Bizcoach, Small Business Ideas and Resources for Starting a Small Business

Risk Assesment and Fraud

This is a short article illustrating how risk assessment can be used to prioritize business processes for fraud potential.

It is the responsibility of managers to find fraud, but it is hard sometimes to locate the vital clues about where to look for it. Risk assessment is a tool that will help managers detect and deal with fraud in their operations. Risk assessment is a decision-making tool that helps managers sort through a number of possibilities and then chose those with the greatest payoff. Correct risk management is as important as organising public indemnity insurance cover or any of the other steps you take to protect your business. In fighting fraud, risk assessment techniques can help managers identify the most likely business processes where fraud could occur.

The three elements of risk assessment are:

The three elements of fraud are:

Each of these three elements of fraud can use risk assessment techniques of identification, measurement and prioritization to detect and deal with organization fraud. Pre-employment screening attempts to reduce the number of employees with an "at risk" attitude. Behavioral risk assessment examines EAP (Employee Assistance Programs) and similar programs to ensure that "at risk" pressures can be relieved through these safety valves. Risk assessment can be used also to evaluate "at risk" business processes in the organization that may be more prone to fraud opportunities. What is needed is a model of these "at risk" business processes to give managers the clues they need to manage fraud risk.

Most managers can recognize the risk in processes that handle cash and negotiable securities, but how do managers identify processes or parts of processes where the risk of fraud is less obvious? A model of fraud risk can be built around the characteristics of fraud types. The risk of various types of fraud is greater in a process that includes one or more of the characteristics in our model.

Characteristics of Fraud Opportunities

Types of Fraud

Characteristics of Fraud Potential in Business Processes

Examples of Processes or Process Elements

Financial Fraud
  • Assets include cash, negotiable securities
  • Processes include movement or exchange of the financial assets
  • Processes include subjective valuations of assets or credit
Wire transfers
Credit/loan approval
Auctions/asset disposal
Theft of Assets
  • Assets can be converted easily to personal use or have dual use
  • Assets have more than nominal value
  • Access to the assets is open, frequent and with minimum control
  • Assets are easily concealed
  • Assets are commodities that are difficult to trace
  • Assets are easily sold (ready market)
Attractive assets such as portable computers
Precious metal scrap
Microchip inventories
Consumer inventories
Tools and equipment
Building materials
Theft of Services
  • Services can be converted easily to personal use or have dual use
  • Services have more than nominal value
  • Access to the services is open, frequent and with minimum control
  • Services are performed "off premises"
  • Employees are also customers
Building trades
Consumer services
Off-site warehousing and refurbishment/repair
Adjusting A/R
  • Self-reporting processes
  • Processes with high degree of subjective judgment
  • Processes with high impact on organizational survival
Consulting/legal services
Estimating reserves
Safety/environmental impact
Legal/regulatory compliance

The first step of risk assessment is risk identification.  Using the model, managers can identify which of their business processes are "at risk" opportunities for fraud. An Accounting Manager might want to focus some attention on transactions that dispose of business assets, journal entries that set up estimated reserves for litigation, and write-offs/adjustments to employee accounts. Identifying some of the riskier areas permits the manager to concentrate more effort where there is more inherent risk of fraud.

The model is a handy first step in detecting and dealing with fraud. The risk areas are based on a wide cross-section of many types of organizations and experience of many years. Nevertheless, each organization operates within their own context or corporate culture, and each has a history of strengths and weaknesses. The model should be supplemented with additional weak areas known to management.

To complete the risk assessment, the manager needs to have some means of measuring and prioritizing the risk of fraud in each of these areas and any additional areas deemed "at risk" from past experience. Risk measurement is the hardest part of risk assessment, and there is little that can be done to date to eliminate subjectivity in the measurement process.

One method of measuring the risk of fraud in various business processes is to establish common factors that are observable or measurable indicators of the size of frauds possible and their consequences. Each process is then scored according to the strength or weakness of the factors using a scale of 1 (low) to 5 (high). For example, factors might be chosen as follows:

Value: What is the relative cost or value of the consequences of fraud? It is useful to annualize this amount so as to compare "apples with apples." Thus a cashiering operation may have a risk of fraud of perhaps $100 per day in skimming (stealing revenue before it enters the accounting system) or an annual exposure of approximately $26,000. Bogus wire transfers could net many millions of dollars. The scoring for a wide range of values like this is typically logarithmic.

A formula can be created that represents the fraud risk in each business process. The total scores from using the formula can then be compared to prioritize those business processes that need the most management attention.

None of this is rocket science, but using a risk-based approach to fraud can give managers the additional information they need to address the negative consequences of fraud.

More Business Risk Management Info: