A fraud risk assessment is the systematic process of identifying and prioritizing an organization’s inherent risks of fraud and their underlying motivators. This assessment identifies the fraud schemes that can emanate from these fraud risks and connects them to internal controls.

The outcome of a fraud risk assessment is the identification of the residual risk – in other words, the fraud risk that does not appear to be addressed by existing internal controls. This imperative process includes the exhaustive review of relevant materials, ‘brainstorming’ discussions with both employees and process owners, as well as the documentation of the fraud risk assessment.

laptop-figure

Fraud Risk Assessments

The professionals at nagel + associates have substantial experience performing fraud risk assessments. Unlike a forensic investigation, which is reactive and typically carried out in response to specific allegations of fraud, a fraud risk assessment is a proactive process with the primary objective of pinpointing potential vulnerabilities in the organization’s system of internal controls that may make the organization more susceptible to fraud.

Typical Procedures

  • A complete review of policies and procedures
  • An analysis of process mapping
  • An assessment of internal control procedures and testing
  • Exploring the efficacy of audit reporting to management
  • Probing into the inquiries made by key management and staff

Specific Accounting Cycle Review

Errors that occur within an organization fall into one of two distinct categories: unintentional and intentional. While the majority of frauds generally result from the latter group, fraudsters often discover and exploit vulnerabilities due to unintentional errors that are neither caught nor rectified by management.

Rather than conducting an overall review of the entire fraud framework, organizations have frequently retained nagel + associates as a direct result of noted weaknesses found in specific areas of their accounting cycle. These may be due to a general concern around the internal controls or errors that have been detected, which would be a clear indication that the cycle is vulnerable to the devious scheming and manipulation of fraudsters.

Typical Procedures

  • Cradle-to-grave probe into the internal controls within a specific accounting cycle
  • Complete testing of internal controls
  • Thorough review of policies and procedures
  • Analysis of internal control mapping
  • Examination of audit reporting
  • Conducting employee surveys

In 2016, a university football team had the top recruiting class in Canada. Needless to say, the demand for tickets to home games was at an all-time high. Mr. Pete Simpson and Mr. Orenthal Rose were high-ranking employees within the university’s athletic department.

The ticket sale policy for the university clearly states the following:

  • Employees within the athletic department may receive two complimentary tickets to every home game; however, the resale of these tickets is not permitted
  • Potential donors to the athletic program receive complimentary tickets
  • 5% of all tickets are set aside for charitable organizations

Due to the obvious lack of oversight and the absence of internal controls regarding ticket sales to the university football games, Mr. Simpson and Mr. Rose conspired to take full advantage, for their own benefit.

Mr. Simpson and Mr. Rose put their scheme in motion by:

  • Receiving numerous complimentary tickets for every home game and ‘flipping’ or reselling them at a substantial markup to unsuspecting buyers
  • Obtaining an inordinate and excessive amount of tickets for potential donors, once again reselling them at a higher amount for personal profit
  • Reselling tickets that were earmarked for charitable organizations

The two employees were able to conceal their theft by allocating tickets to fictitious charitable organizations that they created, and by funneling complimentary tickets to bogus ‘potential donor’ accounts that they had also fabricated. After each home game, Mr. Simpson and Mr. Rose would cover their tracks by disposing of any materials that could be deemed incriminating, ultimately destroying the paper trail of ticket sales and any record of the complimentary tickets that had been disbursed.

In 2019, a new athletic director was hired and immediately expressed concerns in regard to the lack of policies and procedures in place for ticket sales to home football games. The new athletic director decided to open an investigation into past ticket sales over the previous 5 years. Before long, he had uncovered many irregularities from the 2016 season’s ticket sales.

An independent committee was established in order to maintain the objective oversight that is crucial to maintaining the efficacy of internal controls. New policies were created that required the mandatory disclosure and reporting of all athletic data and finances to the central financial administrators of the university. Furthermore, complimentary tickets for employees, potential donors and charities would become safeguarded by an independent board with responsibilities that included, but were not limited to, issuing quarterly ticket reports to the new athletic director and central financial administrators.

To determine whether your organization may be susceptible to fraud, take the following brief survey: