Fraud Risk Assessment
Properly preparing the company for the fraud risk assessment is critical to the assessment’s success. The culture of the organization should influence the approach used in the fraud risk assessment preparation. The goals of the preparation should be to:
- Assemble the right team to lead and conduct the fraud risk assessment.
- Determine the best techniques to use in conducting the fraud risk assessment.
- We obtain the sponsor’s approval of the work to be performed.
- Educate the employees and openly promote the process.
Fraud risk assessment template the Right Team to Lead and Conduct the Fraud Risk Assessment
The organization should build a fraud risk assessment team consisting of individuals with diverse knowledge, skills, and perspectives to lead and conduct the assessment. The size of the team will depend on the size of the organization and the methods used to conduct the assessment. The team should have individuals who are credible and who have experience in gathering and eliciting information.
The team members can include internal and external resources such as:
- Accounting and finance personnel who are familiar with the financial reporting processes and internal controls
- Nonfinancial business unit and operations personnel who have knowledge of day-to-day operations, customer and vendor interactions, and issues within the industry
- Risk management personnel who can ensure that the fraud risk assessment process integrates with the organization’s enterprise risk management program
- The general counsel or other members of the legal department
- Members of any ethics or compliance functions within the organization
- Internal auditors
- External consultants with fraud and risk expertise
- Any business leader with direct accountability for the effectiveness of the organization’s fraud risk management efforts
Determine the Best Techniques to Use in Conducting the Fraud Risk Assessment
There are many ways to conduct a fraud risk assessment. Picking a method or combination of methods that are culturally right for the organization will help to ensure its success. The assessment team should also consider the best ways to gather candid information from people throughout all levels of the organization, starting by understanding what techniques are commonly and effectively used throughout the organization. The following are some examples of methods that can be used to conduct the fraud risk assessment.
Interviews can be an effective way to conduct a candid one-on-one conversation. But their usefulness depends on how willing people in the organization are to be open and honest in a direct dialogue with the interviewer.
The assessor must consider whether interviews are commonly and effectively used in the organization to gather and elicit information. He should also speak with individuals who have previously conducted interviews with employees to glean lessons learned. For each potential interviewee, the assessor should gauge the willingness of the interviewee to be open and honest—some people might be good interview candidates, whereas others might need to be engaged through a different approach.
Focus groups enable the assessor to observe the interactions of employees as they discuss a question or issue. Some topics may be appropriate for us to discuss in an open forum where people feel comfortable with their colleagues. Additionally, when discussing tough or thorny issues in a group, an anonymous, real-time voting tool can be an effective way of opening up a dialogue among the participants.
The success of a focus group will be highly dependent on the skill of the facilitator. If focus groups are used as part of the fraud risk assessment, they should be led by an experienced facilitator whom the group will relate to and trust. Getting a group to open up and talk honestly can be very difficult. An experienced facilitator will be able to read the group and use techniques, such as group icebreakers, to make the session a success.
Surveys can be anonymous or directly attributable to individuals. Sometimes people will share more openly when they feel protected behind a computer or paper questionnaire. In an organization where the culture is not one in which people open up and freely talk, an anonymous survey can be an effective way to get feedback. However, employees can be skeptical about the true anonymity of a survey, especially in organizations that use surveys to solicit feedback anonymously but send follow-up emails to individual delinquent respondents.
If the assessor determines that an anonymous survey is an appropriate technique to use in the fraud risk assessment, he should clearly and explicitly explain to employees how anonymity will be maintained.
Fraud Risk Assessment – Anonymous Feedback Mechanisms
In some organizations, we use anonymous suggestion boxes or similar mechanisms that encourage and solicit repeated employee reactions. In these companies, information pertaining to the fraud risk assessment can be requested in the same way. Additionally, the use of an anonymous feedback mechanism can be effective in an environment where people are less likely to be open and honest through other methods and techniques.
One approach to effectively using the anonymous feedback technique involves establishing a question of the day that is prominently displayed above a collection box. A sample question is: “If you thought fraud was occurring in the company, would you come forward? Why or why not?”
Another approach involves using a table lineup of five to ten opaque boxes, each with a statement posted above it. We provide employees with poker chips in two different colors, and they tell that one color indicates “I agree” while the other indicates “I don’t agree”. Then we encourage employees to respond to each phrase by placing a corresponding slide in each box to indicate their response.
We get a sponsor agreement on what needs to be done
Before the fraud risk assessment procedures begin, the sponsor and the assessment team need to agree on:
- We will implement the scope of work
- Methods that we will use (such as surveys, interviews, focus groups, or anonymous feedback mechanisms)
- The individuals who will participate in the chosen methods
- The content of the chosen methods
- The form of output for the assessment
Educate the Organization and Openly Promote the Process
The fraud risk assessment process should be visible and communicated throughout the business. Employees will be more inclined to participate in the process if they understand its purpose and the expected outcomes.
We should strongly encourage our sponsors to publicly promote the process. The more personalized the communication from the sponsor, the more effective it will be in encouraging employees to participate.
Whether through a video, town-hall meeting, or companywide email, the communication should be aimed at eliminating any reluctance employees have about participating in the fraud risk assessment process.