is already in place to manage each risk, e.g. measures, alerts, insurance coverage, emergency plans, etc. Some insurance brokers offer a free risk review that can help companies assess risks, as well as manage areas of imperfect insurance coverage.
- Each area of risk should then be reviewed to determine if it has a vulnerability to fraud, for example, where there is movement or retention of funds, sensitive records or confidential information, system interfaces with external parties such as suppliers, customers, banks, etc.
- The Audit Committee also reviews the company’s Internal Audit function from a fraud perspective, and whether it is staffed appropriately for the size and complexity of the company.
- The Audit Committee ensures that the Human Resources Department trains administrative staff in detecting, handling and combating fraud.
- Finally, the Audit Committee verifies that the whistleblowing system and procedure to be used by whistleblowers are available and properly monitored.