Office of Internal Audit
ACUA 2013 Annual Conference Conference
Fraud Risk Assessment Presented by: by: Lori Tesch Tesch – CPA, CPA, CFE, CFF, CGMA Director, Director, Forensic Audits
September 2013
1
Objectives •
Understand what a Forensic/Fraud Risk Assessment is and it’s key elements
•
Discuss the development and design of an effective assessment
•
Examine tools for executing the assessment
•
Report results
•
Incorporate results into the Audit Plan and sustain the program
September 2013
2
Definitions Fraud Risk • Organization’s vulnerability to overcoming the three elements of fraud • Internal and external sources
September 2013
3
1
Definitions Fraud Risk Assessment Process to identify where fraud may occur and who may be committing it
4
September 2013
Identifying Fraud
5
September 2013
Identify the Fraudster
September 2013
6
2
Definitions Fraud Risk Assessment Process to identify where fraud may occur and who may be committing it
4
September 2013
Identifying Fraud
5
September 2013
Identify the Fraudster
September 2013
6
2
Key Elements Identify inherent fraud risk Assess likelihood and significance Respond to reasonably likely and
significant inherent and residual fraud risks
September 2013
7
What makes a good Fraud Risk Assessment? Assessment? Understand where it falls within an Effective Anti-Fraud Program Fraud Prevention Policies
Code of Ethics
Communication & Training
Fraud Risk Assessment Fraud Response Plan
Controls Monitoring
September 2013
8
What makes a good Fraud Risk Assessment? Assessment? Necessary Elements The Right Sponsor
Collaboration
Working Knowledge of Business
Think the Unthinkable September 2013
Independence & Objectivity
Access to All People
Trust
Sustainability
9
3
Development and Design Package it right One size does NOT fit all Keep it simple
September 2013
10
Development and Design Prepare the Organization Team Technique Agreement Educate
11
September 2013
Team Accounting & Finance
Internal Audit
Nonfinancial/ Operations
Risk Management
External Consultants
General Counsel
Ethics or Compliance
September 2013
Business Leaders
12
4
Technique Survey Interview Facilitated Session
September 2013
13
Agreement and Education
Obtain sponsor’s agreement
Educate the employees
Promote the process
September 2013
14
Assessing Possible Risks Likelihood Significance People/department
September 2013
15
5
Online Resources Fraud Prevention Checkup - ACFE http://www.acfe.com/fraud-prevention-checkup.aspx
Managing the Business Risk of Fraud http://www.aicpa.org/InterestAreas/ForensicAndValuation/Resources/ FraudPreventionDetectionResponse/Pages/Managing%20the%20Bu siness%20Risk%20of%20Fraud.aspx
CGMA Fraud Risk Management http://www.cgma.org/Resources/Reports/Pages/fraud-riskmanagement.aspx
September 2013
16
Tools Survey Software Questionnaire Self-Assessment
September 2013
17
Report Results Report objective – not subjective - results KISS Focus on what really matters Identify clear and measurable actions
September 2013
18
6
Report Results
September 2013
19
Reporting
September 2013
20
Reporting
September 2013
21
7
Reporting
September 2013
22
Reporting
September 2013
23
Incorporate with Audit Process Combine results Focus on high priority risks Design test procedures
September 2013
24
8
Sustain the Program Begin a dialogue across the organization Continue to look for fraud in high risk areas Hold responsible parties accountable Monitor key controls
September 2013
25
Final Thoughts 1. There is no standard 2. Just like a fraud investigation, no two are alike 3. Ongoing, continuous process
September 2013
26
Final Thoughts
September 2013
27
9
Final Thoughts
September 2013
28
Final Thoughts
September 2013
29
Auditor Humor 5 – In God we trust, everybody else gets audited 4 – What do you call an Auditor without an opinion? I don’t know, I’ve never heard of one 3 – We’re not happy until you’re not happy 2 – If your mother tells you she loves you… check it out 1 – There were Thirteen Commandments… before the auditor questioned three of them
September 2013
30
10
September 2013
31
11
FRAUD RISK ASSESSMENT FORM
Identified Fraud risks and 1 Schemes
Likelihood
2
Signif icance
3
People and/or 4 Department
Existing Antifraud 5 Controls
Controls Effectiveness 6 Assessment
Residual 7 Risks
Fraud Risk 8 Response
FINANCIAL REPORTING:
MISAPPROPRIATION OF ASSETS:
CORRUPTION:
Page 1 of 2
1. Identified Fraud Risks and Schemes: This column should include a full list of the potential fraud risks and schemes that may face the organization. This list will be different for different organizations and should be formed by discussions with employees and management and brainstorming sessions. 2. Likelihood of Occurrence: To design an efficient fraud risk management program, it is important to assess the likelihood of the identified fraud risks so that the organization establishes proper anti-fraud controls for the risks that are deemed most likely. For purposes of the assessment, it should be adequate to evaluate the likelihood of risks as remote, reasonably possible, and probable. 3. Significance to the Organization: Quantitative and qualitative factors should be considered when assessing the significance of fraud risks to an organization. For example, certain fraud risks may only pose an immaterial direct financial risk to the organization, but could greatly impact its reputation, and therefore, would be deemed to be a more significant risk to the organization. For purposes of the assessment, it should be adequate to evaluate the significance of risks as immaterial, significant, and material. 4. People and/or Department Subject to the Risk: As fraud risks are identified and assessed, it is important to evaluate which people inside and outside the organization are subject to the risk. This knowledge will assist the organization in tailoring its fraud risk response, including establishing appropriate segregation of duties, proper review and approval chains of authority, and proactive fraud auditing procedures. 5. Existing Anti-fraud Internal Controls: Map pre-existing controls to the relevant fraud risks identified. Note that this occurs after fraud risks are identified and assessed for likelihood and significance. By progressing in this order, this framework intends for the organization to assess identified fraud risks on an inherent basis, without consideration of internal controls. 6. Assessment of Internal Controls Effectiveness: The organization should have a process in place to evaluate whether the identified controls are operating effectively and mitigating fraud risks as intended. Organizations should consider and review what monitoring procedures would be appropriate to implement to gain assurance that their internal control structure is operating as intended. 7. Residual Risks: After consideration of the internal control structure, it may be determined that certain fraud risks may not be mitigated adequately due to several factors, including (a) properly designed controls are not in place to address certain fraud risks or (b) controls identified are not operating effectively. These residual risks should be evaluated by the organization in the development of the fraud risk response. 8. Fraud Risk Response: Residual risks should be evaluated by the organization and fraud risk responses should to address such remaining risk. The fraud risk response could be implementing additional controls and/or designing proactive fraud auditing techniques.
1. Identified Fraud Risks and Schemes: This column should include a full list of the potential fraud risks and schemes that may face the organization. This list will be different for different organizations and should be formed by discussions with employees and management and brainstorming sessions. 2. Likelihood of Occurrence: To design an efficient fraud risk management program, it is important to assess the likelihood of the identified fraud risks so that the organization establishes proper anti-fraud controls for the risks that are deemed most likely. For purposes of the assessment, it should be adequate to evaluate the likelihood of risks as remote, reasonably possible, and probable. 3. Significance to the Organization: Quantitative and qualitative factors should be considered when assessing the significance of fraud risks to an organization. For example, certain fraud risks may only pose an immaterial direct financial risk to the organization, but could greatly impact its reputation, and therefore, would be deemed to be a more significant risk to the organization. For purposes of the assessment, it should be adequate to evaluate the significance of risks as immaterial, significant, and material. 4. People and/or Department Subject to the Risk: As fraud risks are identified and assessed, it is important to evaluate which people inside and outside the organization are subject to the risk. This knowledge will assist the organization in tailoring its fraud risk response, including establishing appropriate segregation of duties, proper review and approval chains of authority, and proactive fraud auditing procedures. 5. Existing Anti-fraud Internal Controls: Map pre-existing controls to the relevant fraud risks identified. Note that this occurs after fraud risks are identified and assessed for likelihood and significance. By progressing in this order, this framework intends for the organization to assess identified fraud risks on an inherent basis, without consideration of internal controls. 6. Assessment of Internal Controls Effectiveness: The organization should have a process in place to evaluate whether the identified controls are operating effectively and mitigating fraud risks as intended. Organizations should consider and review what monitoring procedures would be appropriate to implement to gain assurance that their internal control structure is operating as intended. 7. Residual Risks: After consideration of the internal control structure, it may be determined that certain fraud risks may not be mitigated adequately due to several factors, including (a) properly designed controls are not in place to address certain fraud risks or (b) controls identified are not operating effectively. These residual risks should be evaluated by the organization in the development of the fraud risk response. 8. Fraud Risk Response: Residual risks should be evaluated by the organization and fraud risk responses should to address such remaining risk. The fraud risk response could be implementing additional controls and/or designing proactive fraud auditing techniques.
Page 2 of 2
ACFE Fraud Risk Assessment Instructions The Fraud Risk Assessment consists of 15 modules, each containing a series of questions designed to help organizations zoom in on areas of risk. The fraud professional and the client or employer should begin the risk assessment process by working together to answer the questions in each module. It is important that the client or employer select people within the organization who have extensive knowledge of company operations, such as managers and internal auditors, to work with the fraud professional. Upon completion of all of the questions, the fraud professional should review the results of the assessment with the client or employer in order to:
Identify the potential inherent fraud risks.
Assess the likelihood and significance of occurrence of the identified fraud risks.
Evaluate which people and departments are most likely to commit fraud and identify the methods they are likely to use.
ACFE Fraud Risk Assessment Instructions The Fraud Risk Assessment consists of 15 modules, each containing a series of questions designed to help organizations zoom in on areas of risk. The fraud professional and the client or employer should begin the risk assessment process by working together to answer the questions in each module. It is important that the client or employer select people within the organization who have extensive knowledge of company operations, such as managers and internal auditors, to work with the fraud professional. Upon completion of all of the questions, the fraud professional should review the results of the assessment with the client or employer in order to:
Identify the potential inherent fraud risks.
Assess the likelihood and significance of occurrence of the identified fraud risks.
Evaluate which people and departments are most likely to commit fraud and identify the methods they are likely to use.
Identify and map existing preventive and detective controls to the relevant fraud risks.
Evaluate whether the identified controls are operating effectively and efficiently.
Identify and evaluate residual fraud risks resulting from ineffective or nonexistent controls.
Respond to residual fraud risks.
The Fraud Risk Assessment may reveal certain residual fraud risks that have not been adequately mitigated due to lack of, or non-compliance with, appropriate preventive and detective controls. The fraud professional should work with the client to develop mitigation strategies for any residual risks with an unacceptably high likelihood or significance of occurrence. Responses should be evaluated in terms of their costs versus benefits and in light of the organization's level of risk tolerance. Be aware, however, that this assessment only provides a snapshot of a particular point in time. The dynamic nature of organizations requires routine monitoring and updating of their financial risk assessment processes in order for them to remain effective. These questions are provided as a guide only. The user is free to modify the questions as appropriate to match the size and structure of the organization. Additional information on fraud risk assessment may be obtained from:
ACFE's Fraud Resources
Fraud Examiners Manual
Corporate Fraud Handbook, Third Edition, by Joseph T . Wells
The ACFE would like to thank Larry Cook, CFE, for his invaluable contribution to the Fraud Risk Assessment. The Fraud Risk Assessment was originally developed by Mr. Cook, and we thank him for allowing us to build upon his foundation and share his assessment process with our members.
Copyright Notice: The modules and the questions are the property of the Association of Certified Fraud
Examiners. The ACFE grants its members the right to use these modules and questions for their own use, or for the use of their clients or employers. Neither, these modules, nor any part thereof, may be sold in whole or in part unless as part of consulting or fraud examination services to a client or employer. Modules 1 - Employee Assessment 2 - Management/Key Employee Assessment 3 - Physical Controls 4 - Skimming Schemes 5 - Cash Larceny Scheme 6 - Check Tampering Schemes 7 - Cash Register Schemes 8 - Purchasing and Billing Schemes 9 - Payroll Schemes 10 - Expense Schemes 11 - Theft of Inventory and Equipment 12 - Theft of Proprietary Information 13 - Corruption 14 - Conflicts of Interest 15 - Fraudulent Financial Reports
2013 Survey Software Review Rank 10-9 8-6 5-4 3-2 1-0
Excellent Good Average Poor Bad
Ratings
Overall Rating
10
Survey Creation
9
Survey Analysis
8
Survey Administration
7
Ease of Use
6
Help & Support
5
#1
#2
#3
#4
#5
#6
#7
The Survey System
KeyPoint
SurveyGold
Survey Craft er Professional
StatPac
SurveyPro
9.50
9.33
9.13
8.88
8.65
8.38
7.45
$999
$777*
$100
$495
$495
$1,995
$780**
#8
#9
#10
Survey Said
Survey Tools for Windows
6.63
6.15
6.00
$149
$199
$695
SurveyMonkey iMagic Survey Designer
4 3 2 1 Product Cost
Pricing Survey Creation
Create Custom Questions Multiple Choice Single Response Multiple Choice Multiple Responses Question Matrix Comment Sample Surveys Skip Pattern/ Branching Require Answers Rating Restrict Access Curb Ballot Box Stuffing Ranking Save Incomplete Surveys Stock Questions Custom Design Respondents Can Update Answers Survey Analysis
Graphs Bar Pie Line Percentages Cross Tabulations Filters Print Results Mean Median Mode Maximum Value Minimum Value Standard Deviation Frequency Tables Banner Tabulations Correlation Matrices Survey Administration
Online Paper Interview Email
Import Results Import Survey Help & Support
Email User Manual or Guide Phone Tutorials FAQs Supported Configurations
Windows 8 Windows 7 Windows Vista Windows XP Mac OS
SurveyMonkey Plans and Pricing
Page 1 of 2
Sign In
Ho me
Ho w It Wo rk s
Ex am pl es
Su rv ey Ser vi ces
Help
Pl an s & Pr ic in g
BASIC
SELECT
GOLD
PLATINUM
Free
$17 per month*
$25 per month*
$65 per month*
* Billed $204 annually
* Billed $300 annually
* Billed $780 annually
See monthly plan
Sign Up »
Sign Up »
Sign Up »
Sign Up »
DESIGN FEATURES
DESIGN FEATURES
DESIGN FEATURES
DESIGN FEATURES
10 questions per survey 100 responses per survey
Unlimited questions Unlimited responses
Unlimited questions Unlimited responses
Unlimited questions Unlimited responses
No white-label surveys
No white-label surveys
No white-label surveys
NEW White
Easy-to-use web-based survey tool
Easy-to-use web-based survey tool
Easy-to-use web-based survey tool
Easy-to-use web-based survey tool
31 survey templates
51 survey templates
51 survey templates
51 survey templates
15 types of questions
15 types of questions
15 types of questions
15 types of questions
All lang uages sup por ted (Unicode)
All lang uages sup por ted (Unicode)
All lang uages sup por ted (Unicode)
All lang uages sup por ted (Unicode)
No page logic
Page logic
Page logic
Page logic
No question logic
Question logic
Question logic
Question logic
No random assignment
No random assignment
NEW Random
assignment
NEW Random
assignment
No question & answer piping
No question & answer piping
NEW Question
& answer piping
NEW Question
& answer piping
No question randomization
No question randomization
NEW Question
randomization
NEW Question
No theme customization
Customized themes
Customized themes
Customized themes
No survey branding
Brand your survey with a logo
Brand your survey with a logo
Brand your survey with a logo
Randomize & sort answer choices
Randomize & sort answer choices
Randomize & sort answer choices
Randomize & sort answer choices
15 pre-set visual themes
15 pre-set visual themes
15 pre-set visual themes
15 pre-set visual themes
Survey completion progress bar
Survey completion progress bar
Survey completion progress bar
Survey completion progress bar
Aut o-nu mber ing for pages & questions
Aut o-nu mber ing for pages & questions
Aut o-nu mber ing for pages & questions
Aut o-nu mber ing for pages & questions
Validate/require survey responses
Validate/require survey responses
Validate/require survey responses
Validate/require survey responses
Fully accessible & 508 compliant
Fully accessible & 508 compliant
Fully accessible & 508 compliant
Fully accessible & 508 compliant
No custom redirect upon survey completion
No custom redirect upon survey completion
Custom redirect upon survey completion
Custom redirect upon survey completion
No custom "thank-you" page
Custom "thank-you" page
Custom "thank-you" page
Custom "thank-you" page
No printable PDF version
Printable PDF version
Printable PDF version
Printable PDF version
COLLECTION FEATURES
COLLECTION FEATURES
COLLECTION FEATURES
COLLECTION FEATURES
Send out your survey via weblink, email, or Twitter
Send out your survey via weblink, email, or Twitter
Send out your survey via weblink, email, or Twitter
Send out your survey via weblink, email, or Twitter
label surveys
randomization
SurveyMonkey Plans and Pricing
Page 2 of 2
No Custom URL
Custom URL
Custom URL
Custom URL
Share your survey on Facebook
Share your survey on Facebook
Share your survey on Facebook
Share your survey on Facebook
Embed your survey into a page or on your website
Embed your survey into a page or on your website
Embed your survey into a page or on your website
Embed your survey into a page or on your website
Deploy your survey via a website pop -up
Deploy your survey via a website pop -up
Deploy your survey via a website pop -up
Deploy your survey via a website pop -up
Send your survey using our email manager
Send your survey using our email manager
Send your survey using our email manager
Send your survey using our email manager
No enhanced security (SSL)
Enhanced security (SSL)
Enhanced security (SSL)
Enhanced security (SSL)
ANALYSIS FEATURES
ANALYSIS FEATURES
ANALYSIS FEATURES
ANALYSIS FEATURES
Real-time results
Real-time results
Real-time results
Real-time results
No text analysis
No text analysis
NEW Text
NEW Text
No SPSS integration
No SPSS integration
NEW SPSS
No multiple custom reports
Multiple custom reports
Multiple custom reports
Multiple custom reports
No filtering & cross tabulating responses by custom criteria
Filter & cross tabulate responses by custom criteria
Filter & cross tabulate responses by custom criteria
Filter & cross tabulate responses by custom criteria
No downloading responses
Download responses
Download responses
Download responses
No creating & downloading custom charts
Create & download custom charts
Create & download custom ch arts
Create & download custom charts
Share responses
Share responses
Share responses
SUPPORT FEATURES
SUPPORT FEATURES
SUPPORT FEATURES
SUPPORT FEATURES
24x7 email support
24x7 email support
24x7 email support
24x7 email support
No expedited email responses
Customer support email responses in 2 hours or less
Customer support email responses in 2 hours or less
Customer support email responses in 2 hours or less
No phone support
No phone support
Expert phone support to answer any of your questions
BASIC
SELECT
GOLD
PLATINUM
Free
$17 per month*
$25 per month*
$65 per month*
* Billed $204 annually
* Billed $300 annually
* Billed $780 annually
analysis integration
analysis
NEW SPSS
integration
No sharing responses
No phone support
See monthly plan
Sign Up »
Sign Up »
Sign Up »
Sign Up »
Follow Us: Facebook Twitter LinkedIn Our Blog Google+ YouTube Help: FAQs & Tutorials Contact Support Abo ut U s: Management Team Board of Directors Partners Newsroom Contact Us Jobs Sitemap Policies: Terms of Use Privacy Policy Anti-Spam Policy Security Statement Email Opt-Out
Dansk Deutsch English Español Français 한국어 Italiano Nederlands 日本語 Norsk Português Русский Suomi Svenska 中文(繁體)
Copyright © 1999-2012 SurveyMonkey
Sample Fraud Risk Assessment INTRODUCTION In an effort to better assess the organization's fraud risks, we have developed this Fraud Risk Assessment. The survey should take no more than 20 minutes to complete. Please note that the survey must be fully completed once started. You cannot exit and restart the survey. Please complete all sections no later than Friday, August 3, 2013. Should you have any questions, please contact XXXXXXXXX. Thank you in advance for your cooperation. Name and title of support person
Page 1
Sample Fraud Risk Assessment ETHICS *1.
How w ould you rate the overall ethical behavior of the departm ent in the following
areas: Excellent
Above Average
Average
Below Average
Poor
j k l m n
n j k l m
n j k l m
n j k l m
n j k l m
Disclosing wrong-doing
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Proper review and approval
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Complying with policies
j k l m n
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Commitment to accurate financial reporting
and procedures Doing what is right Addi tio nal Com men ts:
*2. Are
m easures taken to reduce the risk of fraud in your area concerning: Strongly Agree
Agree
Disagree
Strongly Disagree
Reviews
n j k l m
n j k l m
n j k l m
n j k l m
Reconciliations
n j k l m
n j k l m
n j k l m
n j k l m
Segregation of duties
n j k l m
n j k l m
n j k l m
n j k l m
Safeguarding physical
j k l m n
n j k l m
n j k l m
n j k l m
assets and sensitive data Addi tio nal Com men ts:
*3.
Are there instances in your area w here employees have close friends or imm ediate
relatives reporting to them or they are w orking in the same S/C/D? j Yes k l m n
j No k l m n
j N/A k l m n
If yes, has management been made aware of the situation?
Page 2
Sample Fraud Risk Assessment FRAUD AWARENESS *4.
Are employees aware of how to report occurrences of suspected fraud or susp icious
activity? j Yes k l m n j No k l m n j Unsure k l m n Add iti onal Com men ts:
*5.
Please identify the top five frauds that could occur in your area.
1. 2. 3. 4. 5.
*6.
Of the following types of fraud, which ones could occur in your a rea (check all that
apply). c Conflict of interest d e f g
c Inappropriate or unapproved travel d e f g
c Financial statement manipulation d e f g
c Unauthorized use or abuse of signature authority d e f g
c Theft of assets d e f g
c Unauthorized use of University assets d e f g
c Falsification or alteration of documents d e f g
c Manipulation of information on University systems d e f g
c Time theft d e f g
c Other d e f g
c Inappropriate P -card transactions d e f g
*7.
Can you identify potential “red flags ” which a re indicators of possible fraud or
fraudulent behavior? j Yes k l m n
j No k l m n
If yes, please list some examples below:
5 6
Page 3
Sample Fraud Risk Assessment SEGREGATION OF DUTIES *8.
Do you cu rrently have e mployees in po sitions that, as the result of budget cu ts and/or
other cutbacks, may h ave an issue w ith segregation of duties? j Yes k l m n j No k l m n Add iti onal Com men ts:
*9.
How effective are curren t processes with ensuring segreg ation of duties in the
following areas: Excellent
Above Average
Average
Below Average
Poor
N/A
Credit Card Processing
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Cash Activities
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Bank Deposits
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Accou nt Reco ncil iat ions
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Bank Reconciliations
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Posting of Cash Receipts
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Cash Disbursements
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Petty Cash Accounts
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Frequency of Process
j k l m n
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Review Addi tio nal Com men ts:
Page 4
Sample Fraud Risk Assessment PROCESS REVIEW *10.
How effective is the process for reviewing and/or approving key doc ume nts for
discrepancies, unusual activity or m isuse in the areas of: Excellent
Above Average
Average
Below Average
Poor
Financial transactions
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Operational activities
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Acad emic acti viti es
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Grant funds compliance
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Please list any issues with specific areas/transactions below:
5 6
*11.
How effective is man agem ent with providing feedbac k related to: Excellent
Above Average
Average
Below Average
Poor
Employee performance
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Departmental performance
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
General feedback
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Addi tio nal Com men ts:
*12.
A background c heck was don e on all new em ployees within the past three years.
j Yes k l m n
j No k l m n
j N/A k l m n
Add iti onal Com men ts:
*13.
How im portant is it to monitor employee leave time to prevent time theft or ensure
employees a re reporting time accurately as it relates to: Critical
Very Important
Important
Not Important
Sick Leave
n j k l m
n j k l m
n j k l m
n j k l m
Special Needs Time
n j k l m
n j k l m
n j k l m
n j k l m
Vacation
n j k l m
n j k l m
n j k l m
n j k l m
Holidays
n j k l m
n j k l m
n j k l m
n j k l m
Personal Business/Any
j k l m n
n j k l m
n j k l m
n j k l m
Purpose Addi tio nal Com men ts:
Page 5
2014 Fraud Risk Assessment FRAUD AWARENESS *1.
Are you aw are of any weak nesses in internal controls that would provide an
opportunity for someone to steal or comm it fraud? j Yes k l m n
j No k l m n
j Unsure k l m n
If yes, please list some examples below:
5 6
*2.
If someone in your de partment/area decided to steal or com mit fraud, how could they
do it and get away w ith it? 5 6
*3. Are
you aw are of any behaviors that may expose your depa rtment/area or the
University to regulatory violations, fines or penalties? c Yes d e f g c No d e f g c Unsure d e f g If yes, please list any concerns you may have:
*4.
Do you have any kn owledge o f fraud in your departme nt/area or the University?
j Yes k l m n
j No k l m n
If yes, please explain.
Page 2
2014 Fraud Risk Assessment ETHICS *5.
Are you aware of any em ployee that exhibits behavior that is unethical or
inappropriate for the workplace? c Yes d e f g c No d e f g c Unsure d e f g If yes or unsure, please describe the behavior(s) and why you are concerned.
*6.
Are you aw are of any conficts of interest or nepotism in yo ur department/area or the
University? c Yes d e f g c No d e f g If yes, please explain.
*7.
Are you aware of anyone w ho does any of the following during work time (chec k all
that apply): c Runs a personal business d e f g c Spends a great deal of time surfing the internet d e f g c Receives gifts from outside businesses or individuals d e f g c Disappears for large blocks of time d e f g Add iti ona l comm ent s:
Page 3
2014 Fraud Risk Assessment *8.
Do you know of anyone w ho exhibits any of the following b ehaviors (check all that
apply): c Easily annoyed at reasonable questions d e f g c Viewing, transmitting or downloading inappropriate data d e f g c Never, or rarely, takes vacation d e f g c Sexual harrassment, sexual jokes and innuendo d e f g c Excessive gambling d e f g c Affa irs, insi de or outsi de the offi ce d e f g c Bullying d e f g c Provides unreasonable responses to questions d e f g c Intimidation d e f g c Appe ars to be liv ing beyo nd thei r mean s d e f g c Retaliation d e f g c Overprotective of data or information d e f g c Vulgarity, profanity, and abusive language directed at people d e f g c General harassment d e f g Add iti onal Com men ts:
Page 4
2014 Fraud Risk Assessment REPORTING *9.
If you had know ledge that an unethical/fraudulent activity was occurring within your
departmen t/area or the University, what would you do? 5 6
*10.
What are ways that an individual can report fraud or abuse to the University? (check
all that apply). c Supervisor or other upper level management d e f g
c Labor Relations d e f g
c Hotline d e f g
c Anonym ous tips form d e f g
c Office of Internal Audit d e f g
c Office of Equal Opportunity d e f g
c Human Resources d e f g
c Public Safety d e f g
*11.
The reporting of fraud or abuse to the U niversity can truly be com pletely
anonymous. Do you agree or disagree with this statement? j Agre e k l m n j Disagree k l m n If you disagree, why?
Page 5
2014 Fraud Risk Assessment PROCESS REVIEW *12.
How effective is the process for reviewing and/or approving key docu ments for
discrepancies, unusual activity or misuse in the areas of: Excellent
Average
Poor
N/A
Unsure
Financial transactions
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Operational activities
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Acad emic acti viti es
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Grant fund compliance
n j k l m
n j k l m
n j k l m
n j k l m
n j k l m
Please list any issues with specific areas/transactions below:
*13.
Do you have know ledge of anyone a busing their position to circumvent or bypass
departme ntal processes or procedures? j Yes k l m n j No k l m n j Unsure k l m n If yes or unsure, please explain.
Page 6