COSO â€“ SARBOX â€“ SUPPLY CHAIN FRAUD
The Committee Of Sponsoring Organizations (COSO) internal controls framework highlights the following 5 key components which are a useful guide for the detection and reduction of supply chain fraud. Control Environment, Risk Assessment, Control Activities, Information & Communication and last but not least, Monitoring. In summary:
The â€œtoneâ€ of the organization as set by example and action of senior management. If executives display a cavalier attitude towards ethical practices and professional behavior, even to the point of the commission of fraud, this negative behavior will trickle down to all ranks of employee as being acceptable and could be perpetrated against not only the organization, but also customers and suppliers.
All risks must be assessed for, among other characteristics, their likelihood, damage impact, costs of correction, and costs of prevention. In terms of supply chain fraud, supplier metrics and the vendor scorecard are useful tools in determining suppliers that may be putting the organization â€œat riskâ€. Viewing the internal supply chain in a similar way can help identify bottleneck processes, information gaps, software deficiencies, etc.
The control activities are the policies, procedures, validations, verifications, etc. that are used to ensure that all levels of business operations function correctly because there is sufficient oversight. Control activity documentation should include not just how, for example, suppliers and employees are supposed to act, but also how they will interact â€“ the organization with its suppliers, customers, and itself (between departments and groups).
INFORMATION & COMMUNICATION
The information an employee needs to perform their job functions efficiently and effectively must be provided based on the employeeâ€™s security clearance or level of job function. To withhold such information may force the employee to create unsecured data files that, if stolen or lost, could contain competitively sensitive information about the organization.
The effectiveness of all control activities, such as those used to detect and reduce supply chain fraud â€“ whether manual or systematic â€“ must be constantly evaluated for accuracy and relevance as the organization grows and changes. Like the control activities themselves, the monitoring should not be invasive or excessive as such to inhibit performance or job function.
Other articles in this series:
Guest Author: Norman Katz
Copyright Â© Katzscan, Inc. â€“ Source: Supply Chain Fraud White Paper
Telephone: 954-942-4141 ï· www.katzscan.com ï· Since January 1996 ï· www.supplychainfraud.com