Fraud risk assessment is a process intended at proactively identifying and addressing an organization’s vulnerabilities to internal and external fraud. The fraud risk assessment is more of an art than a science. Every organization is different therefore what gets evaluated and what is assessed depends on the organization. Fraud risk assessments are an ongoing, continuous process rather than just an activity. A fraud risk assessment first starts with the identification and prioritization of fraud risks that exist in the business.
The process evolves as the results of identified risks and then begins to drive education, communication, organizational alignment, and action around effectively managing fraud risk and identifying new risk (Wells, 2010). Fraud risk assessments generally involve three key elements: 1. Identifying fraud risks inherent to the organization 2. Assessing the likelihood and significance of the fraud risk identified 3. Deciding on the appropriate responses to the identified risks (McNeal, 2009) The objective of a fraud risk assessment is to help an organization recognize what makes it most vulnerable to fraud.
Through a fraud risk assessment, organizations are able to identify where fraud is most likely to occur, enabling proactive measures to be considered and implemented to reduce the chance that it could happen (Wells, 2010). There are seven reasons why an organization should conduct fraud risk assessments. Every organization should conduct a fraud risk assessment and build procedures to keep the process current and relevant. First, a fraud risk assessment is a great way for organizations to open up communication and raise awareness about fraud.
Engaging employees in an open discussion about fraud can reduce the vulnerability of fraud within an organization. This tool is a reminder to employees that the organization does care about fraud and are open for employees to come forward if they suspect fraud is occurring in the organization. It also helps to reduce fraudulent activities. Second, in order to prevent fraud, management should know where the most vulnerability to fraud lies within the company. The fraud risk assessment will help guide organizations to focus on the activities that put the company at greater risk of fraud.
Third, a fraud risk assessment will help an organization know who puts the organization at the greatest risk. The key to reducing vulnerability is for an organization to be consciously aware and realistic about the organizations’ weaknesses. Fourth, these assessments will help management develop a plan to mitigate fraud risk. The results from the fraud risk assessment can be used to gain alignment among various stakeholders and to drive preventive action. Fifth, the fraud risk assessment helps to develop techniques to determine whether fraud has occurred in high risks areas.
The fraud risk assessment is useful in identifying areas that should be proactively investigated for evidence of fraud due to the areas being deemed high risk. Sixth, fraud risk assessment help to distinguish which internal control need to be adhered by. Performing a fraud risk assessment provides management with the opportunity to review the company’s internal control system’s effectiveness and taking into account the following considerations: * Controls that may have been eliminated due to restricting efforts * Controls that may have been eroded over time due to reengineering of business processes * New opportunities for collusions Lack of internal controls in a vulnerable area * Nonperformance of control procedures * Inherent limitations of internal controls, including opportunities for those responsible for a control to commit and conceal fraud Seventh, Fraud risk assessments can assist management and auditors in satisfying regulatory requirements and complying with professional standards pertaining to their responsibility for fraud risk management. These seven steps help organizations learn why the use of fraud risk assessments is essential for any organization (Wells, 2010).
A good fraud risk assessment is one that fits within the culture of the organization. Fraud risk assessments should be sponsored and supported by the right people, encourages everyone to openly participate, and is generally embraced throughout the business as an important and valuable process. There are eight key elements to conducting a good fraud risk assessment. First, in the collaborative effort of management and auditors, a fraud risk assessment is most effective when management and auditors share ownership of the process and accountability for its success.
Second, the right sponsor is someone who is willing to hear the good, bad, and ugly. The sponsor plays a key role in ensuring the success and effectiveness of a fraud risk assessment. Third, a good fraud risk assessment can be effectively conducted by people inside the organization or by using an external resource. It is critical that the people leading and conducting the fraud risk assessment remain independent and objective throughout the assessment process. Fourth, individuals conducting and leading the fraud risk assessment need to have a good working knowledge of business.
To ensure a good working knowledge of the business, the fraud risk assessor should know the purpose of the business and how it operates. Fifth, the perceptions of people at all levels are important in the fraud risk assessment. Sixth, management and employees must trust the people leading and conducting the fraud risk assessment so that they will be open and honest about the realities of business, its culture, and its vulnerability to fraud. Seventh, the fraud risk assessment has to allow for the people leading and conducting the assessment to be expansive in their consideration and evaluation of fraud risk.
Eighth, fraud risk assessments should be a reoccurring process. It should be relevant through ongoing dialogue, active management of action plans, and development of procedures to ensure that the assessment is maintained on a current basis. Embracing these elements in an organization’s fraud risk assessment will help prevent the vulnerability of high fraud risks (Wells, 2010). In conclusion, a fraud risk assessment is an invaluable resource to help identify and address the organization’s vulnerability to fraud.
A good fraud risk assessment is one that fits within the culture of the organization. The fraud risk assessment will be successful if it is sponsored and supported by the right people, encourages everyone to openly participate, and is generally embraced throughout the business as an important and valuable process to the organization. Fraud risk assessments are only effective if the organization embraces it and uses the results to monitor, change, or influence the factors that put the company at risk for fraud (Wells, 2010).
McNeal, Andi. (2009). What’s Your Fraud IQ?. Journal of Accountancy. Retrieved from http://www.journalofaccountancy.com/Issues/2009/May/20091418.htm
Wells, Joseph T. (2010). Principles of Fraud Examination. 3rd edition. John Wiley and Sons, Incorporated