Fraud Governance and Controls
Expert-defined terms from the Fraud Risk Assessment and Management course at LearnUNI. Free to read, free to share, paired with a professional course.
Accountability refers to the state of being answerable for one's actions,… #
Related terms include compliance, governance, and internal controls. In the context of Fraud Risk Assessment and Management, accountability is essential for maintaining effective controls and preventing fraudulent activities. For example, in a financial institution, employees are expected to be accountable for their transactions and report any suspicious activities to their supervisors.
Accounting Irregularities refer to intentional or unintentional errors or… #
Related terms include financial statement fraud, misrepresentation, and material weakness. Accounting irregularities can have serious consequences, including financial losses and damage to an organization's reputation. To prevent accounting irregularities, organizations should implement robust internal controls, such as separation of duties and regular audits. For instance, a company can implement a system of checks and balances to ensure that financial statements are accurate and reliable.
Advanced Persistent Threats (APTs) refer to sophisticated cyber attacks t… #
Related terms include malware, phishing, and social engineering. APTs can be used to steal sensitive information, disrupt operations, or commit fraud. To prevent APTs, organizations should implement robust cybersecurity controls, such as firewalls, intrusion detection systems, and employee training. For example, a company can implement a security awareness program to educate employees on the risks of phishing and social engineering.
Anti #
Money Laundering (AML) refers to the process of preventing and detecting the laundering of illicit funds. Related terms include know-your-customer, suspicious transaction reporting, and financial intelligence. AML is critical in preventing fraud and terrorist financing, and organizations should implement effective AML controls, such as customer due diligence and transaction monitoring. For instance, a bank can implement a system to monitor transactions and report suspicious activities to the relevant authorities.
Asset Misappropriation refers to the theft or unauthorized use of an orga… #
Related terms include embezzlement, theft, and internal controls. Asset misappropriation can have serious consequences, including financial losses and damage to an organization's reputation. To prevent asset misappropriation, organizations should implement robust internal controls, such as separation of duties and regular audits. For example, a company can implement a system of checks and balances to ensure that assets are properly accounted for and protected.
Audit Committee refers to a group of individuals responsible for overseei… #
Related terms include audit, financial reporting, and corporate governance. The audit committee plays a critical role in preventing and detecting fraud, and should be independent and comprise individuals with relevant expertise. For instance, a company can establish an audit committee to review financial statements and ensure that they are accurate and reliable.
Audit Risk refers to the risk that an auditor may not detect material err… #
Related terms include audit, materiality, and sampling. Audit risk can be mitigated by implementing robust audit procedures, such as risk-based auditing and substantive testing. For example, an auditor can use statistical sampling to test transactions and ensure that they are accurate and complete.
Authentication refers to the process of verifying the identity of individ… #
Related terms include authorization, access control, and biometrics. Authentication can be implemented through various methods, such as passwords, tokens, or biometric authentication. For instance, a company can implement a system of two-factor authentication to ensure that only authorized individuals have access to sensitive information.
Authorization refers to the process of granting access to individuals or… #
Related terms include authentication, access control, and role-based access control. Authorization should be based on the principle of least privilege, where individuals are granted only the necessary access to perform their duties. For example, a company can implement a system of role-based access control to ensure that employees only have access to the information and systems necessary to perform their jobs.
Bribery refers to the offer or acceptance of something of value in exchan… #
Related terms include corruption, kickbacks, and facilitation payments. Bribery can have serious consequences, including financial losses and damage to an organization's reputation. To prevent bribery, organizations should implement robust anti-bribery controls, such as due diligence and monitoring of transactions. For instance, a company can establish a policy of zero tolerance for bribery and corruption.
Business Continuity Planning refers to the process of ensuring that an or… #
Related terms include risk management, disaster recovery, and crisis management. Business continuity planning is critical in preventing and responding to fraud, and should include procedures for maintaining operations, protecting assets, and communicating with stakeholders. For example, a company can establish a business continuity plan to ensure that it can continue to operate in the event of a natural disaster or cyber attack.
Certification refers to the process of verifying that an individual or sy… #
Related terms include accreditation, compliance, and audit. Certification can be implemented through various methods, such as training, testing, and evaluation. For instance, a company can establish a certification program to ensure that employees have the necessary skills and knowledge to perform their duties.
Chief Audit Executive (CAE) refers to the individual responsible for over… #
Related terms include internal audit, audit committee, and risk management. The CAE should be independent and have the necessary expertise and resources to perform their duties effectively. For example, a company can establish an internal audit function to review financial statements and ensure that they are accurate and reliable.
Cloud Computing refers to the delivery of computing resources and service… #
Related terms include cybersecurity, data protection, and virtualization. Cloud computing can provide numerous benefits, including scalability, flexibility, and cost savings, but also introduces new risks and challenges. For instance, a company can use cloud computing to store and process sensitive information, but must ensure that it has robust security controls in place to protect against cyber threats.
Compliance refers to the process of adhering to laws, regulations, and st… #
Related terms include governance, risk management, and internal controls. Compliance can be implemented through various methods, such as training, policies, and procedures. For example, a company can establish a compliance program to ensure that it is adhering to relevant laws and regulations.
Computer Forensics refers to the process of analyzing and preserving digi… #
Related terms include cybersecurity, digital forensics, and incident response. Computer forensics can be used to track and analyze digital evidence, and should be performed by trained and experienced professionals. For instance, a company can use computer forensics to investigate a cyber attack and identify the perpetrators.
Continuous Auditing refers to the process of performing audits on a conti… #
Related terms include audit, risk management, and internal controls. Continuous auditing can be implemented through various methods, such as automated auditing tools and real-time monitoring. For example, a company can use continuous auditing to monitor financial transactions and detect suspicious activities.
Corporate Governance refers to the system of rules, practices, and proces… #
Related terms include board of directors, audit committee, and risk management. Corporate governance should include procedures for ensuring accountability, transparency, and fairness. For instance, a company can establish a corporate governance framework to ensure that it is operating in a fair and transparent manner.
Credit Risk refers to the risk that a borrower may default on a loan or d… #
Related terms include credit scoring, creditworthiness, and loan portfolio management. Credit risk can be mitigated by implementing robust credit assessment and monitoring procedures. For example, a bank can use credit scoring to assess the creditworthiness of borrowers and manage its loan portfolio.
Crime Prevention refers to the process of preventing and reducing crime,… #
Related terms include law enforcement, crime detection, and crime investigation. Crime prevention can be implemented through various methods, such as community policing, surveillance, and education. For instance, a company can establish a crime prevention program to educate employees on the risks of fraud and how to prevent it.
Cryptography refers to the process of protecting data by converting it in… #
Related terms include encryption, decryption, and digital signatures. Cryptography can be used to protect sensitive information, such as financial data and personal identifiable information. For example, a company can use encryption to protect sensitive information and ensure that it is not accessible to unauthorized individuals.
Cyber Attack refers to the attempt to compromise or disrupt an organizati… #
Related terms include hacking, malware, and phishing. Cyber attacks can have serious consequences, including financial losses and damage to an organization's reputation. To prevent cyber attacks, organizations should implement robust cybersecurity controls, such as firewalls, intrusion detection systems, and employee training. For instance, a company can establish a cybersecurity program to educate employees on the risks of cyber attacks and how to prevent them.
Data Analytics refers to the process of analyzing and interpreting data t… #
Related terms include data mining, business intelligence, and predictive analytics. Data analytics can be used to identify patterns and anomalies in data, and should be performed by trained and experienced professionals. For example, a company can use data analytics to identify suspicious transactions and detect fraudulent activities.
Data Governance refers to the process of managing and protecting an organ… #
Related terms include data quality, data security, and data compliance. Data governance should include procedures for ensuring data accuracy, completeness, and security. For instance, a company can establish a data governance framework to ensure that its data is accurate, complete, and secure.
Data Loss Prevention (DLP) refers to the process of preventing sensitive… #
Related terms include data protection, data encryption, and incident response. DLP can be implemented through various methods, such as data classification, access control, and monitoring. For example, a company can use DLP to prevent sensitive information from being sent via email or uploaded to cloud storage.
Data Mining refers to the process of analyzing and extracting patterns an… #
Related terms include data analytics, business intelligence, and predictive analytics. Data mining can be used to identify patterns and anomalies in data, and should be performed by trained and experienced professionals. For instance, a company can use data mining to identify suspicious transactions and detect fraudulent activities.
Digital Forensics refers to the process of analyzing and preserving digit… #
Related terms include computer forensics, cybersecurity, and incident response. Digital forensics can be used to track and analyze digital evidence, and should be performed by trained and experienced professionals. For example, a company can use digital forensics to investigate a cyber attack and identify the perpetrators.
Disaster Recovery refers to the process of recovering from a disaster or… #
Related terms include business continuity planning, risk management, and crisis management. Disaster recovery should include procedures for maintaining operations, protecting assets, and communicating with stakeholders. For instance, a company can establish a disaster recovery plan to ensure that it can continue to operate in the event of a natural disaster or cyber attack.
Due Diligence refers to the process of conducting a thorough review and a… #
Related terms include risk management, compliance, and internal controls. Due diligence should include procedures for evaluating the risks and benefits of a potential investment or business opportunity. For example, a company can conduct due diligence on a potential investment to assess its risks and benefits.
Electronic Discovery (eDiscovery) refers to the process of identifying, c… #
Related terms include digital forensics, computer forensics, and incident response. eDiscovery can be used to track and analyze digital evidence, and should be performed by trained and experienced professionals. For instance, a company can use eDiscovery to respond to a legal request or investigation and provide electronic data to the relevant authorities.
Employee Screening refers to the process of evaluating an employee's back… #
Related terms include background checks, employment verification, and reference checks. Employee screening should include procedures for evaluating an employee's honesty, integrity, and reliability. For example, a company can conduct background checks on new employees to assess their suitability for a particular role.
Enterprise Risk Management (ERM) refers to the process of identifying, as… #
Related terms include risk management, internal controls, and compliance. ERM should include procedures for identifying, assessing, and mitigating risks, as well as monitoring and reviewing risk management processes. For instance, a company can establish an ERM framework to identify, assess, and manage risks across the organization.
Error Detection refers to the process of identifying and correcting error… #
Related terms include data quality, data validation, and data reconciliation. Error detection should include procedures for identifying and correcting errors, as well as monitoring and reviewing data quality. For example, a company can use data analytics to identify errors in financial transactions and correct them.
Financial Reporting refers to the process of preparing and presenting fin… #
Related terms include accounting, auditing, and financial analysis. Financial reporting should include procedures for ensuring the accuracy, completeness, and transparency of financial statements. For instance, a company can establish a financial reporting framework to ensure that its financial statements are accurate, complete, and transparent.
Forensic Accounting refers to the process of analyzing and interpreting f… #
Related terms include auditing, financial analysis, and fraud investigation. Forensic accounting can be used to identify patterns and anomalies in financial data, and should be performed by trained and experienced professionals. For example, a company can use forensic accounting to investigate a suspected case of financial fraud and identify the perpetrators.
Fraud Detection refers to the process of identifying and detecting fraudu… #
Related terms include fraud prevention, fraud investigation, and fraud analytics. Fraud detection should include procedures for monitoring and analyzing data, as well as identifying and reporting suspicious activities. For instance, a company can use data analytics to detect suspicious transactions and report them to the relevant authorities.
Fraud Investigation refers to the process of investigating and analyzing… #
Related terms include forensic accounting, digital forensics, and incident response. Fraud investigation should include procedures for gathering and analyzing evidence, as well as identifying and prosecuting perpetrators. For example, a company can conduct a fraud investigation to gather evidence and identify the perpetrators of a suspected case of fraud.
Fraud Prevention refers to the process of preventing and reducing the ris… #
Related terms include fraud detection, fraud investigation, and fraud analytics. Fraud prevention should include procedures for monitoring and analyzing data, as well as identifying and reporting suspicious activities. For instance, a company can establish a fraud prevention program to educate employees on the risks of fraud and how to prevent it.
Fraud Risk Assessment refers to the process of identifying and assessing… #
Related terms include risk management, internal controls, and compliance. Fraud risk assessment should include procedures for identifying, assessing, and mitigating risks, as well as monitoring and reviewing risk management processes. For example, a company can conduct a fraud risk assessment to identify areas of high risk and implement controls to mitigate those risks.
Governance refers to the system of rules, practices, and processes by whi… #
Related terms include corporate governance, board of directors, and audit committee. Governance should include procedures for ensuring accountability, transparency, and fairness. For instance, a company can establish a governance framework to ensure that it is operating in a fair and transparent manner.
Identity Theft refers to the theft or unauthorized use of an individual's… #
Related terms include phishing, social engineering, and credit card fraud. Identity theft can have serious consequences, including financial losses and damage to an individual's reputation. To prevent identity theft, individuals should be cautious when providing personal information and monitor their financial accounts regularly. For example, an individual can use two-factor authentication to protect their online accounts and monitor their credit reports regularly.
Incident Response refers to the process of responding to and managing a s… #
Related terms include disaster recovery, business continuity planning, and crisis management. Incident response should include procedures for containing, mitigating, and recovering from a security incident or data breach. For instance, a company can establish an incident response plan to ensure that it can respond quickly and effectively to a security incident or data breach.
Information Security refers to the process of protecting an organization'… #
Related terms include cybersecurity, data protection, and incident response. Information security should include procedures for ensuring the confidentiality, integrity, and availability of information and systems. For example, a company can implement a system of firewalls and intrusion detection systems to protect its information and systems from unauthorized access.
Internal Audit refers to the process of evaluating and improving an organ… #
Related terms include audit, risk management, and compliance. Internal audit should include procedures for evaluating and improving internal controls, as well as identifying and reporting risks and control weaknesses. For instance, a company can establish an internal audit function to evaluate and improve its internal controls and risk management processes.
Internal Controls refer to the processes and procedures implemented by an… #
Related terms include risk management, compliance, and audit. Internal controls should include procedures for authorizing, recording, and reporting financial transactions, as well as monitoring and reviewing financial data. For example, a company can implement a system of internal controls to ensure that financial transactions are accurate, complete, and reliable.
Investigation refers to the process of gathering and analyzing evidence t… #
Related terms include forensic accounting, digital forensics, and incident response. Investigation should include procedures for gathering and analyzing evidence, as well as identifying and prosecuting perpetrators. For instance, a company can conduct an investigation to gather evidence and identify the perpetrators of a suspected case of fraud.
IT Governance refers to the process of managing and overseeing an organiz… #
Related terms include information security, cybersecurity, and data protection. IT governance should include procedures for ensuring the security, availability, and integrity of information technology systems and data. For example, a company can establish an IT governance framework to ensure that its information technology systems and data are secure, available, and reliable.
Know #
Your-Customer (KYC) refers to the process of verifying the identity and legitimacy of customers, and is critical in preventing and detecting fraud. Related terms include anti-money laundering, customer due diligence, and risk management. KYC should include procedures for verifying the identity and legitimacy of customers, as well as monitoring and reporting suspicious activities. For instance, a bank can implement a KYC program to verify the identity and legitimacy of its customers and monitor their transactions for suspicious activities.
Materiality refers to the concept of determining whether a particular tra… #
Related terms include accounting, auditing, and financial reporting. Materiality should include procedures for determining whether a particular transaction or event is significant enough to be reported or disclosed. For example, a company can establish a materiality threshold to determine whether a particular transaction or event is significant enough to be reported or disclosed.
Network Security refers to the process of protecting an organization's co… #
Related terms include cybersecurity, information security, and incident response. Network security should include procedures for ensuring the confidentiality, integrity, and availability of computer networks and systems. For instance, a company can implement a system of firewalls and intrusion detection systems to protect its computer networks and systems from unauthorized access.
Operational Risk refers to the risk of loss or damage resulting from inad… #
Related terms include risk management, internal controls, and compliance. Operational risk should include procedures for identifying, assessing, and mitigating risks, as well as monitoring and reviewing risk management processes. For example, a company can establish an operational risk management framework to identify, assess, and mitigate risks across the organization.
Outsourcing refers to the process of contracting with a third #
party provider to perform a specific function or service, and is critical in preventing and detecting fraud. Related terms include third-party risk, vendor management, and supply chain risk. Outsourcing should include procedures for evaluating and managing the risks associated with outsourcing, as well as monitoring and reviewing the performance of third-party providers. For instance, a company can establish an outsourcing framework to evaluate and manage the risks associated with outsourcing and monitor the performance of third-party providers.
Penetration Testing refers to the process of simulating a cyber attack on… #
Related terms include vulnerability assessment, security testing, and incident response. Penetration testing should include procedures for simulating a cyber attack, as well as identifying and reporting vulnerabilities and weaknesses. For example, a company can conduct penetration testing to simulate a cyber attack and identify vulnerabilities and weaknesses in its computer systems or networks.
Phishing refers to the attempt to obtain sensitive information, such as p… #
Related terms include social engineering, identity theft, and cyber attack. Phishing can have serious consequences, including financial losses and damage to an organization's reputation. To prevent phishing, individuals should be cautious when providing personal information and monitor their financial accounts regularly. For instance, an individual can use two-factor authentication to protect their online accounts and monitor their credit reports regularly.
Privacy refers to the right of individuals to control their personal info… #
Related terms include data protection, information security, and incident response. Privacy should include procedures for ensuring the confidentiality, integrity, and availability of personal information. For example, a company can establish a privacy framework to ensure that personal information is protected from unauthorized use or disclosure.
Procurement Fraud refers to the attempt to defraud an organization throug… #
Related terms include contract management, vendor management, and supply chain risk. Procurement fraud can have serious consequences, including financial losses and damage to an organization's reputation. To prevent procurement fraud, organizations should implement robust procurement controls, such as due diligence and monitoring of contracts. For instance, a company can establish a procurement framework to ensure that contracts are properly managed and monitored.
Regulatory Compliance refers to the process of adhering to laws, regulati… #
Related terms include governance, risk management, and internal controls. Regulatory compliance should include procedures for ensuring adherence to relevant laws, regulations, and standards. For example, a company can establish a regulatory compliance framework to ensure that it is adhering to relevant laws, regulations, and standards.
Risk Assessment refers to the process of identifying, assessing, and prio… #
Related terms include risk management, internal controls, and compliance. Risk assessment should include procedures for identifying, assessing, and prioritizing risks, as well as monitoring and reviewing risk management processes. For instance, a company can conduct a risk assessment to identify areas of high risk and implement controls to mitigate those risks.
Risk Management refers to the process of identifying, assessing, and miti… #
Related terms include internal controls, compliance, and audit. Risk management should include procedures for identifying, assessing, and mitigating risks, as well as monitoring and reviewing risk management processes. For example, a company can establish a risk management framework to identify, assess, and mitigate risks across the organization.
Sanctions refers to the penalties or consequences imposed on individuals… #
Related terms include regulatory compliance, governance, and risk management. Sanctions can have serious consequences, including financial losses and damage to an organization's reputation. To prevent sanctions, organizations should implement robust compliance controls, such as due diligence and monitoring of transactions. For instance, a company can establish a compliance framework to ensure that it is adhering to relevant laws, regulations, and standards.
Security Awareness refers to the process of educating individuals on secu… #
Related terms include security training, security awareness program, and incident response. Security awareness should include procedures for educating individuals on security best practices and the importance of security. For example, a company can establish a security awareness program to educate employees on the risks of cyber attacks and how to prevent them.
Social Engineering refers to the attempt to manipulate individuals into d… #
Related terms include phishing, identity theft, and cyber attack. Social engineering can have serious consequences, including financial losses and damage to an organization's reputation. To prevent social engineering, individuals should be cautious when providing personal information and monitor their financial accounts regularly. For instance, an individual can use two-factor authentication to protect their online accounts and monitor their credit reports regularly.
Supply Chain Risk refers to the risk of loss or damage resulting from the… #
Related terms include third-party risk, vendor management, and outsourcing. Supply chain risk should include procedures for evaluating and managing the risks associated with suppliers or third-party providers, as well as monitoring and reviewing their performance. For example, a company can establish a supply chain risk management framework to evaluate and manage the risks associated with suppliers or third-party providers.
Third #
Party Risk refers to the risk of loss or damage resulting from the failure of a third-party provider, and is critical in preventing and managing fraud. Related terms include outsourcing, vendor management, and supply chain risk. Third-party risk should include procedures for evaluating and managing the risks associated with third-party providers, as well as monitoring and reviewing their performance. For instance, a company can establish a third-party risk management framework to evaluate and manage the risks associated with third-party providers.
Transaction Monitoring refers to the process of monitoring and analyzing… #
Related terms include anti-money laundering, know-your-customer, and risk management. Transaction monitoring should include procedures for monitoring and analyzing transactions, as well as identifying and reporting suspicious activities. For example, a bank can implement a transaction monitoring system to detect and prevent suspicious transactions.
Vulnerability Assessment refers to the process of identifying and evaluat… #
Related terms include penetration testing, security testing, and incident response. Vulnerability assessment should include procedures for identifying and evaluating vulnerabilities, as well as implementing controls to mitigate them. For instance, a company can conduct a vulnerability assessment to identify vulnerabilities in its systems or networks and implement controls to mitigate them.
Web Application Security refers to the process of protecting web applicat… #
Related terms include cybersecurity, information security, and incident response. Web application security should include procedures for ensuring the confidentiality, integrity, and availability of web applications. For example, a company can implement a system of firewalls and intrusion detection systems to protect its web applications from unauthorized access.