Governance, Fraud Risk, and Compliance
The initiative to integrate corporate governance, risk management, and compliance (GRC) programs arose in the wake of the Sarbanes-Oxley Act of 2002 (SOA). The SOA itself was passed largely in response to massive corporate frauds committed at Enron and WorldCom and the consequent losses to shareholders and employees. GRC has evolved to encompass internal controls, technology tools, and management processes directed to maximize shareholder value, set and measure the achievement of business objectives, manage information flows, and operate legally and ethically while at the same time managing risks and protecting assets.
Ryan Fraud and Forensic Recovery provides consultation and controls implementation on an underlying fundamental objective of GRC: the deterrence, prevention, and detection of fraud and unauthorized transactions.
Our professionals consult with companies and auditors in assessing and designing antifraud programs and controls, facilitating and documenting fraud risk assessments, and designing and implementing fraud-related policies and procedures, fraud awareness training activities, post-event remediation, compliance solutions, and compliance monitoring and testing.
A well-designed and effective antifraud program actively assesses fraud risk, increases organizational awareness, implements preventive and detective controls, and supports a GRC program by aligning policies and procedures with significant fraud risks, and focusing management and internal audit procedures on those risks.
In a fraud risk assessment, we work with organizations to identify common, industry-wide, and company-specific fraud risks, assess the inherent risk and significance of possible fraud events, and assist in measuring the effectiveness of existing internal controls in mitigating those risks.
In our experience, the absence of detective controls aligned to common fraud risks is the most frequently identified weakness resulting from a fraud risk assessment. We assist clients in designing and implementing fraud-risk focused data mining utilizing Ryan eAnalytics™ as a method of detecting fraud, exposing unknown weaknesses in internal controls, and tracing and recovering assets. The added value of our risk assessment-based data mining methodology in detecting fraud derives from establishing a process that overcomes common data environment characteristics: disparate systems in an organization create relevant data sets that are not compared or related, and internal controls are often not designed to identify the high-risk transactions, employees, or vendors. Ryan eAnalytics™ integrates business data and searches for relationships and transaction patterns that are associated with fraud or improper payments, such as those associated with potential Foreign Corrupt Practices Act (FCPA) violations.