ISO 37003, Fraud Control Management Systems

International Organization for Standardization (ISO)

The international standard ISO 37003 provides a comprehensive framework for preventing, detecting and responding to the risk of fraud, both internal and external. The standard offers guidelines for integrating fraud risk management into existing governance and risk management systems in order to strengthen organizational resilience.


ISO 37003, Fraud Control Management Systems

Watch video

Executive summary

ISO 37003 establishes a structured approach to fraud risk management through the creation, implementation and maintenance of a specific fraud risk management system. It provides guidance for the identification, assessment and mitigation of fraud, with a particular emphasis on promoting a culture of integrity and accountability throughout the organization. The standard also defines expectations for monitoring and continuous improvement, ensuring that the system remains effective over time.

This standard also applies a proportionate approach, allowing organizations to tailor their fraud control mechanisms to their size, complexity and level of exposure.

Main content

  • Comprehensive coverage of fraud risk. ISO 37003 adopts a comprehensive scope, addressing a wide range of fraud scenarios. These include internal and external fraud against the organization, fraud in collaboration with business partners or personnel, and fraud committed by individuals acting on behalf of the organization. This broad approach ensures that all relevant points of exposure are considered in the design of the fraud risk management system.
  • Structure based on the ISO ten-building block model. The standard follows the typical ISO High-Level Structure, organized into ten building blocks ranging from organizational context and leadership to performance evaluation and continuous improvement. This structure allows for integration with other ISO management systems and facilitates a systematic and consistent approach across the organization.
  • Relevant management blocks. ISO 37003 outlines four key pillars for effective fraud risk control: Fraud Control Fundamentals, Prevention, Detection and Response.

Access the technical note on ISO 37003, management systems for fraud control.