Man with magnifying glass investigating Innocent Spouse Rules

Have You Considered a Fraud Risk Assessment for Your Business?


All companies face the risk of loss due to fraudulent activities. The truth is that some are better prepared than others because they have acted in ways to prevent fraud before it occurs, rather than having to react to the consequences once it’s too late.   It’s important to have additional processes and programs in place in your company to combat fraud risk by increasing the level of fraud awareness within the organization. That begins with assessing where fraud may be most likely occur.

Fraud Risk Assessment

As a start, consider completing a Fraud Risk Assessment. We recommend the Company periodically perform such an assessment to identify, analyze and manage the risk of asset misappropriation.

Risk assessment, including fraud risk assessment, is one element of internal control, can be informal and should be performed by management-level employees possessing extensive knowledge of the Company’s operations. Ordinarily, the management-level employees would conduct interviews or lead group discussions with other relevant personnel with extensive knowledge of the Company’s operations, its environment, and its processes. Generally, this is accomplished through conducting brainstorming sessions with management to discuss potential fraud schemes and scenarios. A risk matrix would be developed thereafter, identifying the owner of each process, the possible fraud schemes and scenarios impacting the process, and a detailed account of all controls in place to prevent or detect fraudulent activity.

Once the risk matrix is developed, reviews can be performed of select processes to evaluate the effectiveness of the stated controls to mitigate the fraud risks. This matrix provides you the ability to identify areas where additional anti-fraud control enhancements should be implemented.

When conducting the assessment, the following questions should be considered:

  • What assets are susceptible to misappropriation?
  • Who receives cash receipts?
  • What risks relate to the Company’s fixed assets and inventories?
  • How could assets be stolen?
  • Are there any known internal control weaknesses that would allow misappropriation of assets to occur and remain undetected?
  • How could potential misappropriation of assets be concealed?

Once the areas vulnerable to fraud have been identified, a review of the Company’s control environment related to these areas should be conducted with additional systems, procedures and controls established and implemented to reduce the risk of fraud.

Other Things You Can Do to Raise Fraud Risk Awareness in Your Company

Implementing fraud awareness and training programs keeps the importance of being conscious of fraud warning signs alive. As with any informational campaign, there are many ways to get the message out. Some of the more common methods are administering fraud and ethics training to your employees, conducting awareness and ethics presentations in departments within the organization, and through information campaigns, such as informational graphics designed to educate your employees in the warning signs of fraud.

Institute a Confidential Hotline and Reporting Process

Consider establishing an open line of communication to confidentially report situations of potential wrongdoing or unethical behavior. All organizations should develop programs to increase awareness of the hotline and its purpose, including posting hotline numbers on internal and external websites, and by conducting awareness meetings with employees. In addition, you must ensure you communicate your no-retaliation policy and promote this in all your hotline awareness communications.

On a semi-annual basis, you should consider requesting that the human resources team member or other responsible party provide those charged with the governance of the company with a summary of all hotline calls, including their final disposition. This not only provides those charged with the oversight role an idea of the nature of the calls received, but the assurance that the caller concerns were addressed.

Establish guidelines to ensure that reported issues and concerns are reviewed with consistency throughout the organization. These guidelines should define which department(s) will perform the investigation, the standards to follow in completing and documenting the work performed, and the communication process for advising relevant parties concerning the investigation and the results of the investigation.

In summary, taking the following steps will help to create good corporate governance and maintain a strong ethical climate within your organization:

  • Completing a Fraud Risk Assessment that identifies the major fraud risks facing the organization and the key controls in place to mitigate these risks.
  • Communicating what is expected of your employees by clearly and convincingly stating your organization’s values and ethics and the kind of behavior that is expected from each employee.
  • Providing a safe mechanism for reporting concerns so that those who know about, or are suspicious of fraudulent or other unethical violations, will come forward and report misdeeds without the fear of retaliation.
  • Maintaining a zero tolerance for fraud by clearly stating your organization’s position on fraud.

Dannible & McKee, LLP, specializes in providing assistance to management in planning and constructing effective Fraud Risk Assessments and fraud awareness programs. You can also visit the Resources page of our website at and evaluate the effectiveness of your business’ own fraud prevention measures. If we can be of assistance to you, contact Brian Johnson, CPA, CFE, CCIFP at or 315-472-9127.