Fraud Risk Management: Culture Outlives Controls
Controls decay under pressure; culture persists.
A robust fraud risk plan names specific schemes (fronting, collusion, salary skimming), maps each to a control owner, and sets monitoring cadence. But the differentiator is cultural instrumentation.
Try these micro-experiments:
- Ask managers to describe the last control they personally tightened—listen for ownership versus outsourcing to “audit”.
- Randomly sample exceptions and follow one all the way to closure—measure the half-life of awkward truths.
- Run a pre-mortem: if a scandal breaks in 90 days, which blind spots made it possible? Document and remediate those now.
Finally, examine incentives: do KPIs inadvertently reward speed over scrutiny?
Controls without aligned incentives create clever workarounds.
Boards can’t outsource scepticism; they can require evidence that scepticism is alive in the line.
If you can’t point to last month’s uncomfortable conversation that changed a process, you may have a beautifully documented illusion.
Connect with Duja Consulting!
Follow us on LinkedIn!
