|
|
 |
|
Managing the risk of fraud is the same in principle as managing any other risk. It is best approached systematically, both at the organisational level e.g. by using fraud policy statements, and at the operational level. There are a number of steps which should be taken to manage the risk of fraud:
- Identify risk areas:
Establish the areas most vulnerable to the fraud risk. Patterns of loss and areas of potential loss should be identified so that areas vulnerable to risk can be pin-pointed. It may be useful to survey your staff to establish all the risks of which they are aware. Areas where risks may be particularly high include those where there is responsibility for letting or managing contracts, handling cash and and controlling the disposition of assets.
- Assess scale of the risk:
Identify and assess what measures are already in place to prevent fraud - determine any residual risk if these measures are effective.
- Allocate responsibility for risk:
Identify who has responsibility for the management of each risk.
- Identify additional controls:
Establish what further controls are required to reduce or eliminate the risk. The buttons on the left of this page link to examples of the type of controls which should be in place to address certain risks.
- Implement the additional controls
- Monitor implementation of controls:
Monitor to assess effectiveness. This could be achieved by a number of means, including internal audit reviews of system controls and spot checks by managers to ensure that controls (such as supervisory controls or reconciliations) are in operation.
- Evaluate the effectiveness of controls:
Assess whether the risk of fraud is lessened as a result of the implementation of additional controls.
Controls can be applied to either individual systems or to the organisation as a whole. Some of these are designed to prevent fraud, some to detect fraud, and some have a combined role.
|
|
