Professional Documents
Culture Documents
Guide to
Fraud Risk Assessment
P R O D U C E D B Y
Governance Directorate
NSW Department of Community Services
Head Office
4-6 Cavill Ave
Ashfield NSW 1800
J A N UA RY 2 0 0 5
Contents
G U I D E T O F R A U D R I S K A S S E S S M E N T
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Purpose of the Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
How to use the Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1 Administration
Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
General Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Motor Vehicles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2 Finance
Accounts Payable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Petty Cash and Cash Receipts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
5 Information Systems
Information Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
6 Procurement
Inventory (Stores) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Professional Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Purchasing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
I N T R O D U C T I O N
Creating and maintaining high standards The purpose of the Guide to Fraud Risk
of ethical behaviour is the responsibility Assessment is to help managers and
of every employee. staff to assess the adequacy of existing
controls and to determine whether
This Guide to Fraud Risk Assessment is additional fraud counter-measures are
an essential part of the Department's required.
Fraud Control Plan, which is designed
to raise awareness of fraud in the The fraud risk assessment process
workplace and provide information and outlined in this document does not
assistance to staff on the prevention, replace existing standards or manuals
detection and reporting of fraud. such as the Financial Procedures Manual.
1
F R AU D R I S K A S S E S S M E N T
P U R P O S E O F T H E G U I D E
The Guide describes a range of: Most fraud categories will apply to all
units. However, the category relating
possible inherent fraud risks that
might occur in a series of typical specifically to Service Providers will be
administrative situations, and relevant only to Regional Offices and the
Head Office unit dealing with service
control measures that could be used
providers.
to address them
The Recommended Control Measures are The Assessment should be revisited
a collection of good ideas that would regularly to ensure that the fraud risks
apply to most situations most of the are minimal and under control.
time. But there is no "one size fits all"
solution.
2
F R AU D R I S K A S S E S S M E N T
H O W T O U S E T H E G U I D E
Focus on one Fraud Risk Category Consider each Recommended Indicate in the fourth column your
at a time (e.g. Assets on page 5). Control Measure separately. rating of how well the Control
Consider all Inherent Risks in the Indicate in the third column yes or Measure is working in relation to the
first column. Add any others you no as to whether or not that control possible risks. The Risk Assessment
can think of is in place in your unit rating can range from 1 to 9, where
1 means lowest possible risk and 9
means highest risk
(Remember, you are rating each
Recommended Control Measure,
NOT the Inherent Risks).
3 Low Provides a low level of opportunity for fraudulent activity None but be aware
of any weak spots
3
F R AU D R I S K A S S E S S M E N T
H O W T O U S E T H E G U I D E (Continued)
For example, under Assets, on page 5, Add any other useful Control
the second Recommended Control Measures that may occur to you and
Measure is Maintenance of register of apply the same rating process
portable equipment to keep track of Work out and write down a strategy
laptops etc. Suppose you indicated that to address all Recommended Control
there was no 'Control Measure in Place'. Measures that you have rated as 5 or
Consider how risky this situation is. If more out of 9
there are no laptops or any equipment of Add up the Rating of Control
any significant value that staff take away Measure column for each Fraud Risk
from the office, you might rate the risk as Category and write down against
only 1. On the other hand, if there are, 'Sum of risk assessment ratings (a)'.
and equipment has gone missing in the Work out the Average Fraud Risk for
past, you might rate it 7. each Fraud Risk Category by dividing
(a) by the number of Recommended
Similarly, on another Recommended Control Measures
Control Measure you may have indicated
Transfer the number of
that the control measure is in place.
Recommended Control Measures and
But you still need to determine the level the total at (a) for each Category to
of risk. For example, consider the first page 23. Then determine an overall
Recommended Control Measure for risk rating for your unit. This will give
Assets, New equipment valued>$5,000 you a sense of the vulnerability to
immediately given an asset number fraud of your unit as a whole
and placed in assets register etc.
But most importantly, implement
Although an asset register exists, it may your strategies
not have been updated for some time,
so you might rate it 5.
4
F R AU D R I S K A S S E S S M E N T
1 . A d m i n i s t ra t i o n
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
5
F R AU D R I S K A S S E S S M E N T
1 . A d m i n i s t ra t i o n
(Continued)
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
6
F R AU D R I S K A S S E S S M E N T
1 . A d m i n i s t ra t i o n
(Continued)
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
7
F R AU D R I S K A S S E S S M E N T
1 . A d m i n i s t ra t i o n
(Continued)
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
8
F R AU D R I S K A S S E S S M E N T
2. Finance
F R A U D R I S K C AT E G O RY - A C C O U N T S PAYA B L E
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
9
F R AU D R I S K A S S E S S M E N T
2. Finance
(Continued)
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
10
F R AU D R I S K A S S E S S M E N T
3 . P u rc h a s e o f S e r v i c e s
f ro m S e r v i c e P ro v i d e rs
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
11
F R AU D R I S K A S S E S S M E N T
3 . P u rc h a s e o f S e r v i c e s
f ro m S e r v i c e P ro v i d e rs
(Continued)
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
12
F R AU D R I S K A S S E S S M E N T
3 . P u rc h a s e o f S e r v i c e s
f ro m S e r v i c e P ro v i d e rs
(Continued)
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
13
F R AU D R I S K A S S E S S M E N T
4 . H u m a n R e s o u rc e M a n a g e m e n t
F R A U D R I S K C AT E G O RY - PAY R O L L
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
14
F R AU D R I S K A S S E S S M E N T
4 . H u m a n R e s o u rc e M a n a g e m e n t
(Continued)
F R A U D R I S K C AT E G O RY - PAY R O L L
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
15
F R AU D R I S K A S S E S S M E N T
4 . H u m a n R e s o u rc e M a n a g e m e n t
(Continued)
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
16
F R AU D R I S K A S S E S S M E N T
5. Information Systems
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
17
F R AU D R I S K A S S E S S M E N T
5. Information Systems
(Continued)
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
18
F R AU D R I S K A S S E S S M E N T
6 . P ro c u re m e n t
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
19
F R AU D R I S K A S S E S S M E N T
6 . P ro c u re m e n t
(Continued)
F R A U D R I S K C A T E G O R Y - P R O F E S S I O N A L S E R V I C E S (Consultants etc)
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
20
F R AU D R I S K A S S E S S M E N T
6 . P ro c u re m e n t
(Continued)
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
21
F R AU D R I S K A S S E S S M E N T
6 . P ro c u re m e n t
(Continued)
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Av e ra g e F ra u d R i s k (b)
22
F R AU D R I S K A S S E S S M E N T
O v e ra l l F ra u d R i s k A s s e s s m e n t R a t i n g
F ra u d R i s k C a t e g o r y Column 1 Column 2 Av e ra g e R i s k
N o. o f C o n t ro l Tra n s f e r ( a ) Divide Column 2
M e a s u re s f ro m e a c h entry by Column 1
ra t e d i n e a c h F ra u d R i s k entry for each
Category Category Category
Administration:
Assets
General Resources
Information
Motor Vehicles
Finance:
Accounts Payable
Petty Cash and Cash Receipts
Service Providers:
Human Resource
Management:
Payroll
Personnel
Information Systems:
Information Technology
Procurement:
Inventory
Professional Services
Purchasing
Divide Column 2 O v e ra l l F ra u d R i s k E x p o s u re
Total by Column 1
Total
23
F R AU D R I S K A S S E S S M E N T
Evaluation
Using the scale below, please indicate with a cross (x) how useful the fraud risk
assessment exercise has been in determining your fraud risk profile.
Ve r y H i g h High M o d e ra t e Low Ve r y L o w
Please comment on the relevance of the fraud risk categories and their groupings
into the functional areas. (Please insert response).
24
F R AU D R I S K A S S E S S M E N T
Evaluation
(Continued)
Is there a particular fraud risk category that you believe should be added to the
present list? (Please insert response).
How could the fraud risk assessment process be improved? (Please insert
response).
Please forward your Assessment, and any other comments, to the Manager, Business
Assurance, by internal mail or by faxing to (02) 9716 2111.
25
FRAUD RISK ASSESSMENT