Firms are neglecting fraud risk management, says survey

NEW YORK – Despite six years living under the Sarbanes-Oxley (Sox) regime, firms have made inadequate progress in confronting the threat of corporate fraud, according to a new study by consultant and software provider Protiviti.

Only 49% of executives from Fortune 1000 firms and other large non-profit organisations said their fraud risk management strategy was well defined. The survey also recommends action to improve existent frameworks, as less than half of firms defined their risk management at entity as well as process level.

Sox – the regulatory offspring of the 2001 Enron scandal – is commonly credited with being one of the more punitive examples of regulatory legislation, attracting considerable industry criticism for alleged competitive disadvantages it has created for American firms.

The study shows that despite the regulation’s original fraud focus, fraud risk management is often combined with other aspects of Sox compliance or general audit planning – allowing for sidelining or neglect.

The results caution that this neglect is probably unintentional, with 72% of subjects reporting the importance of fraud awareness and training; few made training mandatory for the board members or internal auditors who require it most.

The researchers highlight the need for ongoing concentration to fight financial crime. Last month, the UK’s Financial Services Authority also reinforced the importance for continued focus on fighting fraud, highlighting the threat that amid market turbulence firms’ fraud risk management could slip in favour of more immediate threats.