By: Steve Ritzer, CPA, CFE, Manager
A fraud risk assessment is vital because it allows a company to analyze each of its business processes for the associated risks. A company’s fraud risk assessment should focus on the impact of fraud on the company’s reputation, the exposure of the company to criminal or civil liability, and the result of a financial statement loss. After the risks have been identified, the company can improve on the internal controls to mitigate the risk. Properly designed internal controls mitigate fraud risk and demonstrate to individuals outside of the company that management is proactive in managing the company’s fraud risk.
Companies can develop a fraud risk assessment in several ways. The fraud risk assessment should include clear methods of identifying and measuring fraud vulnerabilities. Fraud vulnerabilities identify where fraud may occur and who could be potential perpetrators. Companies should also involve individuals from throughout the organization with different knowledge, skills, and perspectives. These individuals should include the audit committee, accounting/finance, operations, legal, compliance, and internal/external audit personnel.
Some key elements to include in a fraud risk assessment are:
- Identify the relevant fraud risk factors at the companywide, business-unit, and significant account levels, in addition to special circumstances (i.e. business merger, acquisition, or restructuring)
- Assess the likelihood (remote, more than remote or reasonably possible, or probable) and significance of the fraud risk factors
- Prioritize the fraud risk factors based on risk
- Identify potential schemes and scenarios
- Link existing controls to the fraud risk factors and identify gaps
- Test operating effectiveness of existing controls to fraud prevention
The fraud assessment must be supported by management and the board of directors. Management and the board of directors are ultimately the ones responsible for establishing, implementing, and monitoring the policies in place to mitigate the risk of fraud.