Protecting Your Firm: Conducting a Fraud Risk Assessment During a Pandemic.

• Author: Morang, Steve C.
• Position: Practice management

Organizations have relied upon various approaches to perform and document their fraud risk assessment review each year since the introduction of the Fraud Risk Assessment (FRA) in the COSO 2013 Integrated Framework. New risks and challenges placed on organizations by the COVID-19 pandemic have made this process increasingly important, yet more difficult. Let's discuss some of the challenges, obstacles and solutions to perform a high-value FRA for your organization during these challenging times.

Conducting the FRA

Although there are many frameworks available for conducting an FRA, the most common is provided by the Association of Certified Fraud Examiners (ACFE, acfe.com), which provides templates and checklists for various fraud schemes. This allows the practitioner to have a pre-populatcd universe of fraud risks as a starting point.

One key drawback to frameworks is that fields such as fraud are dynamic, meaning that the modus operandi of fraudsters changes quicker than templates are updated. In addition, most templates only cover a specific sector or industry disallowing for a universal FRA framework. Therefore, these frameworks should only be leveraged as a base, but need substantial enhancement during the actual project.

Our methodology consists of breaking your FRA project into three steps:

1. Create an ethical baseline survey to get an overview of the organizations' ethical temperature;

2. Conduct multiple interviews with key stakeholders and members of the general population to confirm findings from the ethical baseline survey, and to confirm your understanding of the various fraud risks facing the organization; and

3. Hold targeted working sessions with multiple focus groups to discuss potential threats and fraud risks to the organization.

Upon completion of these three steps, you will be able to provide management with a snapshot of the ethical environment of the organization, any direct fraud risks and have a starting point to use for comparison in future periods. Here's a closer look at each of the major steps.

The Ethical Baseline

Even with a proper approach by an organization, assurance of management's vision, ideology and transparency may falter. Recent examples involving Wells Fargo, Uber and Theranos show us such examples, which had dire consequences on many of those involved.

Therefore, it's imperative to use a method that will allow us to survey members of the organization about the ethical climate in a simple, safe and...