Fraud Risk Assesment Case Study
An external audit undertaken on the operational risk department of a major bank identified the absence in any formal system or procedures to prevent, detect and respond to all fraud types. Whilst there was an external fraud department it operated in a reactionary manner and the risks of potential fraud events around the group were not assessed and more importantly, no plans were in place to mitigate against potential fraud events.
This absence of assessment of controls exposed the bank to the risk of material losses. The maturity and experience of personnel in addressing such an action was a challenge to the bank and consultancy assistance was sought to address this audit finding.
What we did
A decision was made to introduce a fraud risk assessment method that would incorporate a formal process of accountability and responsibility going forward. The primary action from the outset was to obtain sponsorship, support and accountability from the CEO for the work to be undertaken in order that this was not seen as a ‘tick’ box exercise.
The techniques of initial analysis included:
- Workshops and interviews
- Process mapping
- Comparisons with other organisations
- Discussions with peers.
Incorporated as part of stage one, a number of iterative steps were taken which included:
- Establish a fraud risk management group within the business and set goals.
- Identify fraud risk areas.
- Understand and assess the scale of risk.
- Develop a risk response strategy.
- Implement the strategy and allocate responsibilities.
- Implement and monitor the suggested controls.
- Review and refine the process and do it again.
Introduction of a fraud risk management cycle is an interactive process of identifying fraud risks, assessing their impact, and prioritising actions to control and reduce these risks.
In addressing the audit finding, the fraud risk assessment approach undertaken with key business stakeholders developed a sound ethical culture and more importantly a documented responsibility for internal control of fraud related matters.