Fraud Risk Guideto PDF

GUIDELINES
Guide to
Fraud Risk Assessment
P R O D U C E D B Y
Governance Directorate
NSW Department of Community Services
Head Office
4-6 Cavill Ave
Ashfield NSW 1800
Phone: 9716 2222
J A N UA RY 2 0 0 5
This document is available on

DoCS Online
F R AU D R I S K A S S E S S M E N T
Contents
G U I D E T O F R A U D R I S K A S S E S S M E N T
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Purpose of the Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
How to use the Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1 Administration
Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
General Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Motor Vehicles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2 Finance
Accounts Payable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Petty Cash and Cash Receipts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3 Purchase of Services from Service Providers . . . . . . . . . . . . . . . . . . . . .11
4 Human Resource Management

Payroll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Personnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
5 Information Systems
Information Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
6 Procurement
Inventory (Stores) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Professional Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Purchasing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Overall Fraud Risk Assessment Rating . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Evaluation of Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

I N T R O D U C T I O N
Creating and maintaining high standards The purpose of the Guide to Fraud Risk
of ethical behaviour is the responsibility Assessment is to help managers and
of every employee. staff to assess the adequacy of existing
controls and to determine whether
This Guide to Fraud Risk Assessment is additional fraud counter-measures are
an essential part of the Department's required.
Fraud Control Plan, which is designed
to raise awareness of fraud in the The fraud risk assessment process
workplace and provide information and outlined in this document does not
assistance to staff on the prevention, replace existing standards or manuals
detection and reporting of fraud. such as the Financial Procedures Manual.
1
P U R P O S E O F T H E G U I D E
The Guide describes a range of: Most fraud categories will apply to all
units. However, the category relating
possible inherent fraud risks that
might occur in a series of typical specifically to Service Providers will be
administrative situations, and relevant only to Regional Offices and the
Head Office unit dealing with service
control measures that could be used
providers.
to address them
The Recommended Control Measures are The Assessment should be revisited
a collection of good ideas that would regularly to ensure that the fraud risks
apply to most situations most of the are minimal and under control.
time. But there is no "one size fits all"
solution.
2
H O W T O U S E T H E G U I D E
This is how we suggest you use the Guide to Risk Assessment:
Focus on one Fraud Risk Category Consider each Recommended Indicate in the fourth column your
at a time (e.g. Assets on page 5). Control Measure separately. rating of how well the Control
Consider all Inherent Risks in the Indicate in the third column yes or Measure is working in relation to the
first column. Add any others you no as to whether or not that control possible risks. The Risk Assessment
can think of is in place in your unit rating can range from 1 to 9, where
1 means lowest possible risk and 9
means highest risk
(Remember, you are rating each
Recommended Control Measure,
NOT the Inherent Risks).
Rating Significance Definition A c t i o n R e q u i re d
1 Very Low Provides no apparent opportunity for fraudulent activity None
3 Low Provides a low level of opportunity for fraudulent activity None but be aware
of any weak spots
5 Moderate Provides a moderate opportunity for fraudulent activity Strategy for

improvement
7 High Provides a high opportunity for fraudulent activity Immediate strategy

for improvement
9 Very High Creates a very high exposure to fraud. Priority strategy

for improvement
(Intermediate ratings eg 2, 4, 6 and 8 may be used for gradation).
3
H O W T O U S E T H E G U I D E (Continued)
For example, under Assets, on page 5, Add any other useful Control
the second Recommended Control Measures that may occur to you and
Measure is Maintenance of register of apply the same rating process
portable equipment to keep track of Work out and write down a strategy
laptops etc. Suppose you indicated that to address all Recommended Control
there was no 'Control Measure in Place'. Measures that you have rated as 5 or
Consider how risky this situation is. If more out of 9
there are no laptops or any equipment of Add up the Rating of Control
any significant value that staff take away Measure column for each Fraud Risk
from the office, you might rate the risk as Category and write down against
only 1. On the other hand, if there are, 'Sum of risk assessment ratings (a)'.
and equipment has gone missing in the Work out the Average Fraud Risk for
past, you might rate it 7. each Fraud Risk Category by dividing
(a) by the number of Recommended
Similarly, on another Recommended Control Measures
Control Measure you may have indicated
Transfer the number of
that the control measure is in place.
Recommended Control Measures and
But you still need to determine the level the total at (a) for each Category to
of risk. For example, consider the first page 23. Then determine an overall
Recommended Control Measure for risk rating for your unit. This will give
Assets, New equipment valued>$5,000 you a sense of the vulnerability to
immediately given an asset number fraud of your unit as a whole
and placed in assets register etc.
But most importantly, implement
Although an asset register exists, it may your strategies
not have been updated for some time,
so you might rate it 5.
4
1 . A d m i n i s t ra t i o n
FRAUD RISK CATEGORY - ASSETS
I n h e re n t R i s k s Recommended C o n t ro l Risk
- what could C o n t ro l M e a s u re s M e a s u re Assessment
g o w ro n g in Place Rating of
(YES/NO) C o n t ro l
M e a s u re s
( P l e a s e c i rc l e - re f e r
to table on page 3)
Theft or loss of New equipment valued>$5,000 (or > $500 if portable Y N 1 2 3 4 5 6 7 8 9

assets, particularly and attractive) immediately given an asset number
attractive or and placed in assets register
portable assets
Maintenance of a register of portable equipment to Y N 1 2 3 4 5 6 7 8 9
such as laptops
keep track of laptops etc that are used by individual
or other computer
staff on a temporary basis
equipment
Where possible, segregation of duties between Y N 1 2 3 4 5 6 7 8 9
Unapproved
officers receipting equipment and placing on register
removal or disposal
of assets eg. Regular stocktake of assets performed by officer/s Y N 1 2 3 4 5 6 7 8 9
because of alleged independent of receiving or recording function
damage
Management approval for all asset disposal Y N 1 2 3 4 5 6 7 8 9
Loss of control over
Stocktake and reconciliation performed prior to any Y N 1 2 3 4 5 6 7 8 9
assets because
transfer or permanent closures, and assets on hand
asset register not
transferred appropriately
being maintained
Regular checks that current stock levels reflect Y N 1 2 3 4 5 6 7 8 9
Inability to explain
purchases and usage since previous stocktake
and/or itemise
expenditure on Appropriate, complete expenditure classification on Y N 1 2 3 4 5 6 7 8 9
assets vouchers to facilitate expenditure analysis
Secure storage of assets Y N 1 2 3 4 5 6 7 8 9
Additional Inherent Additional Control Measures: Y N 1 2 3 4 5 6 7 8 9

Risks:
Sum of Risk Assessment Ratings (a)
Av e ra g e F ra u d R i s k (b)
5
(Continued)
FRAUD RISK CATEGORY - GENERAL RESOURCES
M e a s u re s
to table on page 3)
Theft of physical Code of Conduct promoted to all staff Y N 1 2 3 4 5 6 7 8 9

resources such as Y N 1 2 3 4 5 6 7 8 9
Managers ensure staff know what the rules are,
stationery, tools etc
and model appropriate behaviour
Unauthorised use of
Internal policies made available to all staff Y N 1 2 3 4 5 6 7 8 9
cab charge vouchers
Monitoring of usage and expenditure rates Y N 1 2 3 4 5 6 7 8 9
Inappropriate use
on photocopying, taxis, mobile phones etc
of Departmental
phones (including Keep copies of invoices for expenditure on assets, Y N 1 2 3 4 5 6 7 8 9
mobile phones), and monitor expenditure and usage
photocopiers,
Secure storage of resources Y N 1 2 3 4 5 6 7 8 9
portable and
attractive items

Risks:
6
(Continued)
FRAUD RISK CATEGORY - INFORMATION
M e a s u re s
to table on page 3)
Unauthorised Managers ensure staff are aware of "need to know" Y N 1 2 3 4 5 6 7 8 9

disclosure of policy
personal or
Managers ensure staff are aware of requirements of Y N 1 2 3 4 5 6 7 8 9
confidential
privacy legislation
information
Managers/supervisors to initiate specific controls or Y N 1 2 3 4 5 6 7 8 9
Unauthorised access
guidelines in sensitive areas
to client records
Managers ensure staff are aware of procedures on Y N 1 2 3 4 5 6 7 8 9
Theft of client files
passwords etc
from Departmental
vehicles Clean desk policy applied for client and personnel Y N 1 2 3 4 5 6 7 8 9
files
Sound security maintained for sensitive or Y N 1 2 3 4 5 6 7 8 9
confidential information
Appropriate and timely storage or disposal of Y N 1 2 3 4 5 6 7 8 9
sensitive or confidential information
Client and other confidential files locked away when Y N 1 2 3 4 5 6 7 8 9
not in use
Random and targeted audits of KiDS access Y N 1 2 3 4 5 6 7 8 9

Risks:
7
(Continued)
FRAUD RISK CATEGORY - MOTOR VEHICLES
M e a s u re s
to table on page 3)
Unauthorised Supervisors to ensure staff understand policy on Y N 1 2 3 4 5 6 7 8 9

private use of motor careful and authorised use of departmental vehicles
vehicles Y N 1 2 3 4 5 6 7 8 9
All use of Departmental vehicles to be approved
Theft of vehicles Y N 1 2 3 4 5 6 7 8 9
Clearly understood approval mechanism for use
from parking areas
of vehicles
or while garaged
at home Absences from workplace to be approved by Y N 1 2 3 4 5 6 7 8 9
supervisor
Theft or substitution
of accessories or Random reviews conducted of vehicle accessories and Y N 1 2 3 4 5 6 7 8 9
tools requisitions to ensure they are still in the vehicle
Use of petrol card Regular reviews of vehicle log books Y N 1 2 3 4 5 6 7 8 9
for private vehicle Y N 1 2 3 4 5 6 7 8 9
Regular reviews of purchases on petrol cards
or unauthorised
purchases
Falsification of
vehicle log

Risks:
8
2. Finance
F R A U D R I S K C AT E G O RY - A C C O U N T S PAYA B L E
M e a s u re s
to table on page 3)
False invoices Authorised accounting officer complies with Y N 1 2 3 4 5 6 7 8 9

accepted resulting delegation limits
in payment for
Invoice prices validated by supporting documentation Y N 1 2 3 4 5 6 7 8 9
goods not received
such as requisitions and purchase orders
Collusive practice
Segregation of duties between purchasing officer Y N 1 2 3 4 5 6 7 8 9
between supplier
and officer authorising payment
and purchasing
officer resulting in All payments authorised and made on the basis of Y N 1 2 3 4 5 6 7 8 9
invoice price higher valid supporting documentation
than approved on Y N
All travel claims approved by the supervisor 1 2 3 4 5 6 7 8 9
ordering
System is
manipulated
resulting in EFT
payments to non-
existent supplier
False travel claims
submitted

Risks:
9
2. Finance
(Continued)
FRAUD RISK CATEGORY - PETTY CASH AND CASH RECEIPTS
M e a s u re s
to table on page 3)
Theft or The adequacy and validity of claims is checked Y N 1 2 3 4 5 6 7 8 9

"borrowing"
Paying officer stamps claims and receipts as "paid" Y N 1 2 3 4 5 6 7 8 9
of petty cash
Claims not paid without authorisation Y N 1 2 3 4 5 6 7 8 9
Submission of
bogus petty cash Petty cash claims contain details of the item Y N 1 2 3 4 5 6 7 8 9
claims purchased
Receipts not issued Adequate physical security over cash holdings Y N 1 2 3 4 5 6 7 8 9
for money received eg. access to safe and combination limited, safe
locked etc
Under-banking or
failure to bank cash Procedure in place to enable regular reconciliation Y N 1 2 3 4 5 6 7 8 9
receipts between documentation, cash receipts, and petty
cash claims
Theft of cash
following permanent Cash count and re-banking of cash on hand Y N 1 2 3 4 5 6 7 8 9
closure or relocation immediately prior to permanent closure or
of unit relocation of unit
Using petty cash
inappropriately to
split orders

Risks:
10
3 . P u rc h a s e o f S e r v i c e s
f ro m S e r v i c e P ro v i d e rs
REGIONAL OFFICES AND RELEVANT HEAD OFFICE DIRECTORATES
M e a s u re s
to table on page 3)
An incidence of Formal process of background checking of Y N 1 2 3 4 5 6 7 8 9

fraud has been organisations applying to provide service, at the
identified, but stage of expression of interest
processes have not
Reporting, monitoring and accountability system in Y N 1 2 3 4 5 6 7 8 9
been put in place to
place to ensure compliance with service agreement
reduce the risk of
repetition System in place to ensure that non-compliance with Y N 1 2 3 4 5 6 7 8 9
reporting requirements are flagged prior to
Fraudulent use of
payments being made to contracted organisations
funds provided
Staff induction programs to include fraud prevention Y N 1 2 3 4 5 6 7 8 9
Collusive practices
and control
resulting in the
purchasing process Manage conflicts of interest of relevant staff and Y N 1 2 3 4 5 6 7 8 9
not being sufficiently ensure they understand policy
competitive
Personal and/or pecuniary interests of DoCS staff are Y N 1 2 3 4 5 6 7 8 9
Payments for declared and registered, including any interests in
services continue any organisation with which DoCS conducts its
to organisations business
that do not comply
with reporting
requirements

Risks:
11
(Continued)
M e a s u re s
to table on page 3)
Services are Regions (Regional Director or Director, Partnerships Y N 1 2 3 4 5 6 7 8 9

purchased from an and Planning) can suspend payments for one
organisation with a quarter for non-compliance with contract and
previous fraud reporting requirements. The Minister is to be
history or general informed where the suspension may be controversial
record on non- or it is proposed to continue the suspension for a
compliance with second quarter
reporting Y N 1 2 3 4 5 6 7 8 9
Centrally maintained register of organisations
requirement
with a fraud history or with a record of serious
Staff involved in non-compliance
decision making or Y N 1 2 3 4 5 6 7 8 9
Assessments of expressions of interest to
monitoring may
include officers independent of those involved
have a personal or
in administering the program
pecuniary interest in
the contract eg. Service agreements signed by provider prior to Y N 1 2 3 4 5 6 7 8 9
position on the any payment
management or
steering committee
of an organisation

Risks:
12
(Continued)
M e a s u re s
to table on page 3)
Collusive practices Auditor of the Financial Statements must be a Y N 1 2 3 4 5 6 7 8 9

between auditor registered Company Auditor, Chartered Accountant,
of the financial Certified Practising Accountant or otherwise suitably
statement and qualified to meet the Department's criteria, and not
the contracted associated with the contracted organisation
organisation
Ethics issues covered in briefing sessions given to Y N
Service coordinator service providers 1 2 3 4 5 6 7 8 9
drives organisation
Management committee signs off on funds Y N
for his/her benefit
agreement, budget, work plans, job descriptions etc 1 2 3 4 5 6 7 8 9

Risks:
13
4 . H u m a n R e s o u rc e M a n a g e m e n t
F R A U D R I S K C AT E G O RY - PAY R O L L
M e a s u re s
to table on page 3)
Unauthorised staff Appropriate delegations and procedures for Y N 1 2 3 4 5 6 7 8 9

appointments appointment of staff
Overtime worked Supervisors, not staff, submit staff timesheets or Y N 1 2 3 4 5 6 7 8 9
without attendance variation forms to payroll
authorisation Y N 1 2 3 4 5 6 7 8 9
Regular management reports provided to
Timesheets altered supervisors
to increase hours, Y N 1 2 3 4 5 6 7 8 9
Process in place to ensure data entry and data
allowances etc
acceptance done by different staff
Staff orchestrating
Signature of supervisor required before timesheet Y N 1 2 3 4 5 6 7 8 9
call-outs
can be processed
Payments above
approved
entitlements
Overpayment of
employees

Risks:
14
(Continued)
F R A U D R I S K C AT E G O RY - PAY R O L L
M e a s u re s
to table on page 3)
Fraudulent Regular management reviews of rosters Y N 1 2 3 4 5 6 7 8 9

recording of
Regular management reviews of major cost Y N 1 2 3 4 5 6 7 8 9
attendance/time
fluctuations
Leave taken exceeds
Systemic checks to identify staff working Y N 1 2 3 4 5 6 7 8 9
entitlement
simultaneous shifts
Inappropriate
Managers/supervisors review management reports Y N 1 2 3 4 5 6 7 8 9
rostering, eg
and monitor trends in overtime, allowances etc. to
favouritism,
ensure false claims are not being paid
excessive staff
on shifts
Staff claiming for
simultaneous shifts
in different
locations

Risks:
15
(Continued)
FRAUD RISK CATEGORY - PERSONNEL
M e a s u re s
to table on page 3)
Applications for Thorough reference checks carried out on recruits Y N 1 2 3 4 5 6 7 8 9

employment using before appointment
false personal
details HR staff follow formally documented procedures Y N 1 2 3 4 5 6 7 8 9
Appointments made Recruitment panels reminded of need to deal with Y N 1 2 3 4 5 6 7 8 9

other than on merit conflicts of interest
Collusion between Rotation of staff where practical Y N 1 2 3 4 5 6 7 8 9

staff to cover Copies of original documentation required to verify Y N 1 2 3 4 5 6 7 8 9
unauthorised personal details of new staff
absenteeism
Managers ensure staff are aware of policies on use Y N 1 2 3 4 5 6 7 8 9
Conducting personal of departmental resources, including time
business during
working hours Suspected fraudulent worker's compensation claims Y N 1 2 3 4 5 6 7 8 9
reported and investigated
Fraud committed
through negligence
as a result of
manager/supervisor
not checking claims
for payment
Fraudulent worker's
compensation
claims

Risks:
16
5. Information Systems
FRAUD RISK CATEGORY - INFORMATION TECHNOLOGY
M e a s u re s
to table on page 3)
Loss of data Business Continuity Plan (eg how to operate in the Y N 1 2 3 4 5 6 7 8 9

following disaster or event of floods, fire etc)
accident resulting in
Regular backup and off-site storage of Local Area Y N 1 2 3 4 5 6 7 8 9
people taking unfair
Network data
advantage of
situation (eg. Appropriate level of computer access provided Y N 1 2 3 4 5 6 7 8 9
stealing assets not to staff
recorded,
Staff reminded not to share logons and passwords Y N 1 2 3 4 5 6 7 8 9
demanding
inappropriate Staff log out of computers (or lock workstations) at Y N 1 2 3 4 5 6 7 8 9
payments etc) end of day or before extended periods away from
computer, to prevent unauthorised use
Inadequate
application Access to Departmental systems is deleted as staff Y N 1 2 3 4 5 6 7 8 9
(software) controls leave employment
resulting in Staff instructed not to use DoCS credit cards to Y N 1 2 3 4 5 6 7 8 9
unauthorised staff purchase goods over the internet
accessing systems
Unauthorised
release of user
name and/or
password

Risks:
17
5. Information Systems
(Continued)
FRAUD RISK CATEGORY - INFORMATION TECHNOLOGY
M e a s u re s
to table on page 3)
Use of DoCS credit Regular reminders to staff on internet use policy Y N 1 2 3 4 5 6 7 8 9

card for purchases
Regular reviews of internet browsing usage to Y N 1 2 3 4 5 6 7 8 9
over the internet,
detect potential excessive usage, and where
resulting in misuse
appropriate, reviews of websites visited
of credit card
number by vendor Staff advised/reminded of need for discretion when Y N 1 2 3 4 5 6 7 8 9
using Departmental e-mail to express personal
Excessive internet
views to people outside the Department
browsing
Staff instructed not to install illegal (pirate) software Y N 1 2 3 4 5 6 7 8 9
Misrepresentation
on DoCS computers
of Department by
expressing personal
views on
Departmental e-mail
Installation of illegal
(pirate) software on
DoCS computers
Downloading of
inappropriate
material from
internet

Risks:
18
6 . P ro c u re m e n t
FRAUD RISK CATEGORY - INVENTORY (STORES)
M e a s u re s
to table on page 3)
Theft of goods Adequate physical security of stores Y N 1 2 3 4 5 6 7 8 9

Unauthorised Regular reviews of the reasonableness of orders Y N 1 2 3 4 5 6 7 8 9
disposal of goods for stores
Regular stocktakes with results documented and Y N 1 2 3 4 5 6 7 8 9
reported to manager
Persons independent of the stores to be involved in Y N 1 2 3 4 5 6 7 8 9
stocktakes where possible
Manager's approval required for disposal of goods Y N 1 2 3 4 5 6 7 8 9

Risks:
19
(Continued)
F R A U D R I S K C A T E G O R Y - P R O F E S S I O N A L S E R V I C E S (Consultants etc)
M e a s u re s
to table on page 3)
Staff involved in Personal and/or pecuniary interests are declared and Y N 1 2 3 4 5 6 7 8 9

decision making may registered including any interest in any organisation
have a personal or with which DoCS conducts business
pecuniary interest
in the contract Manager to ensure any conflicts of interest are Y N 1 2 3 4 5 6 7 8 9
resulting in biased managed appropriately. Staff with conflict should
tender evaluation not be involved in decision-making
Specification briefs Selection and monitoring of professional services Y N 1 2 3 4 5 6 7 8 9

based on complies with Premier's Department Circular
information supplied 2000/47 and Premier's Department Circular 2004-
by a contractor 17, Engagement and Use of Consultants, which
updates the financial levels applicable
Lack of physical
security over tender Research market and obtain a number of quotes or Y N 1 2 3 4 5 6 7 8 9
opening procedures use government contracts
Payment of Consider panel of pre-qualified providers for regular Y N 1 2 3 4 5 6 7 8 9
fraudulent claims services eg. psychologists, and allocate work fairly
Repeated use of Check all claims carefully before approval Y N 1 2 3 4 5 6 7 8 9
same contractor
Use standard contracts where possible Y N 1 2 3 4 5 6 7 8 9
Collusive practices
which influence the
tender and selection
process

Risks:
20
(Continued)
FRAUD RISK CATEGORY - PURCHASING
M e a s u re s
to table on page 3)
Staff with a Personal and/or pecuniary interests are declared and Y N 1 2 3 4 5 6 7 8 9

personal/pecuniary registered including any interest in any organisation
interest in purchase with which DoCS conducts business
or contract
Manager to ensure any conflicts of interest are Y N 1 2 3 4 5 6 7 8 9
Collusive practices managed appropriately. Staff with conflict should
between supplier not be involved in decision-making
and purchasing
officer
Purchase of goods
for private use
Officers with
delegation for
requisition/purchase
orders also signing
for goods delivery

Risks:
21
(Continued)
FRAUD RISK CATEGORY - PURCHASING
M e a s u re s
to table on page 3)
Orders fraudulently Use purchasing guidelines based on the Public Y N 1 2 3 4 5 6 7 8 9

changed Sector Management (Goods and Services)
Regulation 1995
Kickbacks or
spotting fees paid Segregation of duties between officers ordering Y N 1 2 3 4 5 6 7 8 9
to staff for goods and signing for delivery of goods
preferential
selection
Splitting orders to
avoid obtaining
quotes or to get
around delegation
limits

Risks:
22
O v e ra l l F ra u d R i s k A s s e s s m e n t R a t i n g
F ra u d R i s k C a t e g o r y Column 1 Column 2 Av e ra g e R i s k
N o. o f C o n t ro l Tra n s f e r ( a ) Divide Column 2
M e a s u re s f ro m e a c h entry by Column 1
ra t e d i n e a c h F ra u d R i s k entry for each
Category Category Category
Administration:
Assets
General Resources
Information
Motor Vehicles
Finance:
Accounts Payable
Petty Cash and Cash Receipts
Service Providers:
Human Resource
Management:
Payroll
Personnel
Information Systems:
Information Technology
Procurement:
Inventory
Professional Services
Purchasing
Total Column 1 Total: Column 2 Total:
Divide Column 2 O v e ra l l F ra u d R i s k E x p o s u re
Total by Column 1
Total
23
Evaluation
Your comments will assist in refining the assessment process.
Using the scale below, please indicate with a cross (x) how useful the fraud risk
assessment exercise has been in determining your fraud risk profile.
Ve r y H i g h High M o d e ra t e Low Ve r y L o w
Please comment on the relevance of the fraud risk categories and their groupings
into the functional areas. (Please insert response).
24
Evaluation
(Continued)
Is there a particular fraud risk category that you believe should be added to the
present list? (Please insert response).
How could the fraud risk assessment process be improved? (Please insert
response).
Please forward your Assessment, and any other comments, to the Manager, Business
Assurance, by internal mail or by faxing to (02) 9716 2111.
25
FRAUD RISK ASSESSMENT

Fraud Risk Guideto PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Fraud Risk Guideto PDF

Uploaded by

Copyright:

Available Formats

GUIDELINES

Phone: 9716 2222

This document is available on

3 Purchase of Services from Service Providers . . . . . . . . . . . . . . . . . . . . .11

4 Human Resource Management

Overall Fraud Risk Assessment Rating . . . . . . . . . . . . . . . . . . . . . . . . . . .23

Evaluation of Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

This is how we suggest you use the Guide to Risk Assessment:

Rating Significance Definition A c t i o n R e q u i re d

1 Very Low Provides no apparent opportunity for fraudulent activity None

5 Moderate Provides a moderate opportunity for fraudulent activity Strategy for

7 High Provides a high opportunity for fraudulent activity Immediate strategy

9 Very High Creates a very high exposure to fraud. Priority strategy

(Intermediate ratings eg 2, 4, 6 and 8 may be used for gradation).

FRAUD RISK CATEGORY - ASSETS

Theft or loss of New equipment valued>$5,000 (or > $500 if portable Y N 1 2 3 4 5 6 7 8 9

Additional Inherent Additional Control Measures: Y N 1 2 3 4 5 6 7 8 9

Sum of Risk Assessment Ratings (a)

FRAUD RISK CATEGORY - GENERAL RESOURCES

Theft of physical Code of Conduct promoted to all staff Y N 1 2 3 4 5 6 7 8 9

Additional Inherent Additional Control Measures: Y N 1 2 3 4 5 6 7 8 9

Sum of Risk Assessment Ratings (a)

FRAUD RISK CATEGORY - INFORMATION

Unauthorised Managers ensure staff are aware of "need to know" Y N 1 2 3 4 5 6 7 8 9

Additional Inherent Additional Control Measures: Y N 1 2 3 4 5 6 7 8 9

Sum of Risk Assessment Ratings (a)

FRAUD RISK CATEGORY - MOTOR VEHICLES

Unauthorised Supervisors to ensure staff understand policy on Y N 1 2 3 4 5 6 7 8 9

Additional Inherent Additional Control Measures: Y N 1 2 3 4 5 6 7 8 9

Sum of Risk Assessment Ratings (a)

False invoices Authorised accounting officer complies with Y N 1 2 3 4 5 6 7 8 9

Additional Inherent Additional Control Measures: Y N 1 2 3 4 5 6 7 8 9

Sum of Risk Assessment Ratings (a)

FRAUD RISK CATEGORY - PETTY CASH AND CASH RECEIPTS

Theft or The adequacy and validity of claims is checked Y N 1 2 3 4 5 6 7 8 9

Additional Inherent Additional Control Measures: Y N 1 2 3 4 5 6 7 8 9

Sum of Risk Assessment Ratings (a)

REGIONAL OFFICES AND RELEVANT HEAD OFFICE DIRECTORATES

An incidence of Formal process of background checking of Y N 1 2 3 4 5 6 7 8 9

Additional Inherent Additional Control Measures: Y N 1 2 3 4 5 6 7 8 9

Sum of Risk Assessment Ratings (a)

REGIONAL OFFICES AND RELEVANT HEAD OFFICE DIRECTORATES

Services are Regions (Regional Director or Director, Partnerships Y N 1 2 3 4 5 6 7 8 9

Additional Inherent Additional Control Measures: Y N 1 2 3 4 5 6 7 8 9

Sum of Risk Assessment Ratings (a)

REGIONAL OFFICES AND RELEVANT HEAD OFFICE DIRECTORATES

Collusive practices Auditor of the Financial Statements must be a Y N 1 2 3 4 5 6 7 8 9

Additional Inherent Additional Control Measures: Y N 1 2 3 4 5 6 7 8 9

Sum of Risk Assessment Ratings (a)

Unauthorised staff Appropriate delegations and procedures for Y N 1 2 3 4 5 6 7 8 9

Additional Inherent Additional Control Measures: Y N 1 2 3 4 5 6 7 8 9

Sum of Risk Assessment Ratings (a)

Fraudulent Regular management reviews of rosters Y N 1 2 3 4 5 6 7 8 9

Additional Inherent Additional Control Measures: Y N 1 2 3 4 5 6 7 8 9

Sum of Risk Assessment Ratings (a)

FRAUD RISK CATEGORY - PERSONNEL

Applications for Thorough reference checks carried out on recruits Y N 1 2 3 4 5 6 7 8 9

Appointments made Recruitment panels reminded of need to deal with Y N 1 2 3 4 5 6 7 8 9

Collusion between Rotation of staff where practical Y N 1 2 3 4 5 6 7 8 9

Additional Inherent Additional Control Measures: Y N 1 2 3 4 5 6 7 8 9

Sum of Risk Assessment Ratings (a)

FRAUD RISK CATEGORY - INFORMATION TECHNOLOGY