Continuous monitoring in the fraud risk environment relates to the ongoing monitoring and checking of fraud risk related controls, practices and processes. Unfortunately in the business environment it is not sufficient to perform control monitoring and testing on ad-hoc bases on a rotational basis every few years.
Fraud risk monitoring should ideally be an ongoing daily activity performed by a dedicated team in larger organisations, while one or two persons may be needed to perform these tasks within a smaller entity.
The purpose of the monitoring program is in my view two pronged, (i) to prevent, or at least identify fraud and or other fraud risk related activities as they transpire and (ii) to verify that existing controls are effective or sufficient in identifying and/or deterrence of fraud activities.
It is not often that a control would be able to identify an event before it commences although it does happen. Prevention is the ultimate objective of controls, but the business environment is not perfect, and fraudsters continuously learn, adapt and engage in new and enhanced fraudulent / unethical activities, designed to circumvent or nullify these controls.
The monitoring program should however be designed to at least detect inappropriate transacting, and/or practices in its infancy (early) stages, preferable before it results in financial and/or reputational prejudice. In the event that these controls are not able to identify the transactions prior to the financial loss and or reputational harm, it should be effective in minimizing the exposure.
We do perform static data analytics, and make use of our dedicated data partners to assist you in the development and implementation of live continuous monitoring programs.