The COSO Fraud Risk Management Guide is a valuable tool that shows how to conduct a fraud risk assessment, offering guides and templates that most organizations can use.
The ERM team should be involved in the fraud risk assessment for the following reasons:
1. This is a risk identification exercise. Some of the conversations will bring up non fraud risks.
2. Fraud risks can impact the reputation risk of the organization. Since many believe reputation is a second-order/latent risk, conversations about potential fraudulent actions can reveal deep knowledge about reputation risk levels too.
3. Conversations about fraud risks and related controls help the ERM team learn/confirm about the culture of the organization. Lessons include the attitude toward fraud and risk or the general attitude about building a proper tone at the top. These can have big implications for the tone at the top and risk culture of the organization.