By considering the nature and extent of fraud risk to which a firm is, or could be exposed, fraud risk can be assessed for likelihood of occurence and potential impact (i.e. financial and non-financial). For significant fraud risk, informed steps can be taken by senior management to prioritise anti-fraud efforts and to allocate resources where they can be most efffective.
Eliminating inherent risk is not always possible and the extent to which 'acceptable' levels of residual risk remain, is a factor of senior management 'risk-appetite'.
Risk assessment findings and priorities are useful for defining a firm's risk-based approach, which senior management can share with the Audit Committee and/or Regulator.
FRA planning considerations, include:
A properly scoped and successfully completed FRA should provide senior management with an informed view on the following:
FCRM assists clients to identify fraud risk in the operating environment. Our personnel utilise experience of conducting regulatory reviews (e.g. s166), knowledge of systems and controls issues identified in previous fraud investigations, and our FRA capability, to provide clients with a comprehensive analysis of fraud risk in their operating environment.
We consider various sources during an FRA assignment, including: (i) known fraud/loss data; (ii) control-gap risk assessment; (iii) output of structured meetings/workshops; (iv) trend analysis; and (v) regulatory considerations (e.g. published papers, guidance and thematic reviews).
FRA findings are documented and used by client senior management to inform risk-appetite priorities. FRA output is also available to the client for use as the baseline for any subsequent review/refresh, as part of the firm's fraud risk-management framework.