Internal audit can assist management by facilitating a fraud risk assessment. Management should make the decision both on the level of risk and whether it is acceptable. Internal audit can provide their opinion and advice on both.
On February 15, 2019, the Society for Worldwide Interbank Financial Telecommunication (“SWIFT”) published guidelines for assessing cybersecurity counterparty risk for financial institutions (the “Guidelines”).
The best resource for understanding the level of fraud risk is the Association of Fraud Examiners’ (ACFE) annual Report to the Nations, their global study of occupational fraud and abuse. Their 2018 Report is now available and, as always, shares some useful and important insights. The ACFE analyzed 2,690 cases from January 2016 to October 2017 from around the world (48% from the USA, the rest evenly split among other regions).