Fraud Risk Assessment

Our experience shows...
Acts committed upon the organization or by the organization or for the organization. The acts are committed by an internal or external source and the acts are intentional and concealed. The acts are illegal, misstatement, policy violation, ethical lapse or a perception issue.

CLIENT APPROACH:

There is no one way to implement a fraud risk assessment. The methodology selected is dependant on the reason for performing the fraud risk assessment. Is the risk assessment to satisfy regulatory requirements, audit requirements, internal control assessment or to locate fraud in a core business system? The drill down question is at what risk level does management or the auditor desire to identify and respond to the risk of fraud. We focus on fraud risk by:

1. Macro Risk: Enterprise Wide Fraud Risk Assessment
2. Micro Risk: Business Process Fraud Risk Assessment
3. Mega Risk: Fraud Penetration Assessment

Risk Assessment Methodology

The enterprise wide fraud risk assessment is designed to provide a comprehensive identification of all fraudulent activities facing an organization and linking the ownership and audit responsibility to the fraud risk. The purpose is to create a structure for establishing ownership, assessing the likelihood of fraud occurring, understanding the fraud impact and how the fraud risk will be managed. The enterprise wide assessment focuses on the internal control environment for assessing the likelihood of the fraud risk occurring. The fraud impact should be identified and understood. The organizational culture will determine if a quantitative or descriptive approach will be used to document the fraud impact. Management’s goal is to create a structure for managing the cost of fraud.

The business process fraud risk assessment is designed to identify specific fraud schemes at the business process level and link the specific internal control procedures to the fraud risk inherent to the process. The process wide assessment focuses on the internal control procedures, monitoring controls and the information and communication controls. Management’s goal is to arrive at the risk mitigation decision. The auditor’s goal while similar is intended to focus on the development of the audit program.

The fraud penetration assessment or the mega risk assessment is designed to identify the most likely location of a fraudulent transaction in a specific account, transaction type, and business location. The purpose is to develop a fraud audit program to locate and identify fraudulent activity before allegations of fraud are identified through a hotline, tip or through some unpredictable event. The goal is to locate fraudulent transactions in the core business system.