- Create a culture of honesty and high ethics
- Evaluate anti-fraud processes and controls
- Develop an appropriate oversight process.
COSO fraud prevention and control:
- Control environment - Companies must establish an appropriate control environment
- Fraud risk assessment - Organizations should identify and assess fraud-related risks, including assessing the potential for fraudulent financial reporting, asset misappropriation, improper receipts and expenditures etc.
- Control activities - Companies should establish and implement effective control practices, including action taken by management to identify, prevent and mitigate fraudulent financial reporting or misuse of the organization's asset.
- Information and communication - Companies must establish effective fraud-related information and communication practices.
- Monitoring - Organizations should conduct ongoing and periodic performance assessments and identify the impact and use of computer technology for fraud deterrence.
There are 3 universally accepted elements of information security:
- Confidentiality - policies and practices for privacy and safeguarding confidential information and protection against unauthorized interceptions
- Integrity - provisions to ensure that data is complete and correct
- Availability - actions to mitigate downtime and to enhance recovery of data after disruptions, disaster and corruptions of data or information technology services.
Security risk management process:
- Identification - identifies the exposure to loss in terms of threats and vulnerabilities
- Probability determination - Determines the probability that a threat or vulnerability will materialized.
- Quantification of potential loss - quantifies the potential loss in terms of financial and non-financial impact
- Selection - Evaluates the feasibility of alternative risk management techniques.
No comments:
Post a Comment