Fraud Risk Assessment Instructions
The Fraud Risk Assessment consists of 15 modules, each containing a series of questions designed to help organizations zoom in on areas of risk. The fraud professional and the client or employer should begin the risk assessment process by working together to answer the questions in each module. It is important that the client or employer select people within the organization who have extensive knowledge of company operations, such as managers and internal auditors, to work with the fraud professional. Upon completion of all of the questions, the fraud professional should review the results of the assessment with the client or employer in order to:
Identify the potential inherent fraud risks.
Assess the likelihood and significance of occurrence of the identified fraud risks.
Evaluate which people and departments are most likely to commit fraud and identify the methods they are likely to use.
Identify and map existing preventive and detective controls to the relevant fraud risks.
Evaluate whether the identified controls are operating effectively and efficiently.
Identify and evaluate residual fraud risks resulting from ineffective or nonexistent controls.
Respond to residual fraud risks.
The Fraud Risk Assessment may reveal certain residual fraud risks that have not been adequately mitigated due to lack of, or non-compliance with, appropriate preventive and detective controls. The fraud professional should work with the client to develop mitigation strategies for any residual risks with an unacceptably high likelihood or significance of occurrence. Responses should be evaluated in terms of their costs versus benefits and in light of the organization's level of risk tolerance.
Be aware, however, that this assessment only provides a snapshot of a particular point in time. The dynamic nature of organizations requires routine monitoring and updating of their financial risk assessment processes in order for them to remain effective.
These questions are provided as a guide only. The user is free to modify the questions as appropriate to match the size and structure of the organization. Additional information on fraud risk assessment may be obtained from:
ACFE's Fraud Resources
Fraud Examiners Manual
Corporate Fraud Handbook, Third Edition, by Joseph T. Wells
The ACFE would like to thank Larry Cook, CFE, for his invaluable contribution to the Fraud Risk Assessment. The Fraud Risk Assessment was originally developed by Mr. Cook, and we thank him for allowing us to build upon his foundation and share his assessment process with our members.
Copyright Notice: The modules and the questions are the property of the Association of Certified Fraud Examiners. The ACFE grants its members the right to use these modules and questions for their own use, or for the use of their clients or employers. Neither, these modules, nor any part thereof, may be sold in whole or in part unless as part of consulting or fraud examination services to a client or employer.
1 - Employee Assessment
2 - Management/Key Employee Assessment
3 - Physical Controls
4 - Skimming Schemes
5 - Cash Larceny Scheme
6 - Check Tampering Schemes
7 - Cash Register Schemes
8 - Purchasing and Billing Schemes
9 - Payroll Schemes
10 - Expense Schemes
11 - Theft of Inventory and Equipment
12 - Theft of Proprietary Information
13 - Corruption
14 - Conflicts of Interest
15 - Fraudulent Financial Reports