Mitigating fraud by utilizing the COSO framework and Fraud Risk Management Guide

Occupational fraud is not just a persistent threat—it’s likely the most costly form of financial crime worldwide, according to John Warren, CEO of the Association of Certified Fraud Examiners, who recently observed that fraud’s annual impact is estimated “in the trillions of dollars.”

Management of organizational fraud risk continues to be a critical challenge for companies. The rapid pace of technological change and adoption of artificial intelligence are transforming the sophistication and variation of fraud schemes, bringing enhanced risks of significant financial losses, regulatory violations, and the loss of customer and investor confidence.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) established the Internal Control—Integrated Framework in 1992 to provide an approach to managing risk that has become the globally recognized blueprint for establishing, implementing and assessing internal control. The framework, and the related Fraud Risk Management Guide, initially published in 2016 and updated in 2023, enables organizations to take a proactive approach to prevention and provides a structured methodology for the detection of fraud risk.

COSO: An enduring model for evolving fraud risk

In many cases, fraud occurs because companies lack a comprehensive understanding of their specific vulnerabilities. Although staff may be close to processes and familiar with existing controls, they may not see where gaps have developed over time due to organizational changes or a lack of understanding of the latest fraud schemes and technology risks. They may not have insight into emerging threats occurring at peer organizations or be aware of novel instances of fraud in their industry.

The strength of the COSO framework is that it provides the structure for an independent, objective fraud risk assessment and a model to remediate controls through its five integrated components.

An effective system of internal control requires that all five components and their underlying 17 principles are incorporated, functioning and operating together. This integrated approach creates an environment where fraud deterrence isn't relegated to a single department but is embedded across the organization’s culture and processes. The five components include:

Fraud Risk Management Guide

Application of the COSO framework to address fraud risk was codified in the Fraud Risk Management Guide published in 2023 by COSO and the Association of Certified Fraud Examiners. The guide’s principles align with the COSO framework and provide a granular approach to the prevention, detection and investigation of instances of fraud.

The five fraud risk management principles rationalize the COSO framework principles into tangible areas of focus for management to consider in building their anti-fraud program.

The value of an independent perspective

When developed in collaboration with business leaders, an independently led fraud risk assessment can apply industry-specific data analytics and forensic investigative techniques to stress-test fraud defenses and controls. An experienced external advisor can shed light on emerging fraud threats and risks within your industry, while also identifying company-specific fraud vulnerabilities based on business segment, geographic operations, government interactions and supply chain, as well as other critical factors.

Professionals experienced in implementing the COSO framework can ultimately deliver significant value, successfully establishing a consistent fraud risk identification and mitigation approach across the organization.