In the nearly six years since Sarbanes-Oxley was enacted, it would seem that most large public companies have had plenty of time to wrap their heads and their arms around a comprehensive approach to corporate fraud risk management. According to the results of a new Protiviti study, however, that is not the case.
The Metropolitan Corporate Counsel reports that only 49 percent of the Fortune 1000 and large non-profit executives surveyed said their fraud risk management strategies are well-defined. Moreover, less than half of the respondents actually define the risk assessment process at the entity level as well as at the process level. This, Protiviti representatives say, points to what should be a focus area for improvement in the majority of companies surveyed.
Study results also show that fraud risk management is many times lumped in with Sarbanes-Oxley compliance or general audit planning -- in which cases it is more easily pushed aside or inadvertently neglected.
Perhaps most telling, the writers suggest, is this: While most respondents (72 percent) agreed on the importance of fraud risk awareness and training for employees, not many required board/audit committee members to attend. Considering they're the ones most often left cleaning up after fraud occurs, board and audit committee members are also the most in need of such training.
The details of what is necessary to improve fraud risk management strategies and processes will vary, the writers say, but above all it is important to remember that fraud risk management is not a one-time-and-you're-done endeavor. It's an ongoing process.