Why Access Control Measures Are Not Enough: The Importance of Policies and Frameworks for Managing Fraud Risks in Organisations.

"POLICIES, PRINCIPLES AND FRAMEWORKS FOR MANAGING FRAUD RISK ARE SUPERFLUOUS. ALL AN ORGANISATION NEEDS TO DO IT TO ENSURE THEIR IT SYSTEMS ARE WELL PROTECTED THROUGH ACCESS CONTROL MEASURES. EVERYTHING IS JUST A WASTE OF TIME AND RESOURCES". 

I strongly disagree with the statement that policies, principles, and frameworks for managing fraud risk are superfluous and that all an organisation needs is well-protected IT systems through access control measures. While having strong access control measures is crucial in preventing fraudulent activities, it is not sufficient on its own. 

According to the Association of Certified Fraud Examiners, only 15% of fraud cases are detected through IT controls, while 43% are discovered through tips and 14% through internal audits(ACFE, 2020) . This highlights the importance of having policies, principles, and frameworks in place to manage fraud risk, as they create a culture of awareness and vigilance amongst employees, stakeholders, and partners. 

Furthermore, access control measures only address a limited aspect of fraud risk management, which is preventing unauthorised access to sensitive information. However, fraud can also occur through collusion, misrepresentation, and abuse of authority, among many other methods. A comprehensive fraud risk management framework includes a range of controls, such as segregation of duties, regular monitoring and auditing, and ethical leadership, to address the various ways in which fraud can occur. 

In conclusion, while having strong access control measures is an essential part of preventing fraud, it is not sufficient on its own. Organisations must have comprehensive fraud risk management policies, principles, and frameworks in place to ensure that they are protected.