Important Considerations When Conducting an Effective Fraud Risk Assessment
November 13, 2015
Whether faced with a known fraud or proactively addressing your organization’s vulnerabilities, a fraud risk assessment can be an effective tool in any organizations fraud risk management program.
When conducting a fraud risk assessment, your primary objectives are to:
- Identify the inherent and residual areas of fraud risk;
- Determine the likely fraud schemes within those fraud risk areas;
- Assess the relative likelihood that the identified fraud schemes could be accomplished within the existing operational and control environments;
- Evaluate the likely impact to the organization(s) if the identified fraud scheme was perpetrated;
- Identify improvements to controls for high-risk areas; and
- Identify residual risk that may be impractical to address at this time.
- To conduct an efficient and effective assessment that produces insightful and measurable results, there are certain key considerations you must make. It is important to note that each fraud risk assessment is unique; the considerations highlighted below are high-level recommendations and are not intended to serve as a comprehensive list or work plan.
Ensuring Accessibility and Management Buy-In
In initial meetings with clients or prospects, we are often asked to provide a timeline for completing the assessment. My response typically includes a qualifying statement to the effect of: “Completion is contingent upon the accessibility and availability of key personnel and our receipt of the financial documents and information necessary to complete our fraud risk assessment.” I mention this because obtaining the appropriate access to an organization’s documents, systems and personnel is vital to completing an effective fraud risk assessment. Without the necessary access, failing to identify and properly evaluate instances of fraud, waste and abuse becomes much more likely.
In order to obtain that access, management must buy in to the process and be willing to cooperate and collaborate. Perhaps management is skeptical of the process or perceives the assessment as a burden on its staff. Part of your job is to educate management on the benefits of the assessment and the potential impact a lack of collaboration can have on its results. Ideally, management sponsors the assessment and will champion the process by providing valuable insight into the organization’s overall operations and access. Even if management is not the initial catalyst for conducting an assessment, it is still imperative to have their buy-in and form a collaborative working relationship.
It is also worth noting that while access is extremely important to an effective fraud risk assessment, one should always pay special attention to the strain an assessment can put on a client’s staff. The engagement team must be aware and considerate of the fact that the client’s personnel have daily job responsibilities in addition to assisting with the assessment. We make every effort to consolidate questions and document requests to minimize disruption. With proper planning and by setting clear expectation with your client up front, the burden on staff and management can be limited to only what is necessary to complete the assessment.
Customizing Your Assessment to the Organization/Allegations
Not all fraud risk assessments are created equal. The stated objectives, scope and work plan for a fraud risk assessment should be customized to the specific facts and circumstances. Customizing a fraud risk assessment first occurs during the planning phase, where considerations can be made based on the organization’s industry and what is already known about operations, controls and management. After the planning phase, the next step typically involves obtaining an overall understanding of the client’s operations, including the various departments and key employees involved in the areas subject to the assessment. Our fraud risk assessment is further tailored during this phase as we gain a deeper understanding of the client through interviews, observation and a review of written policies and procedures.
In our experience, an organization’s industry, business operations, internal control environment, management and culture can all have an impact on the type of fraud risks and the likelihood and impact if those risks were realized. For this reason, it is important to tailor your fraud risk assessment to the specific organization and avoid applying standardized work programs and checklists.
Effectively Communicating Results and Findings
A fraud risk assessment cannot truly be effective without proper communication of results and findings. To ensure reports are comprehensive and complete, consider updating work plan documentation and reports in real-time. We like to be prepared at all times to provide oral presentations and/or written reports that detail our progress, recent tasks, findings and recommendations. It is also helpful to schedule regular meetings with key stakeholders to discuss progress, findings, upcoming tasks and project milestones.
At the completion of an assessment, we provide our clients with a summary of the procedures we have performed, the fraud risks we have identified, and a fraud risk assessment matrix. The matrix will include the fraud schemes we have identified (organized by either the functional areas or fraud categories) and our assessment of the likelihood and impact of these identified fraud risk areas. The analysis of likelihood and impact is utilized to make internal control recommendations, substantiate allegations, and develop the scope of any additional forensic investigations (if necessary).
As experienced forensic accountants and fraud examiners, we understand that the objective of a fraud risk assessment is to efficiently and effectively identify areas susceptible to fraud, prioritize risks, and investigate and remediate those risks. To achieve these goals, we collaborate with our clients to create customized work plans to address fraud risks specific to our client.
FRAUD WEEK ARTICLES
- Preventative and Detective Fraud Controls in Accounting Software
- Fraud in the Workplace
- Do You Know Your Employee
- Important Considerations when Conducting an Effective Fraud Risk Assessment
- Expense Reimbursement Fraud
- Recognizing Vendor Fraud
- Occupational Fraud Prevention in Construction
- Excess Benefit Transactions and Their Impact on Not-for-Profit
- Health Care Fraud
- Ponzi Schemes
- Occupational Fraud and Abuse Statistics