Title Page
-
Client / Site
-
Location
-
Conducted on
-
Prepared by
Fraud Risk Assessment
-
Is ongoing anti-fraud training provided to all employees of the organization?
-
Do employees understand what constitutes fraud?
-
Have the costs of fraud to the company and everyone in it — including lost profits, adverse publicity, job loss and decreased morale and productivity — been made clear to employees?
-
Do employees know where to seek advice when faced with uncertain ethical decisions, and do they believe that they can speak freely?
-
Has a policy of zero-tolerance for fraud been communicated to employees through words and actions?
-
Is an effective fraud reporting mechanism in place?
-
Have employees been taught how to communicate concerns about known or potential wrongdoing?
-
Is there an anonymous reporting channel available to employees, such as a third-party hotline?
-
Do employees trust that they can report suspicious activity anonymously and/or confidentially and without fear of reprisal?
-
Has it been made clear to employees that reports of suspicious activity will be promptly and thoroughly evaluated?
-
Do reporting policies and mechanisms extend to vendors, customers and other outside parties?
-
To increase employees’ perception of detection, are the following proactive measures taken and publicized to employees?
-
Is possible fraudulent conduct aggressively sought out, rather than dealt with passively?
-
Does the organization send the message that it actively seeks out fraudulent conduct through fraud assessment questioning by auditors?
-
Are surprise fraud audits performed in addition to regularly scheduled audits?
-
Is continuous auditing software used to detect fraud and, if so, has the use of such software been made known throughout the organization?
-
Is the management climate/tone at the top one of honesty and integrity?
-
Are employees surveyed to determine the extent to which they believe management acts with honesty and integrity?
-
Are performance goals realistic?
-
Have fraud prevention goals been incorporated into the performance measures against which managers are evaluated and which are used to determine performance-related compensation?
-
Has the organization established, implemented and tested a process for oversight of fraud risks by the board of directors or others charged with governance (e.g., the audit committee)?
-
Are fraud risk assessments performed to proactively identify and mitigate the company’s vulnerabilities to internal and external fraud?
-
Are strong anti-fraud controls in place and operating effectively, including the following?
-
Proper separation of duties
-
Use of authorizations
-
Physical safeguards
-
Job rotations
-
Mandatory vacations
-
Does the internal audit department, if one exists, have adequate resources and authority to operate effectively and without undue influence from senior management?
-
Does the hiring policy include the following (where permitted by law)?
-
Past employment verification
-
Criminal and civil background checks
-
Credit checks
-
Drug screening
-
Education verification
-
References check
-
Are employee support programs in place to assist employees struggling with addictions, mental/ emotional health, family or financial problems?
-
Is an open-door policy in place that allows employees to speak freely about pressures, providing management the opportunity to alleviate such pressures before they become acute?
-
Are anonymous surveys conducted to assess employee morale?
Completion
-
Name and SIgnature of Risk Manager or Compliance Manager