[30 Dec 2016] Open with your browser  
Featured images

COSO’s New Fraud Risk Management Guide

Written by: Mr. Frankie Chan - Senior Risk Consultant

The Committee of Sponsoring Organizations of the Treadway Commission (“COSO”) released the Fraud Risk Management Guide (“the Guide”) on 29th September 2016. The Guide is an update of the 2007 publication - Managing the Business Risk of Fraud: A Practical Guide, published and sponsored by the American Institute of CPAs (“AICPA”). Relevant cases, updated standards and technological improvements are set forth in the latest guide. The Guide does not only facilitate the application of the COSO Framework, it also serves as the guidance of the best practices for organizations during their fraud risk assessment.

The Guide is designed to tackle risks of fraudulent financial reporting, which is caused by direct or indirect misdeeds. It emphasizes five fraud risk management principles that correspond to the five internal control components of the COSO Framework, which are Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring Activities, and their relevant principles. In the Guide, the fraud risk management principles are described as follows:

Control Environment
The organization establishes and communicates a fraud risk management program that demonstrates the expectations of the board of directors and senior management and their commitment to high integrity and ethical values regarding managing fraud risk.

Risk Assessment
The organization performs comprehensive fraud risk assessments to identify specific fraud schemes and risks, assess their likelihood and significance, evaluate existing fraud control activities, and implement actions to mitigate residual fraud risks.

Control Activities
The organization selects, develops, and deploys preventive and detective fraud control activities to mitigate the risk of fraud events occurring or not being detected in a timely manner.

Information and Communication
The organization establishes a communication process to obtain information about potential fraud and deploys a coordinated approach to investigation and corrective action to address fraud appropriately and in a timely manner.

Monitoring Activities
The organization selects, develops, and performs ongoing evaluations to ascertain whether each of the five principles of fraud risk management is present and functioning and communicates on fraud risk management program deficiencies in a timely manner with parties responsible for taking corrective actions, including senior management and the board of directors.

Organizations implementing the 2013 COSO Framework can adopt the Guide in one of the following two ways.

1. Revisiting its existing internal control structure

The organization can adopt the Guide’s second fraud risk management principle, which is the risk assessment principle, on a stand-alone basis. The organization performs fraud risk assessment by revisiting each component of its existing internal control structure and evaluating the vulnerabilities to fraud.

2. Implementing the Guide as a separate process

The organization can implement the Guide as a separate, compatible, and more comprehensive process for specifically assessing the organization’s fraud risk as part of a broader fraud risk management program or process. This approach requires assessment of fraud risk in addition to the review on the current internal control structure.


This approach is recommended by COSO as it provides an ongoing and more thorough fraud risk management process by identifying internal control weaknesses caused by fraud instead of errors. It is explained by COSO that a mere fraud risk assessment complementing to the existing internal control assessment may not be able to identify intentional acts that lead to misstatement of financial and/or non-financial information, misappropriation of asset and illegal acts. Therefore, the second approach can provide a greater assurance in respect of intentional acts.

Executive Summary, Fraud Risk Management Guide. Committee of Sponsoring Organizations of the Treadway Commission, September 2016.


If there are any aspects which we may assist, please do not hesitate to contact:

Managing Partner - Mr. Roy Lo
roy.lo@shinewing.hk (Tel. 3583 8048) or

Senior Risk Manager - Ms. Gloria So
gloria.so@shinewing.hk (Tel. 3583 8517)


SHINEWING Risk Services Limited

Contact Us

SHINEWING Risk Services Limited
43/F., Lee Garden One, 33 Hysan Avenue Causeway Bay, Hong Kong,

T. (852) 3583 8000

F. (852) 3583 8532

W. www.shinewing.hk

E. risk@shinewing.hk


product image


SHINEWING Risk Services Limited is an industry leader with many years of experience in risk management and internal control review services in China and Hong Kong. SHINEWING has maintained its leadership position in the market over the years.

Headquartered in Beijing and with branch offices in Hong Kong, Singapore, Japan, Australia, Pakistan, Egypt, Shenzhen, Chengdu, Shanghai, Xi’an, Tianjin, Qingdao, Changsha, Changchun, Yinchuan, Jinan, Dalian, Kunming, Guangzhou, Fuzhou, Nanjing, Urumqi, Wuhan, Hangzhou, Taiyuan, Chongqing, Nanning and Hefei. SHINEWING is ideally positioned to provide services for our valued clients.


Copyright © 2016 SHINEWING Risk Services Limited. All rights reserved.

This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.


Home | Open in browser | Unsubscribe