Fraud risk assessment

Because fraud is a hidden and under-reported crime, the risks and impacts are often underestimated and overlooked. Understanding fraud exposure and weaknesses helps organisations to raise awareness and inform the implementation of an effective fraud prevention programme.

All organisations are exposed to various forms of internal and external fraud risk. When that risk becomes reality, the impact goes well beyond financial loss. Fraud against the public sector diverts resources from essential services, undermines the integrity of publicly funded programmes, and fuels ongoing criminal activity. Preventing fraud ensures funds reach the people, communities and organisations that depend on it.

Fortunately, identifying and mitigating fraud risks does not need to be difficult. A great starting point is a fraud risk assessment. This will help an organisation to understand its exposure to fraud risks and then design and implement a fraud risk management plan. 

Fraud risk assessments are part of a continuous fraud risk management cycle, moving from planning a fraud risk assessment to the fraud risk assessment process and post-fraud risk assessment activities. By viewing a fraud risk assessment as an ongoing cycle of activity, it can help an organisation to ensure new risks and emerging threats are considered, evaluated and prioritised.

 

Figure: The fraud risk management cycle is an ongoing process involving assessments and post-assessment activities.

Fraud risk assessment good practice guide

Fraud risk assessments enable fraud control practitioners and fraud risk managers to identify fraud risks and vulnerabilities within their agencies. These assessments can help leaders understand fraud risks and make better decisions about how to manage them. 

The information gathered within a fraud risk assessment forms an integral part of an effective counter fraud strategy. The assessment will identify, describe and evaluate fraud risks , and help to identify the risks that are unique to an organisation’s programmes and functions. 

A fraud risk assessment can also help those within the organisation to mitigate risks, identify gaps or weaknesses in controls, and develop a practical action plan to target resources to reduce those risks. 

This guidance includes principles and methods from fraud risk assessment good practice, which fraud control practitioners and fraud risk managers can apply or adapt to suit individual circumstances. It will also help fraud specialists, public sector employees (including policy designers) and senior leaders better understand the fraud risk assessment process and its benefits.

The guide examines:

  • key considerations before starting a fraud risk assessment, such as roles and responsibilities
  • the assessment process, including identification, analysis, evaluation and treatment of risks
  • post-assessment activities, such as evaluating, reporting and reviewing. 

A series of annexes provide further information on:

  • fraud risk data
  • questions to ask senior leadership about fraud risk
  • how the likelihood of fraud occurring can be measured
  • how to assess the effectiveness of countermeasures.

Fraud risk assessment template

This fraud risk assessment template can be used by agencies to document their fraud risk assessment process. The template will be useful if your organisation does not have an existing template, or if you want to tailor your current assessment. It provides a step-by-step approach that aligns with recommended good practice. Further detail about these steps can be found in the fraud risk assessment good practice guide. Instructions about how to use the template are in the first tab of the spreadsheet.