The apparatus of fraud risk

‘Fraud risk’ is ontologically different from fraud. Fraud itself is a disruptive event; fraud risk can and must be governed. This essay draws on Foucault’s concept of an apparatus (dispositif) to explain the emergence of this difference. The analysis begins with a concrete case and explicates the history of fraud risk which flows through a specific organizational setting. First, it is claimed that fraud risk must be understood in relation to the broader historicity of risk in which risk expands its reach as an organizing practice category. Second, it is argued that the diverse elements of the fraud risk apparatus – words, laws, best practice guides, risk maps, websites, compliance officers, text books, regulatory judgments and many more – have a trajectory of formation. This trajectory begins with auditing and expands into risk management, regulation and security more generally. Fraud risk management emerges as a highly articulated, transnational web of ideas and procedures which frame the future within present organizational actions, and which intensify the responsibility of senior managers. Overall, the paper challenges the common sense idea that the present shape of fraud risk management is a functional necessity demanded by fraud events. The purpose is to display the historically contingent regime of truth for speaking about fraud, risk and responsibility in organizations. The paper suggests that this ‘regime of truth’ consists in a form of managerial and regulatory knowledge with a ‘grammar’ governing rules for talking about and acting on risky subjects and organizations. The rise of ‘fraud risk’ management and its prominent position within the field of corporate governance in the 21st century is emblematic of an ongoing neoliberal project of individualization and responsibilization.