Controls by Design: Building and Implementing Strong Anti-Fraud Defenses

Registration & Fees

Registration Fee:
ACFE Members: $689
Non-Members: $839
Early Registration Deadline: September 25, 2026
Register by the Early Registration Deadline to SAVE $125!

Course Outline

Day 1

• 8:00 – 9:20 a.m. Why Controls Fail Against Fraud: Rethinking Risk and Control Assumptions

  • Overview of why controls fail to fight fraud including real case examples where controls were in place nut ineffective against fraud
  • The invisible risk - accountability gaps, control illusions, silos, matrixed orgs
  • The illusion of safety – overreliance on flawed controls, over-layering and clutter
  • Not all controls are created equal - internal controls vs. anti-fraud controls, presence vs. effectiveness
  • Balancing fraud prevention vs. detection
  • Interactive discussions: “Think of one control in your organization that ‘exists’ but is not truly effective against fraud. Why is it weak?” and/or “You can invest $1 million in either strengthening prevention or enhancing detection. Where would you put it — and why?”

• 9:35 – 10:55 a.m. The Fraudster's Perspective

  • How fraudsters study, exploit and bypass controls
  • What fraudsters know about your controls – thresholds, focus points, control fatigue
  • Collusion & internal alliances – how they neutralize controls and oversight
  • Hidden weaknesses in strong controls – exploitation tactics
  • How to evaluate controls from a fraudster’s perspective
  • Case examples that demonstrate fraudsters that studied, exploited and bypassed controls
  • Interactive discussions: 2-3 brief control descriptions (e.g. “Expense reports over $5,000 require CFO approval”) “If you were a fraudster, how would you bypass this control?”, and/or “The Collusion Challenge” (“Imagine two employees — one in procurement, one in finance — want to commit fraud together. Which typical controls could they neutralize, and how?”)

• 11:10 a.m. – 12:30 p.m. Designing Strong Anti-Fraud Controls

  • What make a strong anti-fraud control? - attributes of strong anti-fraud controls
  • Objectives of anti-fraud controls – prevention, detection, deterrence, response
  • The importance of precision and impact in the design of anti-fraud controls – understanding controls coverage, accuracy, blind spots, value
  • Designing anti-fraud controls that consider concealment & deception – how to design controls fraudsters cannot easily anticipate, bypass, or detect
  • Geographical and cultural considerations for anti-fraud control design
  • Identifying and evaluating existing anti-fraud controls for design flaws and hidden weaknesses
  • Interactive exercise: 2-3 brief control descriptions (e.g., “All invoices over $10k require manager approval” vs. “Automated 3-way match with exception alerts”) -“Which is stronger as an anti-fraud control?”

• 12:30 – 1:30 p.m. Lunch Break

  Lunch Break

• 1:30 – 2:50 p.m. The Impact of Culture, Behavior and Ownership

  • Why people rationalize, bypass, or ignore controls
  • Culture’s impact – when does fraud feel “safe” in the workplace?
  • The importance of psychological safety as a strong anti-fraud defense
  • Creating anti-fraud control ownership and accountability – embedding anti-fraud defenses into individual and team objectives, KPIs, performance metrics, incentives, and other organizational success metrics
  • Interactive discussions/exercises: “Complete the sentence: Fraud would feel ‘safe’ in an organization when ___.”, “Imagine you’re a frontline manager. What’s one way you could make your team feel directly responsible for anti-fraud controls without making it feel like extra bureaucracy?”

• 3:05 – 4:25 p.m. Anti-Fraud Defenses in New, Emerging and Changing Environments

  • Understanding and adapting anti-fraud controls to remote and hybrid work environments
  • Hidden fraud risks in technology - shadow systems, tech stack complexity, segregation of duties myth [access vs role], cyberfraud (credential theft, phishing, BEC, ransomware)
  • Hidden fraud risks in third party relationships
  • Evaluating unfamiliar businesses or processes for anti-fraud control strength
  • Designing “Future-ready” anti-fraud controls – agility, vigilance, continuous redesign
  • Embedding anti-fraud defenses in transformation – system upgrade/changes, reorganizations/restructuring, M&A
  • AI as a threat and a defense tool
  • Interactive discussions: “What is one way that remote or hybrid work has impacted your organization’s anti-fraud defenses?” and/or “What is one control that worked 3-5 years ago but is now outdated or less effective?” and/or “An employee working remotely approves vendor invoices without ever meeting the vendor in person, and all documents are exchanged electronically. What is one fraud risk this creates? How might a fraudster exploit it?”

Day 2

• 8:00 – 9:20 a.m. Challenging and Stress Testing Anti-Fraud Controls

  • Testing for anti-fraud fitness - design vs. operating effectiveness, anti-fraud vs. financial/operational/compliance control
  • Designing and executing “challenge” tests – simulating fraud, what to test, who to involve, avoiding pitfalls
  • Designing and executing a Red Teaming event – structured adversarial testing of anti- fraud defenses, pros and cons, how to sell it
  • Forensic style stress testing – pressure testing anti-fraud controls under real world conditions
  • Interactive discussions: “Your organization wants to run a challenge test of it’s procure- to-pay anti-fraud controls. What would you test and how would you do it?” and/or ”Imagine a company is restructuring and laying off staff. During this time, anti-fraud controls are stretched thin. What controls would be good candidates to pressure test under these conditions?”

• 9:35 – 10:55 a.m. Detecting Weak Signals and Aging Anti-Fraud Controls

  • Static controls age out – spotting obsolescence & fatigue
  • Early warning signs – indicators of circumvention, override, stress
  • Override risk – why it happens in even well-controlled environments
  • Shadow systems & workarounds – Excel trackers, side approvals, unofficial tools
  • Global differences – where controls age out faster due to regulatory or cultural contexts
  • Continuous monitoring, spotting anti-fraud control fatigue and aging defenses
  • Case discussion: “A mid-sized global company continues to use a 10-year old purchase approval workflow. Thresholds for approvals haven’t been updated despite inflation, pricing increasing and increasing transaction volumes.” “Q: How could a fraudster exploit this?” [A: splitting purchases below approval limits, across multiple departments,] , “Q: What weak signals might you see?” [A: multiple purchases just under approval limits, unusual frequency or timing of approvals, repeated use of certain vendors in low-value transactions]. Q: “What anti-fraud controls could they have put in place to spot the weak signals? [A: Analytics to monitor for split purchases, unusual frequency or timing of transactions]

• 11:10 a.m. – 12:30 p.m. Building a Resilient Anti-Fraud Ecosystem

  • Building an anti-fraud eco-system in your organization – eco system mapping, integrating anti-fraud controls into the work of internal audit, compliance, investigations, and other fraud risk management work
  • Layering strategies: prevention, detection, deterrence, response – rightsizing, managing your fraud risk portfolio, investments
  • Data-driven vs process-driven controls – using each where it’s strongest
  • Integrating human and technological defenses – balancing automation, analytics, and AI with human judgement, intuition and accountability
  • Ready your anti-fraud defenses for new and emerging fraud risks - including cultural, global and regulatory implications
  • Building anti-fraud defense feedback loops for continuous improvement
  • Discussion/Exercise: “Your organization is rapidly onboarding new vendors globally. Fraud risks include shell companies, duplicate payments and kickbacks. The organization has limited staff and budget for new controls. Given that, would you prioritize investment in prevention, detection, deterrence or response and why?” [A: Prevention and detection are higher value here, deterrence and response support but cannot replace prevention and detection screening] Discuss that layering strategies would be most effective “Prevention: strong screening, Detection: automate duplicate payments, Deterrence: clear communication and ongoing awareness of anti-fraud policies and consequences, and Response: quick investigation protocols and escalation paths]

• 12:30 – 1:30 p.m. Lunch Break

  Lunch Break

• 1:30 – 2:50 p.m. Engaging Leaders and Sustaining Defenses

  • Shifting leadership conversations – “Are controls fraud-fit & future-ready?”, framing the anti-fraud ecosystem as a strategic advantage– keeping them engaged and focused on early fraud risk signals
  • Measuring ROI of fraud defenses – aligning fraud defense with business objectives
  • Performance metrics & incentives that support defenses – building KPIs and metrics that move beyond “controls in place” to “anti-fraud controls that work.”
  • Creating accountability for fraud defenses
  • Getting buy-in & sustaining engagement at all levels, in all locations/geographies (including cultural considerations)
  • Discussion: “What is an anti-fraud KPI or metric you track today that isn’t truly measuring effectiveness?” follow-up “ How would you redesign it to drive impact?” and/or “Leadership gives your funding for only one: (a) adding 10 new anti-fraud controls, (b) redesigning 3 high-impact controls, or (c) funding continuous monitoring technology. Which do you choose and why?” and/or “Based on your own experience, what is one fraud risk that you typically see get the most coverage, which fraud risk do you see as the most under defended?” and/or “Imagine in your organization there is one high risk area where there are 35 purported anti-fraud controls, you believe that is too many and creating too much risk, what would you say to your leaders?”

• 3:05 – 4:25 p.m. Driving Actions That Make an Impact

  • Anti-fraud control vigilance – training, awareness, staffing gaps, continuously evolving the design and precision
  • Designing early warning systems and escalation triggers for weak signals
  • Framework for action planning – quick wins, medium-term, long-term roadmap
  • Moving your organization forward – getting stakeholders on the same page, overcoming obstacles and barriers to success, gaining traction
  • Group share discussion: “What is one thing that your organization does in the anti- fraud defense space that you feel makes big impact and/or differentiates it from others?”
  • Exercise and discussion: “60-Day action challenge” - “What are two “quick wins” that you think your organization can really benefit from?” [commit to driving one] - “What is one improvement that needs to be made in your organization to meaningfully strengthen your anti-fraud defenses?” [commit to the next step you will take to get the ball rolling on it], “What new idea from this course are you most excited to bring back to your organization?” [commit to the next step on this.]

Presenter

Policies