APPENDIX F
Fraud Risk Analysis
RISK AND RISK ANALYSIS are large and complex subjects. Only the risk specifically of fraud is addressed here. The principal foundations for fraud risk analysis involve an understanding of the fraud threats, assets, external environment, and the organization itself.
Risks themselves may be seen as potential events that may threaten the business in terms of both its financial health and also its image and reputation.
Generically, risk management involves:
- The identification of risk areas
- Developing an understanding and assessment of the scale of risk
- Development of a risk response strategy
- Allocation of responsibilities and implementation of the strategy
- Implementation and monitoring of controls
- Reviewing and refining the overall process
In identifying fraud risk areas, it must be understood that fraud is only one component of an organization’s operational risk. The major difference with fraud is that the risk occurs by intent and deliberate act designed normally to benefit the perpetrator.
In many cases, generic risk analysis tends to focus on a limited number of risk factors and most frequently on outsider risk. When conducting a fraud risk assessment, the emphasis needs to be on the activities and processes within the business and the assets affected by such processes.
Fraud risk assessment relates to management examining the organization’s exposure to potential fraudulent schemes or internal and external corruption so that controls to mitigate ...
Get Corporate Fraud and Internal Control + Software Demo: A Framework for Prevention now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
