Ricardo Gameroff
Managing Partner at Kreston BA Argentina
Fraud risk governance at board level
February 11, 2026
Fraud risk can no longer be addressed through internal controls alone. In today’s complex, increasingly digital environment, boards must take a more structured, active role in fraud oversight. According to Ricardo Gameroff of Kreston BA Argentina, Chief Audit Executives (CAEs) are uniquely placed to help boards strengthen governance over fraud risk at a strategic level.
As Ricardo explains, “Fraud is any intentional act or omission designed to deceive, resulting in a loss to the victim and/or a gain to the perpetrator. Unlike internal control weaknesses or unintentional errors, fraud is deliberate—and often concealed. It may be committed internally by employees, externally by third parties, or through collusion between both.”
This distinction is critical for boards. While internal controls remain essential, they do not address the intentional and adaptive nature of fraud. “This means that while robust internal controls are necessary, they are not sufficient. Fraud requires its own governance lens, including cultural safeguards, proactive leadership, and strategic oversight at the board level.”
Moving beyond one-time fraud risk assessments
A common governance gap is the assumption that existing control frameworks are enough. Gameroff highlights that international guidance now clearly challenges this view: “The 2023 COSO–ACFE Fraud Risk Management Guide strongly recommends moving beyond a one-time fraud risk assessment to a full-fledged Fraud Risk Management Program (FRMP), embedded in the organisation’s structure and oversight processes.”
He advises that CAEs should actively recommend the adoption of a formal Fraud Risk Management Programme and support its ongoing oversight: “In their dual capacity—as senior management and head of internal audit—the CAE should recommend the adoption of a FRMP to the board – as strongly encouraged by COSO 2023 – and later contribute to its design, implementation, oversight, and ongoing evaluation.”
Independence and board access
Boards may also underestimate the importance of internal audit independence in fraud matters, particularly where senior management could be implicated.
“Critically, the CAE must have a direct functional reporting line to the board or audit committee, not just administrative access through the CEO or CFO. Boards should also guarantee the CAE has access, sufficient resources, and protection from retaliation when fraud risks point to uncomfortable truths at senior levels.”
Challenging board assumptions on fraud risk
Fraud governance often suffers from ambiguity, with responsibilities assumed rather than defined.
“Fraud thrives in ambiguity. CAEs must be proactive, not reactive, in raising fraud governance with the board. Don’t wait to be asked—lead the conversation.”
Gameroff encourages CAEs to challenge directors with focused governance questions around the existence of a formal fraud risk programme, the board’s role in fraud oversight, the effectiveness of reporting channels, the allocation of resources, and the board’s understanding of emerging fraud risks.
Enabling better governance conversations
To support these discussions, practical tools can be valuable: “To support this proactive governance approach, at Kreston BA we developed the 60-Minute Fraud Risk Assessment Checklist—a practical tool designed to help boards and audit leaders quickly gauge their exposure to fraud across multiple areas. It supports strategic conversations, exposes blind spots, and empowers boards to fulfill their oversight responsibility over fraud risk.”
By driving these conversations and strengthening governance structures, CAEs can help boards move from passive awareness to active, informed oversight of fraud risk.
If you would like more information on advisory services on offer at Kreston Global, please click here.
