ISO 37003

Fraud control management systems — Guidance for organizations managing the risk of fraud

Scope

This document will provide guidance for use for establishing, developing, implementing, evaluating, maintaining and improving an effective anti-fraud management system. The guidance will be generic and applicable to all organizations, regardless of type, size and nature of activity, and whether in the public, private or not-for-profit sectors.
The guidance will include:
• creation and maintenance of a fraud risk recognition, tracking and monitoring environment within an organisation including proactive control systems, protocols and procedures;
• mitigation of internal and external fraud against, and by, the organization;
• detection of fraud in the event that pre-emptive counter-fraud strategies, protocols and procedures fail to identify and trace incidents;
• effective response to fraud events so that
- lessons are learned that can be applied to the mitigation framework,
- reputational harm to the organisation can be minimised and restored,
- funds lost to fraud can be recovered.

This is a Type B management system standard.