Fraud Risk Assessment

Question 1

What are the responses to risk ? (4)

Answer 1

Transferring the risk
- may transfer some or all of the risk by purchasing fidelity insurance or a bond.

mitigating the risk
- implementing appropriate countermeasures such as prevention and detection controls.

assuming the risk

• if probability of occurrence and impact of loss are low.
• decides it is more cost effective to assume risk than to eliminate, transfer, mitigate.

avoiding the risk
- can avoid by eliminating an asset or discontinuing an activity if the control measures required to protect the organisation against an identified threat is too expensive

Question 2

What can management use the results of a fraud risk assessment for?

Answer 2

Begin a dialogue across the company that promotes awareness, education, and action planning to reduce fraud risk.

Look for fraud in high-risk areas.

Hold action owners accountable for progress against agreed-upon plans.

Keep the assessment process alive and relevant.

Modify or create the code of conduct or ethics policy.

Monitor
key internal controls.

Question 3

What are the benefits of conducting a fraud risk assessment?

Answer 3

Improve communication and awareness about fraud.

Identify where it is most vulnerable to fraud and what activities put the company at the greatest risk.

Know who puts the organization at the greatest risk.

Develop plans to mitigate risk.

Develop techniques to investigate and determine if fraud has occurred in areas of high risk.

Assess internal controls.

Comply with regulations and professional standards.

Question 4

What are the techniques used to gather information as part of a fraud risk assessment?

Answer 4

Interviews (an effective way to conduct one on one conversations with employees)

Focus Groups (observes interactions among group as they discuss a question or issue)

Surveys

anonymous feedback mechanisms

Question 5

What is a fraud risk assessment?

Answer 5

Process aimed at proactively identifying and addressing an organisations vulnerabilities to internal and external fraud

Question 6

What are preventative controls intended to prevent fraud?

Answer 6

Bringing awareness of the fraud risk management program to personnel throughout the organization

Performing background checks on employees (where permitted by law)

Hiring competent personnel and providing them with anti-fraud training

Conducting exit interviews

Implementing policies and procedures

Segregating duties

Implementing physical security measures

Implementing security measures to restrict electronic access to data

Ensuring proper alignment between an individual’s authority and level of responsibility

Reviewing third-party and related-party transactions

Question 7

What are the MAJOR and NON-MAJOR areas of fraud risk?

Answer 7

MAJOR

Fraudulent financial reporting

asset misappropriation

corruption

fraud from external sources

NON MAJOR

regulatory and legal misconduct

reputation risk

risk to information technology

Question 8

What can contribute to an effective fraud risk assessment?

Answer 8

thinking like a fraudster

assessment team must be perceived as independent and objective by others for the assessment to be effective

management and auditors should share ownership of the process and accountability for its success (most important)

Question 9

What are external fraud risks?

Answer 9

Fraud committed by :

customers (e.g., fraudulent customer payments)

vendors (e.g., overbilling by a vendor or collusion between bidding contractors to inflate contract price)

competitors (e.g., corporate espionage)

unrelated third parties (e.g., hacking)

Question 10

What are some regulatory and legal misconduct risks?

Answer 10

conflicts of interest

insider trading

theft of competitor trade secrets

anti-competitive practices

environmental violations

trade and customs regulations in areas of import and export

Question 11

What are some controls that should be considered during a fraud risk assessment?

Answer 11

controls that might have been eliminated due to restructuring efforts

Controls that might have eroded due to reengineering of business processes

opportunities for collusion

lack of internal controls in a vulnerable area

nonperformance of control procedures

inherent limitations of internal controls

Question 12

What are detective anti-fraud control examples?

Answer 12

Establishing and marketing the presence of a confidential reporting system, such as a whistleblower hotline

Implementing proactive controls for the fraud detection process, such as independent reconciliations, reviews, physical inspections and counts, analysis, and audits

Implementing proactive fraud detection procedures, such as data analysis and continuous auditing techniques

Performing surprise audits

Question 13

What are inherent risks?

Answer 13

risks that are present before the effect of internal controls

Question 14

What are residual risks?

Answer 14

Risks that remain after the effect of internal controls

Question 15

What is the objective of anti-fraud controls?

Answer 15

make residual risk smaller than inherent risk

Question 16

How can auditors validate that organisation is appropriately managing moderate-to-high fraud risks?

Answer 16

Identifying and mapping the existing preventive and detective controls that pertain to the moderate-to-high fraud risks identified in the fraud risk assessment

Designing and performing tests to evaluate whether the identified controls are operating effectively and efficiently

Identifying within the moderate-to-high fraud risk areas whether there is a moderate-to-high risk of management override of internal controls

Developing and delivering reports that incorporate the results of their validation and testing of the fraud risk controls

Question 17

What factors influence how at risk an organisation is to fraud?

Answer 17

Nature of business

environment (i.e. physical or internet, geographical region)

effectiveness of internal control

ethics of leadership team.