What role does the Board play in Fraud Risk Management strategy?
The role of the Board in managing an organisation’s fraud risk is a major one. There are already rules, regulations, procedures and processes that are mandatory when it comes to addressing fraud, and the Board has to ensure that all of them are adhered to. But what about managing fraud risk? That is extra, but it comes with the territory, so to speak, because it is the Board which is ultimately responsible for the health and well-being of the company, so managing its risks – fraud risk included – comes under the Board’s purview. And it has to do this with the support and collaboration of senior management, auditors and practically everyone else in the organisation because managing risk really involves everybody.
Fraud is deception perpetrated with the intention of obtaining personal or financial gain; most companies experience it to a certain degree. But if allowed to continue unchecked, it becomes extremely detrimental to the firm’s finances and reputation, and can lead to organisational instability. With fraud risk management, the Board should, from the outset, have a clear policy on what constitutes fraud, and the consequences of perpetrating fraud. The policy should apply to all levels of the organisation, and the Board should be prepared to abide by it as well as act on it should fraud be detected. There should not be an “us” and “them” distinction.
To be able to formulate such policy, Board members will have to have a thorough understanding of how the organisation works, including how, where, why and when fraud is likely to happen, and who is likely to cause it. Members should also be aware of the issues facing the organisation, and the kinds of pressure, opportunity and rationalisation that may cause fraud to happen in the first place. This necessitates an understanding of the organisation’s culture, and taking into consideration its realities when setting policy and strategy for mitigating fraud. It may be helpful when setting fraud risk management measures in place, to know how and why such risks arise and how vulnerable each subsidiary or unit may be, together with the accepted local practices.
Once the fraud risk management strategy and policy are in place, the Board is also responsible for its oversight, effective implementation and its suitability for the organisation. It needs to adjust internal controls if necessary, and work with the auditors to determine that everything works. This is where the independence and discernment of members has to be asserted. They cannot afford to be complacent and accept information without applying a high degree of scepticism and vigilance in order to nip undesirable behaviour in the bud. They need to encourage whistleblowing and other relevant controls and mitigation.
Fraud risk management should be ongoing in any organisation because the possibilities and opportunities for the commission of fraud are endless. While a slew of checks and balances can be put in place, and good governance can be regulated by directives, rules and guidelines, what goes a long way in fraud risk management is the tone at the top. More specifically, the tone at the top which leaves no doubt in the minds of those considering committing fraud, that the price to be paid will be very high and not worth the risk. The tone at the top starts with the attitude and ethics of the people at the top – the Board.
How Board members act will set the tone for the rest of the organisation to follow, and influence behaviour at all levels. Members have to be seen to be “walking the talk” and setting benchmarks for good corporate behaviour, accountability and transparent governance. They should be seen as competent, honest, resolute and capable, and be able to address issues with integrity, in the best interests of the organisation and its stakeholders.