What's your fraud IQ? This month: Preparing for a fraud risk assessment.

Author:McNeal, Andi

Both internal and external audit standards require respective auditors to evaluate an organizations fraud risk as part of their professional engagements. In addition, management of all organizations should be proactively undertaking fraud risk assessments to gain a full understanding of the threats facing the organization, and design a program to respond to those specific risks. How well versed are you in best practices for conducting an effective fraud risk assessment? Do you know how best to help organizations evaluate their fraud risks? Take this Fraud IQ quiz and find out.


  1. Which of the following is TRUE regarding planning and preparing for the fraud risk assessment?

    1. The fact that a fraud risk assessment is being conducted should be kept strictly confidential.

    2. The fraud risk assessment team should consider past instances of fraud at the organization.

    3. Discussions about fraud risks in certain areas should be limited to individuals in management or supervisory positions.

    4. The fraud risk assessment team should focus only on inherent risks and ignore how the existing controls might affect fraud risks.

  2. XYZ Company has been in a period of rapid expansion and has undergone several changes since the previous fraud risk assessment was conducted. The auditors at XYZ are conducting an updated fraud risk assessment. Which of the following factors should the auditors focus on as potentially having a substantial effect on the company's fraud risks?

    1. The acquisition of two smaller competitors.

    2. The recent software conversion for XYZ's customer management program.

    3. The new incentive program for the sales team to drive the company's expansion.

    4. All of the above.

  3. During a fraud risk assessment, the auditors want to find out information about fraud risks pertaining to the company's travel and entertainment expenses. This area affects employees across numerous departments and business lines, and they would like to obtain information from a large sample of these individuals at all levels of the organization. However, they have some concerns about employees' willingness to discuss these risks openly, as there is some indication of widespread abuse in this area and the company culture tends to foster secrecy among employees. Which of the following approaches would be most helpful in gathering accurate information in this situation?

    1. A focus group.

    2. Employee interviews.

    3. An anonymous survey.

    4. Process walk-throughs.

  4. Jeremiah, a CPA, is conducting a fraud risk assessment for Blue Inc. He assesses two risks as likely resulting in a similar total dollar loss before the organization would detect their occurrence. However, one of the schemes would result in the maximum loss in just one or two occurrences, as each event would likely cause a large amount of monetary damage. The other risk would likely have a much smaller dollar loss per incident, but it would also likely require many violations over a period of time before detection. In this analysis, Jeremiah is considering which of the...

To continue reading