Ask the Expert

Fraud risk assessment methodologies

We are performing a security and fraud risk assessment. Are there any methodologies you recommend?

Requires Free Membership to View

First, it's important to understand that the audit committee's primary role is to address fraud risk levels, determine the level of risk posed by management if they override the organization's internal controls, and ultimately prevent this type of behavior.

The following are common types of management fraud:

  1. Premature revenue recognition or the creation of fictitious revenue.
  2. Overstating assets
  3. Misrepresenting expenses and liabilities

Below is a three-part checklist containing questions that relate to three specific factors that can increase management risk levels: incentives, opportunities and attitude. Understanding these factors can help auditors develop ways to prevent and respond to management override of internal controls. Keep in mind, a "yes" does not mean fraud has occurred, but it's a strong indication that it has or will occur. It also helps the audit committee understand how to handle the situation appropriately.

Questions to ask regarding incentives, to gauge the level of pressure management may be under that would lead them to override internal controls.

  1. Is the organization financially stable or is the profitability threatened by conditions in the industry, economy or operating practices of the organization?
  2. Do outside parties pressure management to meet requirements connected to reporting negative financial results? Do they pressure management to provide other information that is contrary to the scenarios the organization truly faces?
  3. Is their personal financial situation directly affected by the financial strength and performance of the organization? Is their personal financial situation/compensation significantly affected or contingent upon achieving certain target goals?
  4. Are they pressured to meet target goals including, profitability, budgets or publicized projections?
  5. Are earnings expected to be handled in a manner that places pressure on lower level personnel to meet the expectations of those above them?
  6. Do lower level personnel believe there will be consequences if they fail to exceed or reach target goals?

Opportunities that can be exploited by management

  1. Is there an inherent opportunity in the way the organization conducts its operations that could or would be contusive to fraudulent behavior or fraudulent financial reporting?
  2. Are unrealistic or greatly inconsistent statistics used in lieu of actual results to create and report financial projections for the organization?
  3. Have monitoring management practices and activities been ineffective? Is there a likelihood of internal control override? Does the complexity of the organization lead to a confusing and convoluted structure that creates instabilities?
  4. Does inadequate monitoring result in deficient internal controls?
  5. Have the apparent skill sets and capabilities of the accounting and finance units lead you to believe that they need major improvement?

Attitudes exhibited by management

  1. Is it apparent that management is not upholding ethical standards?
  2. Is non-financial management excessively involved with determining accounting principles and projections in a manner that would create significant estimates?
  3. Has there been a known history of disregard or violation of laws and regulations?
  4. Have they demonstrated an excessive interest in increasing the organization's stock price or earnings?
  5. Does the management have a trend of committing to the goals of creditors, analysts or other third parties to achieve their unrealistic goals or aggressive forecasts?
  6. Has management failed to correct reportable conditions in a timely basis, either in the past or during this current yearly audit?
  7. Does management use inappropriate means and methods to minimize reported earnings for tax-related reasons?
  8. Has management tried to justify marginal and inappropriate accounting?
  9. Have relations between auditors been strained as a result of frequent disputes, demands, restrictions or domineering management behavior?
  10. Have they failed to identify or monitor business risks in a timely and appropriate manner?
  11. Do they hesitate to address issues that result from potentially adjusted or affected financial statements?
  12. Is a less than professional and diligent attitude pervasive among management, independent auditors and internal auditors when discussing the organization's internal controls and anti-fraud elements?
  13. Given the audit committee's knowledge of how the organization and industry operate, are reports from management's financial discussions/analysis and results of operations in great disagreement or inconsistent with one another?
For more anti-fraud resources, visit:
  • http://www.aicpa.org/antifraud/homepage.htm
  • The following resources also provide steps for carrying out a fraud assessment:
    www.community.nsw.gov.au/ documents/fraud_risk_guideto.pdf etd.lib.fsu.edu/theses/available/etd-04062004-221318/ unrestricted/02CarpenterDissertation.pdf

    For a course on how to conduct a fraud risk assessment:
    http://www.misti.com/default.asp?Page=10&Type=3&pcID=5278&eID=2857&More=

    For a book with checklists on conducting a fraud risk assessment, visit:
    http://www.wiley.com/WileyCDA/WileyTitle/productCd-0471481688.html

    More Information

    • Visit our resource center for news, tips and expert advice on how to define and perform proper Risk Management procedures
    • Understand risk management processes, from defining an acceptable level of risk to conducting a risk analysis, with this guide.

    This was first published in April 2006