‘In Control’ Risk Advisory Solutions: Compliance Certification, Fraud Management, and Data Analysis;
As a publicly traded Canadian issuer listed on the Toronto Stock Exchange, your organization is subject to the Canadian Securities Administrators CEO and CFO Certification requirements, MI 52-109, which first became effective in 2005.
The certification requirements are designed to improve the quality and reliability of public company disclosures with the goal of increasing investor confidence in Canadian markets. The Certification Rule requires the Chief Executive Officer (“CEO”) and Chief Financial Officer (“CFO”), or individuals performing similar functions, to personally certify annual and interim filings that disclosure controls and procedures and internal controls over financial reporting are appropriately designed and are effective. The certifications required under the Certification Rule are being phased in over the course of a few years.
Currently amendments have been proposed to MI 52-109, which are designed to further enhance the quality and reliability of public company disclosures. The proposed materials were issued April 18, 2008 with a comment period that expired on June 17, 2008. The proposed changes came into effect December 15, 2008. The Canadian Security Administrators (CSA) issued CSA staff notice 52-322 on July 11, 2008 which states that they “considered all comments received and do not expect to recommend any material amendments to the Proposed Materials. CSA staff continue to believe the proposed effective date of December 15, 2008 is appropriate…”
Fraud is any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain. The impact of a fraud event extends beyond direct financial loss to loss of member confidence and damage to staff morale. All organizations are subject to fraud risk, not the least financial institutions with stocks of cash and negotiable instruments, and with channels to access funds through lending and deposit services. The numerous service channels for access to funds, through third parties such as retail point of sale and mortgage brokers, and through online banking facilities, has increased the opportunities for and potential complexity of fraud.
All levels of an organization have responsibility for dealing with fraud risk; consequently, controls to mitigate fraud are typically embedded throughout an organization. To proactively establish an environment to effectively manage an organization’s fraud risk, a consortium of standard setters has provided guidance which sets out five principles. These principles and the components of the program needed to comply with the principles are collectively referred to as the “Guidelines” and are set out in the following table.
|Fraud Risk Governance
As part of an organization’s governance structure, a fraud risk management program should be
in place, including written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk.
|Fraud Risk Assessment
Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate.
Prevention techniques to avoid key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization.
Detection techniques should be established to uncover fraud events when preventive measures fail, or unmitigated risks are realized.
|Fraud Investigation and Corrective Action
A reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely.
We will perform an assessment of your organization’s fraud management program against a recognized fraud management standard or framework. Procedures focused on inquiry of management and review of internal policies related to fraud risk governance. Audit procedures will not be conducted to detect fraud or to validate the assertions of management.
The objective of this work will be to determine whether the current policies, procedures, accountabilities and standards for fraud risk management as an internal control constituted an effectively designed program as measured against a recognized standard.
Through various tools (RPA, SQL, Galvanize), PRA completes a series of assessments of data to help cleanse as well increase accuracy and completeness. Our tool sets also allow identification of outliers and other trends make may signal systemic issues. We continually develop this area and have many offerings that evolve on a weekly or monthly basis.