Accountants’ ethical professional practice is central to an effective approach to fraud risk management and prevention.
Ethics has a role in the discussion of internal controls and fraud management. The Association of Certified Fraud Examiners (ACFE) began a project in 2022 to map its fraud risk management best practices based on the 2013 Internal Control—Integrated Framework from the Committee of Sponsoring Organizations of the Treadway Commission (COSO), of which IMA® (Institute of Management Accountants) is a founding member. COSO was formed as a response to the corporate fraud and financial scandals of the 1970s and 1980s, and its first major project was the development of the Internal Control—Integrated Framework, which was released in 1992. It provided a common definition marketplace bali of internal controls and established a comprehensive framework for evaluating internal control systems.
In 2004, the COSO Enterprise Risk Management—Integrated Framework (ERM Framework) debuted, expanding the focus on internal controls to include ERM. Many organizations still use it to evaluate their risk management systems. In 2013, COSO released an updated version of the Internal Control—Integrated Framework (COSO 2013 Framework) to reflect changes in the business environment. This framework is still widely used for assessing the effectiveness of the design and operation of internal control over financial reporting, as required by the Sarbanes-Oxley Act of 2002.
The COSO 2013 Framework consists of five internal control components: control environment, risk assessment, control activities, information and communication, and monitoring activities. They comprise 17 foundational principles, the details of which can be found in the COSO 2013 Framework’s Executive Summary.
ETHICS AND FRAUD PREVENTION GO HAND IN HAND
The ACFE published Fraud Risk Management Guide in 2016. Both the ACFE and IMA have an interest in promoting best practices related to internal controls, ethics, and fraud mitigation. The ACFE risk guide and the IMA Statement of Ethical Professional Practice can be applied to the COSO 2013 Framework.
The first COSO 2013 Framework component, control environment, aligns with the ACFE’s first fraud risk management principle that “The organization establishes and communicates a fraud risk management program that demonstrates the expectations of the board of directors and senior management and their commitment to high integrity and ethical values regarding managing fraud risk.”
This alignment is further supported and reinforced by the third standard of the IMA Statement, integrity, which consists of four duties:
- Mitigate actual conflicts of interest and avoid apparent conflicts of interest.
- Don’t engage in any conduct that would prejudice carrying out duties ethically.
- Abstain from any activity that might discredit the profession.
- Contribute to a positive ethical culture and place integrity above personal interests.
The second component of the COSO 2013 Framework, risk assessment, aligns with the ACFE’s second fraud risk management principle: “The organization performs comprehensive fraud risk assessments to identify specific fraud schemes and risks…and implement actions to mitigate residual fraud risks.”