WHAT INSPIRES YOU, INSPIRES US.
Insights : Article

The Fraud Prevention Check-Up

April 27, 2017

Adapted from the ACFE (http://www.acfe.com/fraud-prevention-checkup.aspx)

Completing this check-up is the most cost effective way to assess your organization’s vulnerability to fraud. By identifying specific fraud risks early, you are in a better position to manage those risks before fraud problems disrupt your organization.

Answer the following questions to see where your organization stands in the following areas.

1. Fraud risk oversight
Do you have a process in place for the board of directors or others charged with governance (e.g., an audit committee) to proactively manage fraud risks within your organization?

Check one:

 - No, we do not have a process in place (0)

 - We have a process, but it has not been tested (10)

 - We have a process fully implemented, tested within the past year and working effectively (20)

2. Fraud risk ownership

Have you designated a member of senior management to have responsibility for managing all fraud risks within the organization?

 - Yes (5)

 - No (0)

 Have you explicitly communicated to the appropriate managers that they are responsible for managing fraud risks within their part of the organization?

 - Yes (5)

 - No (0)

3. Fraud risk assessment
To what extent have you implemented an ongoing process for periodic assessment of the fraud risks faced by the organization?

 - No, we do not have a process in place (0)

 - We have a process, but it has not been tested (10)

 - We have a process fully implemented, tested within the past year and working effectively (20)

4. Fraud risk tolerance and risk management policy
Have you identified and has the board of directors approved its tolerance for different types of fraud risks? (For example, some fraud risks may constitute a tolerable cost of doing business, while others may pose a catastrophic risk of financial or reputation damage to the organization. You will likely have a different level of tolerance for each of these risks.)

 - Yes (5)

 - No (0)

Have you identified and has the board of directors approved a policy on how the organization will manage its fraud risks? This policy should identify the risk owner responsible for managing fraud risks, what risks will be rejected (e.g., by declining certain business opportunities), what risks will be transferred to others through insurance or by contract, and what steps will be taken to manage the fraud risks that are retained.

 - Yes (5)

 - No (0)

5. Process level anti-fraud controls/re-engineering
To what extent have you implemented appropriate controls to eliminate or minimize through process re-engineering each of the significant fraud risks identified in your risk assessment? Basic controls include segregation of duties relating to authorization, custody of assets and recording or reporting of transactions.

 - Controls not in place (0)

 - Control in place, but not tested (2)

 - Controls in place, tested within the last year working effectively (5)

To what extent have you implemented appropriate controls at the process level designed to prevent and/or detect each of the significant fraud risks identified in its risk assessment? For example, the risk of sales representatives falsifying sales to earn sales commissions can be reduced through effective monitoring by their sales manager, with approval required for sales above a certain threshold.

 - Controls not in place (0)

 - Control in place but not tested (2)

 - Controls in place, tested within the last year working effectively (5)

6. Environment level anti-fraud controls
To what extent has the organization implemented an ongoing process to promote ethical behavior, deter wrongdoing, and facilitate two-way communication on difficult issues? Such a process typically includes:

 - Processes not in place (0)

 - Processes in place, but not tested (10)

 - Processes fully in place, tested within the past year, and working effectively (20)

7. Proactive fraud detection
To what extent have you established a process to proactively detect, investigate and resolve fraud-related “red flags?” Such a process should include controls embedded in the organization’s information system that highlight suspicious transactions for investigation and/or approval prior to completion of processing.

 - Processes not in place (0)

 - Processes in place, but not tested (5)

 - Processes fully in place, tested within the past year, and working effectively (10)

IDEAL SCORE: 100/100

The desirable score for an organization of any size is 100 points. However, most organizations should expect to fall significantly short of this in an initial fraud prevention check-up.

This fraud prevention check-up provides a broad overview of the adequacy of your organization’s fraud prevention program. The important information to take from this is identifying particular areas for improvement in your fraud prevention processes. Your actual score is only presented to help give you an overall impression of where your organization is in its fraud prevention efforts.