By Sachin Maharaj CFE
The purpose of a fraud risk assessment is to help an organization identify what makes it most vulnerable to fraud risks. Through a fraud risk assessment, the organization determines where fraud is most likely to occur, enabling proactive measures to be implemented, to reduce the chances of it happening.
A fraud risk assessment is often compared to a review and analysis of internal controls, policies and procedures. While organizations do have controls in place, they often vary in terms of their design and implementation and to some extent are ineffective if not implemented adequately. The growth, different geographical locations and culture of an organization are factors that must be considered, as it also impacts fraud risk.
When conducting a fraud risk assessment, the objectives must, ideally, be agreed upon with the relevant executives of the organization at the onset. Without being exhaustive, these objectives will generally set out to identify the following:
- Control weaknesses
- Red Flags
- Vulnerable transactions and activities
- Incentives, Pressures and Opportunities that enable fraud to be committed
- Employee Behavior and Perception
- Organization Values and Ethics and
- Reporting and Investigation Procedures.
To be most effective, the fraud risk assessment should be structured and tailored in such a manner that it maintains its collaborative and transparent nature. Effective communication throughout the organization plays a key role as well.
The Fraud Risk Assessment Process
The first step to conduct a fraud risk assessment is to better understand and examine an organization’s controls and processes.
Thereafter, it is common practice for a set of questions, usually in the form of a survey to be sent to employees on an anonymous basis. The responses usually provide a sound foundation to better understand employee perceptions, fraud risk and the corporate tone in general.
The survey questions could also be customized departmentally and be supplemented by interviews of Executives and focus groups to better understand perceived fraud risks.
One of the most critical parts of the assessment is the consolidating of the results that will indicate the likelihood and significance of the fraud risk occurring. The communication of the results to the client in an objective manner is crucial and is often accompanied by an action plan to mitigate the risks and weaknesses identified.
Despite a fraud risk assessment having the potential to produce effective results, many companies do not utilize this tool, more often than not, for the following reasons:
- The idea that they would not fall victim to fraud
- That sufficient safeguards, checks and balances are in place
- Giving consideration to immediate business needs while viewing the assessment as low priority and
- That the cost associated with conducting the assessment will outweigh the value of the exercise which is often viewed as “unexciting”.
The above-mentioned reservations are very quickly dispelled with once fraud occurs, including but not limited to financial, reputational and legal impact. Fraud is usually well hidden and only discovered once substantial damage is done.
The conducting of a fraud risk assessment should be seen as an important investment to safeguard the future of an organization, minimize future losses by identifying weaknesses and vulnerabilities, improve current controls whilst addressing concerns related to employee perceptions.
It is always easier to prevent fraud than to detect it. Let a professional Forensics company assist you.