There are now more reasons than ever to have a fraud risk assessment done.
The foundation for the prevention and detection of fraud is a structured risk assessment that addresses the actual risks faced by the organization as determined by its purpose, industry (products or services), complexity, scale, and exposure to network risks. The goal of the assessment is to determine the type, likelihood, and potential cost of risks in a traditional expected value framework. This allows the organization to tailor program efforts toward cost-effective mitigation, which may include greater or lesser toleration of a specific risk.
Fraud Risk Assessment Guidelines:
The assessment should be performed or updated periodically due to changes in:
- Internal processes and controls
- Organizational structure
- Segregation of duties among various personnel
The fraud risk assessment should address:
- Asset misappropriation
- Regulatory compliance areas
- Financial and non-financial reporting
- Illegal acts
The assessment should be performed by management and managers responsible for each significant department or it can be performed by Uphando. Jointly, all parties can then develop and implement preventive and detective fraud control activities to mitigate the risks identified based on their likelihood or significance to the organization and considering the controls already in place.
The assessment can be performed using a matrix format, narrative, or any other format that best suits the organization for ease of reading, understanding, and evaluation. The components of the assessment that should be included are listed below.
- Description of fraud risk or schemes: This would include fraudulent disbursements, undisclosed relationships/related parties, theft by cyber-fraud, revenue recognition, bribery, manipulation of liabilities and expenses, false employee qualifications or certification, compliance with government regulations, inappropriate journal entries, improper reporting and disclosures, theft of assets or services
- Identification of existing anti-fraud controls: Internal controls in effect, preventive or detective controls
- Likelihood of occurrence: This will be based on the frequency – rare to very frequent – or probability of occurrence – remote to almost certain
- Significance to the organization: Incidental to catastrophic
- Assessment of control effectiveness: Ineffective to very effective
- Fraud risk response: Additional controls or corrective action activities proposed to be implemented
- Responsible person: To implement controls and mitigation efforts
- Monitoring activities: To be periodically conducted and frequency of occurrence
Should you wish to have a Fraud Risk Assessment performed in your organization get in touch with Uphando Forensic & HR Services.