Question

The purpose of this section is to develop a proactive approach to protecting a global corporation from instances of fraud by creating a process to limit opportunities for fraudulent acts.

As you develop your discussion board post for this week, please consider the following:

What key elements would you include as part of a fraud risk assessment?

Why are these elements critical to success?

Which members of the organization should be involved in the development of the assessment?

How would you handle ownership of the assessment?

How would your approach vary according to country, culture, or region?

Answer 1

What key elements would you include as part of a fraud risk assessment

A fraud risk assessment generally includes three key elements:-

• Identify inherent fraud risk — Gather information to obtain the population of fraud risks that could apply to the organization. Included in this process is the explicit consideration of all types of fraud schemes and scenarios; incentives, pressures, and opportunities to commit fraud; and IT fraud risks specific to the organization.
• Assess likelihood and significance of inherent fraud risk — Assess the relative likelihood and potential significance of identified fraud risks based on historical information, known fraud schemes, and interviews with staff, including business process owners.
• Respond to reasonably likely and significant inherent and residual fraud risks — Decide what the response should be to address the identified risks and perform a cost-benefit analysis of fraud risks over which the organization wants to implement controls or specific fraud detection procedures.

Why are these elements critical to success

All organizations are vulnerable to occupational fraud, and that fraud costs an enormous amount of money ($652 billion a year in the US according to ACFE research as summarized in this occupational fraud infographic. As a result, a comprehensive fraud risk management policy is an essential component of an overarching enterprise risk management plan.

Your fraud risk management policy stems from the risk analysis that must underlie the policy. That is, identifying the concrete organization-specific fraud risks that must be mitigated.

Which members of the organization should be involved in the development of the assessment

Risk Assessment Team

All organizations are vulnerable to occupational fraud, and that fraud costs an enormous amount of money ($652 billion a year in the US according to ACFE research as summarized in this occupational fraud infographic). As a result, a comprehensive fraud risk management policy is an essential component of an overarching enterprise risk management plan.

Your fraud risk management policy stems from the risk analysis that must underlie the policy. That is, identifying the concrete organization-specific fraud risks that must be mitigated.

Which members of the organization should be involved in the development of the assessment

Risk Assessment Team

A good risk assessment requires input from various sources. Ideally, management should identify a risk assessment team, even if the team would only be 2 individuals, to conduct the risk assessment. Individuals from throughout the organization with different knowledge, skills, and perspectives should be involved in the risk assessment. Such members of the risk assessment teams should include personnel such as:

• Accounting/finance personnel, who are familiar with the financial reporting process and internal controls
• Nonfinancial business unit and operations personnel, to leverage their knowledge of day-to-day oprations.
• Legal and compliance personnel, if agency has.
• Internal audit personnel, for agencies with internal auditors.

How would you handle ownership of the assessment

Management should participate in the assessment, as they are ultimately accountable for the effectiveness of the agency’s fraud risk management efforts.

Motives for committing fraud are numerous and diverse. The fraud risk identification process should include an assessment of the incentives, pressures, and opportunities to commit fraud. Opportunities to commit fraud exist throughout organizations. These opportunities are greatest in areas with weak internal controls and a lack of segregation of duties. However, some frauds, especially those committed by management, may be difficult to detect because management can often override the controls. If possible, such opportunities are why appropriate monitoring of senior management by a strong board and audit committee, supported by internal auditing, is critical to fraud risk management.