What do you think is the number one mistake many fraud examiners, investigators and other governance champions make? The number one mistake is not something you may think. As a fraud examiner, I love to overwhelm suspects with watertight evidence. For some reason, I interview suspects to the point they stop looking me straight in the eyes. It is like an art. Knowing the facts of the case at hand. Taking the statement of the suspect. Collecting evidence. And having the suspects punched in the gut by their alibi. In 2013, I was investigating a case in which a woman in her late 50s was a suspect. She had visible scars one would say were a result of a mid-life crisis. As I asked her questions to the point of confession, she looked at me directly in my eyes and said: why are you enjoying this? Why are you happy for taking me to jail? As I left the interview room, I reflected: why do I enjoy this? This question struck me. It helped me change my focus from waiting for problems to happen so that I may investigate them, to proactively preventing them from happening. An investigation I do not know about you and your career interests. What I know is that if you are a fraud examiner, you do a good job by holding accountable people who commit fraud. However, you can do even better when you prevent fraud from happening in the first place. And that is where fraud risk maturity assessment comes in. How do you anticipate and prevent fraud? How do you help people do the right thing? There are three broad areas for maturity assessments:
- Fraud risk maturity assessment i.e. legal and compliance maturity assessment
- Cybersecurity maturity assessment
- Enterprise-wide risk maturity assessment
- The five levels of risk management maturity are aligned to the ISO 31000:2018 standard, and factors are considered at each level to assess maturity.
- The six (6) pillars or building blocks of enterprise-wide risk success.
- Fraud risk maturity assessment vs cyber risk maturity assessment, and why these risks are top of the agenda for any executive.
- Effective risk reporting to the board and key stakeholders for improved governance.