FRAUD RISK ASSESSMENT FOR INTERNAL AUDITORS.

The purpose of this blog post

This blog post is meant to provide tips to the young and less experienced internal auditors and others to consider in order to incorporate fraud risk assessment in their internal audit engagement delivery lifecycle and leverage the outcomes to drive successful and value-add audit planning, execution, reporting and post audit improvement follow-ups. The topics covered by the blog post are the following:

• Key definitions
• COSO Frameworks and Fraud Risks.
• How the global community has responded to the fraud risk exposures and devastating impacts.
• How Nigeria has adopted the international and regional conventions against fraud and abuse.
• The implications of the legal and regulatory requirement on fraud risks to the internal auditors.
• Understanding the internal audit lifecycle is a critical success factor.
• The fraud risk assessment activities for consideration by the internal auditors.
• Samples of fraud risk indicators to look for during fraud risk assessment.

Approximate reading time – 10 minutes. Enoy your reading.

Note: I recognize that blogs should be brief and quick in passing the message to the readers, especially when the target audience iis focused on the experienced internal auditors. My thoughts for writing longer is to provide reasonable total picture overview, guidance and mentorship to the young and less experienced internal auditors and those aspiring to be in the space, and who will need more detailed insight to grasp the concepts, principles and the applications of the lessons learnt in real life. The different sections have been provided for the experienced internal auditors to do selective and quick reading on the specific areas of interest.

Key definitions:

• Fraud and abuse mean different things, Fraud is any intentional act committed using force or trickery to unlawfully deprive the target victim of a legal right while Abuse is mistreatment of a person or improper use of an asset.
• Fraud Risk is the risk of incurring unexpected loss as a result of fraudulent action(s). According to global surveys, fraud risk causes every government and non-government institution around the globe to lose between 5% to 10% of its annual revenue every year.
• Fraud risk management includes the 7s (structure, strategy, skills, system and style of communication) adopted by an organisation to ensure that fraud risks are proactively identified, quantified, prioritized and appropriate responses provided to reduce the likelihood of occurrence and potential impacts.
• Fraud risk assessment is a fundamental activity in the fraud risk management lifecycle and involves the processes for identifying known and emerging frauds and abuses in an entity, quantifying the sizes and ranking in order of priorities. The results of the fraud risk assessment help the assessors and users of the information to gain comprehensive and aggregated views about the fraud risk exposures and general attitudes and practices towards fraud risks.
• Fraud risk indicators are red flags or warning signs that fraud may be occurring in an organisation. Global surveys revealed that most assurance providers are not effective at detecting frauds and abuse, and one of the major root causes is knowledge and skills gaps.
• Anti-Fraud Control programs are controls that help to proactively prevent, detect frauds and abuses in an organisation, and address the root causes timely.
• Occupational fraud and abuse are the fraud and abuse that occur within the organisations that are exploited by the employees and others. Those that occur outside the organisations are known as non-occupational fraud and abuse. 
• Fraud perpetrators are the fraudsters, and are widely believed to be selfish, greedy and deceitful, and can be from any class, profession, gender, adult age, nationality and faith,
• Fraud victims are the organisations that fraud and abuse have been committed against. The victim organisations can be government and non-government institutions. Global surveys revealed that most victim organisations do not expose fraud perpetrators for discipline and conviction for fear of reputational damage. This is a big challenge to the effective human resource management as this makes it difficult to complete reliable background checks on the individuals from previous employments.
• Fraud Tree describes the summary of the broad classifications of occupational frauds, abuses and schemes using pictorial diagrams. The Association of Fraud Examiners (ACFE) introduced the concept of fraud tree,
• Fraud Categories describe the broad grouping of frauds and abuses. Broadly, fraud and abuse are categorized into four groups, namely: Misappropriation of Assets, Bribery and Corruption, Financial Statement Reporting, and Non-Financial Transactional fraud and abuse.
• Asset misappropriation fraud occurs when a company’s assets are stolen or diverted for personal use. Asset misappropriation category has the highest frequency of occurrence but with the least impact
• Financial statement fraud is the intentional understatement or overstatement of the accounting records and financial statement report for the purpose of misleading the users. Unintentional errors and mistakes can also cause accounting and financial statement problems, but rarely happen. The Financial Statement Reporting Fraud has the least in frequency of occurrence but with the highest impact on the victim organisation.
• Non-Financial transactional fraud include disobedience to the rule of law, contractual agreements and internal policies such as visiting inappropriate websites, harassment, bullying, discrimination, intimidation, physical violence, excessive absentee, lateness, internet browsing and social media engagements.
• Fraud Scheme is the specific type of fraud that can be committed in an organisation and falls within any of the four broad categories. ACFE identified about forty-forty types of fraud schemes. Examples include Improper revenue recognition, transactions round tripping. document altering, forgery, asset theft such as cash, intellectual property and inventory.
• Bribery and corruption is embezzlement, undue Influence peddling, soliciting and offering any item of value to influence an action. Bribery and Corruption occurs in every organisation, but is more prevalent in government establishments and as a result is used to benchmark the integrity status of the government of the countries.
• Fraud Triangle and Diamond describe the reasons why people commit fraud and abuse, and comprise opportunities, pressure, rationalization and capabilities. The combination of these elements determines the size of fraud and abuse an individual or a group of individuals can commit.
• Fraud opportunities are system and process related internal control weaknesses exploited by fraudsters.
• Fraud pressure arise from economic hardship, excessive financial demand from others, peer pressures, addictions and negative lifestyle,
• Fraud rationalization is self-entitlement mentality often caused by a perceived unfair treatment of an individual or group of individuals.
• Fraud capabilities are personality traits, exposures, authority and experience levels of an individual or group of individuals that empowers the individual to committee fraud without fear.