fra-beginner's guide

Download FRA-Beginner's Guide

Post on 18-Aug-2015

165 views

Category:

Documents

1 download

Embed Size (px)

TRANSCRIPT

  1. 1. Fraud Risk Assessment A beginners guide 1 Presented by Charanjeet Singh- MBA, CFE,CISM please contact at batiaic@yahoo.com
  2. 2. Contents Objective What is Fraud Risk Assessment-FRA What are the advantages & disadvantages How to conduct FRA Presented by Charanjeet Singh- MBA, CFE,CISM please contact at batiaic@yahoo.com
  3. 3. Objective This presentation would allow readers to understand: Basics of Fraud Risk Assessment Its importance in the overall Fraud Risk Management plan Some of the challenges surrounding FRA. This is meant for beginners in the Anti Fraud profession, would publish other content for intermediate and advance level in due course. Presented by Charanjeet Singh- MBA, CFE,CISM please contact at batiaic@yahoo.com
  4. 4. What is FRA It is a tool which can help the organisation in understanding the fraud risks associated with its business processes. Specific fraud scenarios are identified and existing controls, if any, are mapped to these scenarios to determine residual risks. Depending upon the maturity level of Fraud Risk function in the organisation, probability of occurrence of the fraud scenario, impact assessment of the scenarios is also done. Additionally, residual risk is rated, and recommendation on accepting/mitigating it are made along with new control recommendations. FRA is not like RCSA wherein Unit itself does the control testing, FRA is done by a person having good knowledge about the fraud scenarios with inputs from process owners. Fraud scenarios are defined by following the detailed methodology which includes SOP/policy reading, process walk throughs, sample testing, mystery shopping (for advanced level), brain storming sessions with process owner/implementors etc. Presented by Charanjeet Singh- MBA, CFE,CISM please contact at batiaic@yahoo.com
  5. 5. Advantages V/s disadvantages Advantages include: Proactive identification of Fraud risks Rapport building with concerned teams unlike investigation Demonstration of value add by identification of fraud scenarios and residual risks Supports overall fraud prevention plan under the fraud risk management strategy. Disadvantages include: Leakage of Fraud Scenarios can expose the organisation. Despite of identification of scenarios, if remedial action is not taken, it may be questioned by relevant authorities. Any scenarios which dont get identified during FRA, and are exploited later on to commit fraud could raise question marks about the sanity of FRA exercise. Presented by Charanjeet Singh- MBA, CFE,CISM please contact at batiaic@yahoo.com
  6. 6. How to conduct FRA There are two approaches to conducting FRA, which ever is followed, expectation should be clarified to the management team. Process would involve Planning, fieldwork, action planning, reporting and action tracking. It is more of a consultative approach by involving the stakeholders for identifying the fraud risk, existing controls, residual risk and mitigating measures. Organisation level FRA -To conduct it at the macro level for the organisation covering aspects like : Presence of fraud risk policy, Prevention/detection controls (staff/vendor background check policies, whistle blower policy, etc), Separation of duties, mandatory leave policy, job rotation policy Process/function level FRA- To conduct it at the process level, ideally covering full length of the process irrespective of the departments involved: Identify the high risk processes/functions Conduct the process walk through by reviewing the policy/process documentation, sample testing, brain storming session with process contributors. Presented by Charanjeet Singh- MBA, CFE,CISM please contact at batiaic@yahoo.com
  7. 7. Thank you 7 Presentation contains my personal views, expressed for sharing with fellow anti fraud professionals and my employer is not responsible for any of these. Presented by Charanjeet Singh- MBA, CFE,CISM please contact at batiaic@yahoo.com This is meant for beginners in the Anti Fraud profession, would publish other content for intermediate and advance level in due course.