Fraud Risk Assessment ('FRA')

By considering the nature and extent of fraud risk to which a firm is, or could be exposed, fraud risk can be assessed for likelihood of occurence and potential impact (i.e. financial and non-financial). For significant fraud risk, informed steps can be taken by senior management to prioritise anti-fraud efforts and to allocate resources where they can be most efffective.

Eliminating inherent risk is not always possible and the extent to which 'acceptable' levels of residual risk remain, is a factor of senior management 'risk-appetite'.

Risk assessment findings and priorities are useful for defining a firm's risk-based approach, which senior management can share with the Audit Committee and/or Regulator.

Factors to consider

FRA planning considerations, include:

  1. The FCA expects firms to consider full implications of the breadth of fraud risk they face, which may effect reputation, customers and the markets in which they operate
  2. Are existing arrangements for identifying and assessing fraud risk reliable; and do they provide a true reflection the firm's actual risk-profile?
  3. Is there clarity of fraud risk ownership in the end-to-end business process, particularly for activity or transactions considered to be at a higher-risk of fraud?

FRA outcomes

A properly scoped and successfully completed FRA should provide senior management with an informed view on the following:

How we can help you

FCRM assists clients to identify fraud risk in the operating environment. Our personnel utilise experience of conducting regulatory reviews (e.g. s166), knowledge of systems and controls issues identified in previous fraud investigations, and our FRA capability, to provide clients with a comprehensive analysis of fraud risk in their operating environment.

We consider various sources during an FRA assignment, including: (i) known fraud/loss data; (ii) control-gap risk assessment; (iii) output of structured meetings/workshops; (iv) trend analysis; and (v) regulatory considerations (e.g. published papers, guidance and thematic reviews).

FRA findings are documented and used by client senior management to inform risk-appetite priorities. FRA output is also available to the client for use as the baseline for any subsequent review/refresh, as part of the firm's fraud risk-management framework.

Integrity in Business Practice