To Have or Not to Have an Anti-fraud Plan

“Who” should sponsor & own the AFCP and ”How” to implement and manage it.  This is the last of five articles on the need for Anti-fraud Compliance Programs. 

In the first four articles we discussed:

• Why have an Anti-fraud Compliance Program (AFCP)
• Areas to consider in setting it up
• Areas from COSO to consider covering in the AFCP
• Key categories to keep in mind while developing an AFCP

 In this article we will discuss “Who” should sponsor & own the AFCP and ”How” to implement and manage it.

Who should sponsor and own the AFCP? To enhance and validate the Tone at the Top, the higher the sponsor the better. Typically this means the CEO and their entire leadership team. This should include periodic communications of their support of the AFCP. The AFCP should also be reviewed and approved by the Audit Committee / Board.

The day-to-day operational / functional owner of the AFCP should be a department that is adequately resourced with the functional expertise to administer the AFCP and have the confidence of the owners of the business controls. Typically this would be Internal Audit, Ethics and Compliance or possibly Risk Management. This is a senior management call.

On the “How” to implement and manage the program.  During the program development, for each section recruit the senior leader and a designee for the detailed meetings; i.e. Internal Controls, select the Chief Accounting Officer with their designee as the leader owning SOX / Internal Controls

• With input / buy-in from the internal stakeholders, develop and document a draft
• Prepare for questions / push back from senior management and the audit committee
• Obtain approval, buy-in and support of senior management
• Implementation through communication by senior management of program, owner and expectations to internal stakeholders and employees
• Maintenance by the AFCP owner and the functional person for the day-to-day operations. Within 18 months the program should be reviewed for any needed revisions.

And that is all there is to it … Ok there is a bit of work in research, coordination, meetings, drafting / redrafting and consensus building, but all projects call for this. This is an important document to insure there is a plan, process, owner, follow up and monitoring for how a company deals with fraud and suspicious activity. It shows a company’s leadership commitment to dealing with fraud in an open and transparent fashion from the top down.

Please let me know if I can help or be a resource for your questions / comments on the content of this article.  If you would like all the articles, please let me know at [email protected] and I will share.  I have developed, implemented and managed Anti-fraud Compliance Programs for companies as part of a proactive approach and in reaction to civil and criminal investigations.

 I hope your New Year gets off to a great start.

George