The author of this article in Business World, Roderick M. Vega, describes fraud risk management as a sub-branch of enterprise risk management and lists the three major categories of fraud as fraudulent statements, asset misappropriation, and corruption.
Like an ERM program, he explains “Simply conducting a fraud risk assessment does not get the job done and management must be prepared and committed to act on the results. The next critical step would be to identify controls that will prevent, deter or detect the identified fraud risks.”
While this is a pretty good article about fraud risk, don’t be fooled into assuming that the best detective controls in the world are going to inoculate you completely from fraud risks. Some of the greatest frauds in the last 25 years resulted because a smart rogue trader found a way to game the system or abuse their trust one way or another. Read about Joseph Jett, John M. Rusnak, Nick Leeson or the book Infectious Greed by Frank Partnoy and you’ll get the picture.
But I think Jerome Kerviel at SocGen takes the prize for best fraud. Described by some as a “computer genius”, he apparently hacked into his bank’s computer system to disable their automatic alert system in order to hide his trades.
While Vega has written a good article on fraud risk, remember that even the best control mechanisms cannot prevent malevolent geniuses like Kerviel from ripping you off.