The Fraud Examiner

A Holistic Approach to Fraud Risk Assessments

Steve C. Morang CFE, CCEP, CIA

Senior Manager, Frank Rimerman & Co LLP

Today’s management teams and boards are being asked to report on the status of their risk management programs more than ever before. Whether it’s from investors, regulators or creditors,  they are being asked to explain the organization’s risk profile, risk appetite and risk mitigation procedures in general — and specifically with regard to fraud. With all this attention, it’s not surprising that management and board members are investing heavily in new methodologies, strategies, tools and systems to navigate this increasingly complex governance, risk and compliance (GRC) environment. A Fraud Risk Assessment (FRA) is an important piece of that puzzle. It should not be seen as a stand-alone or one-time exercise, but closely linked to the organizations overall risk management program. Fraud risk is one of a multitude of internal and external risks affecting the organization, and the way it’s evaluated will depend heavily on the risk management profile of the organization. A leading practice in the area of risk management is to apply a universal framework to the entire program.


Using up-to-date methodology

Conducting an FRA is similar to the overall risk assessment exercisecarried out in the risk management framework, but with the focus specifically on fraud risk. The Committee of Sponsoring Organizations (COSO) Internal Control Framework recommends that you conduct a formal FRA at least once a year. It’s not a task to take on alone, either — the most successful FRA’s are conducted in small brainstorming sessions together with the operational management of the area under discussion. This might entail conducting multiple interviews, as well as multiple dedicated and structured workshops. FRAs review the typical fraud schemes found in various areas of the organization and evaluate the effectiveness of internal controls to mitigate the known fraud schemes.


Sign In

Not a member? Click here to Join Now and access the full page.