Fraud Risk Management Guide, Second Edition

Research Commissioned by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and Co-Published by the ACFE

Image of book with image of magnifying glass on cover
Fraud Risk Management Guide Second Edition


 It is impossible and impractical to eliminate all fraud in all organizations. However, effective leaders address fraud risk as they do any risk — they manage it. The Fraud Risk Management Guide, Second Edition provides a blueprint to do just that.

The Fraud Risk Management Guide, Second Edition details how to create a comprehensive fraud risk management program for your organization that includes:

  • Establishing a visible and rigorous fraud governance process
  • Creating a transparent and sound anti-fraud culture
  • Conducting a thorough fraud risk assessment periodically
  • Designing, implementing and maintaining preventive and detective fraud control processes and procedures
  • Taking swift action in response to allegations of fraud

This guide, co-published by COSO and the ACFE, provides:

  • Examples of key components you can use as a starting point for developing your organization’s fraud risk management program
  • References to other resources to tailor the program based on your organization’s size and circumstances
  • Guidance for implementing your fraud risk management program

Product Details

Label Value
ISBN 978-1-95515-942-5
Publisher The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
Published Copyright 2023
Pages 116
Format Online PDF (This is a digital product that must be accessed through a web-browser.)

Table of Contents

Fraud Risk Management Guide Update Task Force
Anti-Fraud Professionals Who Provided Recommendations for this Fraud Risk Management Guide Update
Fraud Risk Management Task Force
Fraud Risk Management Advisory Panel
Chapter 1 Fraud Risk Governance
Chapter 2 Fraud Risk Assessment
Chapter 3 Fraud Control Activities
Chapter 4 Fraud Investigation and Corrective Action
Chapter 5 Fraud Risk Management Monitoring Activities
Appendix A Glossary
Appendix B Fraud Risk Management Roles and Responsibilities
Appendix C Fraud Risk Management Considerations for Smaller Entities
Appendix D Data Analytics
Appendix E Fraud Risk Assessment Example
Appendix F Fraud Risk Tools
Appendix G Managing the Risk of Fraud, Waste and Abuse in the Government Environment

Second Edition Updates

  • Fraud Risk Management and Deterrence
    This edition explains how fraud risk management relates to and supports fraud deterrence — a key theme in COSO’s missions.
  • Relationships Among COSO’s Two Frameworks and Fraud Risk Management
    This edition explains how the COSO 2013 Internal Control — Integrated Framework, the COSO 2017 Enterprise Risk Management — Integrating with Strategy and Performance Framework and the Fraud Risk Management Guide are related and support each other.
  • Expanded Information on Data Analytics
    Data analytics continues to grow in importance as a key tool for the prevention and early detection of fraud. Advanced applications of data analytics may be less familiar to some users than standard tools, such as interviewing and whistleblower systems. Accordingly, this edition includes expanded and updated information on data analytics, while continuing to emphasize the importance of interviewing and whistleblower systems. A data analytics Point of Focus has been added to each of the five fraud risk management principles to demonstrate how the use of data analytics is an integral part of each principle. Further, the data analytics appendix has been updated and expanded. This approach is not meant to downplay the importance of other tools, but rather, to highlight the increasing power of data analytics in managing fraud risk.
  • Internal Control and Fraud Risk Management
    This edition explains how internal control and fraud risk management are related and support each other, but are different in some important respects. Examples are provided to show that many “go-to” internal control processes and procedures may be adequate for ensuring accuracy in accounting and financial reporting but may not provide sufficient fraud protection.
  • Assessing the Effectiveness of Existing Control Procedures as Related to Fraud Risk
    Chapter 2 (Fraud Risk Assessment) provides additional information on this important step in the fraud risk assessment process. It clarifies and emphasizes that assessing control effectiveness involves (a) identifying existing control procedures related to each identified inherent fraud risk, (b) assuring that the controls have been implemented and are working as designed, and (c) assessing whether the controls are adequate to address the fraud risks that have been identified. That last step is in addition to an assessment of the design and operating effectiveness of controls from an internal control over financial reporting perspective. Further, it is the key to identifying residual fraud risk so that additional fraud control activities such as additional data analytics can be applied.
  • Changes in the Legal and Regulatory Environment

    This edition includes updated information with respect to recent legal and regulatory developments in the U.S. pertaining to fraud and fraud risk management, including:

    • The Department of Justice’s Evaluation of Corporate Compliance Programs
    • The Government Accountability Office’s A Framework for Managing Fraud Risks in Federal Programs
    • U.S. Securities and Exchange Commission’s Climate and Environmental, Social and Governance (ESG) Task Force Reports
  • Fraud Reporting Systems or Hotlines
    ACFE research consistently shows that the majority of frauds are discovered through tips, often from employees in an organization. This edition includes updated and expanded information related to the importance of fraud reporting systems in detecting, preventing and deterring fraud.
  • Changes in the External Environment and Fraud Landscape

    The fraud landscape is changing rapidly. This edition includes information on this changing environment, including:

    • Environmental, Social, and Governance (ESG) initiatives and reporting
    • Cyber fraud
    • Blockchain, crypto-currency and digital assets
    • Ransomware
    • COVID-19 response efforts, the CARES Act (Public Law 116-136) and other related programs
    • Remote working and hybrid working environments
    • Innovative and virtual management tools and accounting procedures

Ordering and Returns

Satisfaction Guarantee

If you are not 100% satisfied with any ACFE product, you may return it to us, provided it is in excellent condition, for a full refund of the item minus the cost of shipping. Toolkits and bundles may only be returned as a complete set.

Ordering & Returns Policy