iAuditor Mobile App Preview

Audit

Culture of Honesty and Ethics

Setting the Tone at the Top:

Is there a written Code of Conduct?

Is the Code of Conduct disseminated to all employees at time of hire?

Is there at least annual refresher training on the code of conduct for every employee?

Is there a method of determining that employees understand the contents of the code of conduct?

Do employees have a communication avenue for asking questions when ethical situations arise?

Is there a Confidential Reporting Mechanism for employees to use to report suspected or possible fraud without fear of reprisal?

Is the Confidential Reporting Mechanism contact widely advertised so that all employees are aware of it?

Is there a protocol for handling all Confidential Reporting Mechanism activity?

Is activity of the Confidential Reporting Mechanism reported to executive management and the board?

Creating a Positive Workplace Environment:

Is there an employee recognition and reward system or compensation program?

Is there a whistleblower policy, a system for employees to obtain advice internally before making decisions that have significant legal or ethical implications, and/or a process to encourage employees to communicate or report, on a confidential or anonymous basis, without fear of retribution, concerns related to wrongdoing or violations?

Hiring and Promoting Appropriate Employees:

Are background checks, both criminal and work, performed on employees, especially those in positions of trust?

Training:

Is there a mechanism for tracking employee training and understanding of the code of conduct?

Notification and Confirmation:

Are employees held accountable for proactively addressing the potential of fraud in the discharge of their assigned duties?

Are awareness of fraud and the management of fraud risks included in every managers (perhaps employees) personnel evaluation?

Discipline:

Are there consequences for employees who commit fraud and are those consequences consistent and fair?

Are consequences pre-determined, that is defined in a fraud policy?

Is there a formal procedure for documenting the consequences of each proven fraud?

Antifraud Processes and Controls

Implementing and Monitoring Appropriate Internal Controls:

Is risk assessment performed by each division, location, or segment separately?

Are possible misconduct schemes, fraud scenarios, fraud categories, and applicable business activity or process identified?

Were consequences posed by each scheme and were management’s tolerance for risks considered? (e.g Reputation damage, Financial damage - Monetary loss; Legal damage – Criminal or civil sanctions)

Were they documented?

Were red flags of fraud considered in the evaluation? Personal characteristics or situational

pressures that can lead to fraud; Agency opportunities that can lead to fraud; Opportunities that allow or encourage management fraud

Was the likelihood that each particular fraud will occur evaluated? Remote; Reasonably possible; Probable

Were direct or indirect controls applicable to above-documented scenarios identified? Basic controls include: Segregation of duties relating to authorization, custody of assets, and recording and reporting of transactions; Supervisory reviews, verifications,

reconciliation; Automated edit checks and system controls; Physical and logical security of assets; Embedded audit checks; Fraud detection software

Appropriate Oversight Process

Commission or Board of Directors:

Is there a communication mechanism by which executive management and the board is made aware of antifraud programs, controls, and results?

Are they advised of the potential fraud risks in the agency?

Are they made aware of the elements of the agency’s antifraud programs and controls?

Are they advised of all actual frauds and the actions taken to mitigate future similar frauds?

Are they advised of activity to the Confidential Reporting Mechanism?

Management:

Is there a member of executive management designated as the responsible party or point of contact for the fraud prevention?

Is this person the liaison with the Office of the Inspector General?

Does this person provide continuous reinforcement of the antifraud programs to all employees?

Is this person responsible directly to executive management and the board for the antifraud programs of the agency?

Completion
Full Name and Signature of Inspector

Fraud Risk Assessment Checklist

Created by: SafetyCulture Staff | Industry: General | Downloads: 3

Use this checklist to monitor the effectiveness of anti-fraud processes controls in place, and if the culture of honesty and ethics are being practiced by employees. The end goal of performing this assessment is to create a positive workplace environment free from fraudulent acts or any form of misconduct.

Signup for a free iAuditor account to download and edit this checklist. It will be added to your free account and you will be able to conduct inspections from your mobile device.

Download and edit this free checklist

Browse for other checklists


iauditor logo

The World's #1 Cloud-Based Inspection Software and App

chevron logo
coles logo
emirates logo
overground logo
tesla logo
toyota logo

Audit

Culture of Honesty and Ethics

Setting the Tone at the Top:

Is there a written Code of Conduct?

Is the Code of Conduct disseminated to all employees at time of hire?

Is there at least annual refresher training on the code of conduct for every employee?

Is there a method of determining that employees understand the contents of the code of conduct?

Do employees have a communication avenue for asking questions when ethical situations arise?

Is there a Confidential Reporting Mechanism for employees to use to report suspected or possible fraud without fear of reprisal?

Is the Confidential Reporting Mechanism contact widely advertised so that all employees are aware of it?

Is there a protocol for handling all Confidential Reporting Mechanism activity?

Is activity of the Confidential Reporting Mechanism reported to executive management and the board?

Creating a Positive Workplace Environment:

Is there an employee recognition and reward system or compensation program?

Is there a whistleblower policy, a system for employees to obtain advice internally before making decisions that have significant legal or ethical implications, and/or a process to encourage employees to communicate or report, on a confidential or anonymous basis, without fear of retribution, concerns related to wrongdoing or violations?

Hiring and Promoting Appropriate Employees:

Are background checks, both criminal and work, performed on employees, especially those in positions of trust?

Training:

Is there a mechanism for tracking employee training and understanding of the code of conduct?

Notification and Confirmation:

Are employees held accountable for proactively addressing the potential of fraud in the discharge of their assigned duties?

Are awareness of fraud and the management of fraud risks included in every managers (perhaps employees) personnel evaluation?

Discipline:

Are there consequences for employees who commit fraud and are those consequences consistent and fair?

Are consequences pre-determined, that is defined in a fraud policy?

Is there a formal procedure for documenting the consequences of each proven fraud?

Antifraud Processes and Controls

Implementing and Monitoring Appropriate Internal Controls:

Is risk assessment performed by each division, location, or segment separately?

Are possible misconduct schemes, fraud scenarios, fraud categories, and applicable business activity or process identified?

Were consequences posed by each scheme and were management’s tolerance for risks considered? (e.g Reputation damage, Financial damage - Monetary loss; Legal damage – Criminal or civil sanctions)

Were they documented?

Were red flags of fraud considered in the evaluation? Personal characteristics or situational

pressures that can lead to fraud; Agency opportunities that can lead to fraud; Opportunities that allow or encourage management fraud

Was the likelihood that each particular fraud will occur evaluated? Remote; Reasonably possible; Probable

Were direct or indirect controls applicable to above-documented scenarios identified? Basic controls include: Segregation of duties relating to authorization, custody of assets, and recording and reporting of transactions; Supervisory reviews, verifications,

reconciliation; Automated edit checks and system controls; Physical and logical security of assets; Embedded audit checks; Fraud detection software

Appropriate Oversight Process

Commission or Board of Directors:

Is there a communication mechanism by which executive management and the board is made aware of antifraud programs, controls, and results?

Are they advised of the potential fraud risks in the agency?

Are they made aware of the elements of the agency’s antifraud programs and controls?

Are they advised of all actual frauds and the actions taken to mitigate future similar frauds?

Are they advised of activity to the Confidential Reporting Mechanism?

Management:

Is there a member of executive management designated as the responsible party or point of contact for the fraud prevention?

Is this person the liaison with the Office of the Inspector General?

Does this person provide continuous reinforcement of the antifraud programs to all employees?

Is this person responsible directly to executive management and the board for the antifraud programs of the agency?

Completion
Full Name and Signature of Inspector