Fraud Risk Assessment
written by: Bryan Boynton
An organization with a strong internal control environment periodically evaluates their control environment through a risk assessment. During a risk assessment the organization’s significant risks are reviewed by management and new significant risks are identified. Key controls are evaluated on whether the controls reduce the significant risks to an acceptable level as judged by management. The outcome of a risk assessment is the implementation of new controls to address new significant risks, and changes to existing controls.
Most small organizations usually fail to address the risk of fraud during their risk assessment process, and for that reason, a separate annual fraud risk assessment should be considered by management of small organizations.
Many small organizations (less than a 100 employees) do not evaluate fraud risk when they assess risk. Fraud risk is a significant risk for most small organization. The Association of Certified Fraud Examiners (ACFE) in its Report to the Nation on Occupational Fraud and Abuse (2012 issue available at tinyurl.com/7qhgtup), continues to find that small organizations are more vulnerable to and undesirably impacted by fraud than other organizations What Are the Risks Journal of Accountancy by Valerie Trott Williams, CPA/CFF, and Robert J. Kollar, CPA, March 2013.
Small organizations trend to be more vulnerable to fraud because they find it challenging to design, implement and maintain controls that prevent and detect fraud. During a fraud risk assessment management identifies key process areas (i.e. cash receipt; purchasing and billing; payroll). Then management must think truthfully and critically about how the organization’s key process areas are vulnerable to fraud from both inside and outside the organization.
As a Certified Fraud Examiner (CFE) and a member of the ACFE, I have access to fraud assessment tools and modules that the ACFE has developed to assist fraud examiners and their clients or employees with development of a fraud risk assessment. I would be happy to further discuss the fraud risk assessment process with you, and to assist you with identifying tools and modules that would be helpful to you during a fraud risk assessment.
The article: What Are the Risks Journal of Accountancy by Valerie Trott Williams, CPA/CFF, and Robert J. Kollar, CPA, March 2013, includes a useful fraud risk self-assessment tool. A link to the tool is provided below:
Finally, I would encourage management to share the results of any fraud risk assessment with the organization’s governing body (ideally members of the governing body should be involved in the fraud risk assessment process), and also the organization’s internal and external auditors.
Please contact Stephenson and Warner’s Accounting and Auditing personnel for more guidance or for further access to fraud risk assessment resources.