RISK ASSESSMENT CHECKLIST



Similar documents
Corporate Compliance and Ethics Program Effective as adopted on February 21, 2012

Antifraud program and controls assessment grid*

ACFE FRAUD PREVENTION CHECK-UP

Types of Fraud and Recent Cases. Developing an Effective Anti-fraud Program from the Top Down

7/22/2014. From Treadway To the Cube ( ) So, Who is COSO? What Does COSO Do?

KEYS TO AN EFFECTIVE DIRECTOR CORPORATE COMPLIANCE AND INTERNAL AUDIT MULTICARE HEALTH SYSTEM TACOMA, WA

WHISTLE BLOWING POLICY

Fraud Risk Management Program Review

ANTI-FRAUD POLICY Adopted August 13, 2015

Fraud Prevention and Deterrence

AstraZeneca US Compliance Program

Fraud Risk Assessment FINAL REPORT

Fraud Control Theory

POLICY SUBJECT: EFFECTIVE DATE: 5/31/2013. To be reviewed at least annually by the Ethics & Compliance Committee COMPLIANCE PLAN OVERVIEW

COMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS

MSO/IPA Compliance Program

Mental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan

UNIVERSITY COMPLIANCE PLAN

Fraud and Role of Information Technology. September 2008

Policy : Fraud and Abuse Whistle Blower Protection Act Program... 1

POLICY INVESTIGATIONS OF LEGAL AND ETHICAL MISCONDUCT

Glossary 2. About this chapter About fraud and corruption prevention and control 4

Combating Fraud, Waste, and Abuse

Title: False Claims Act & Whistleblower Protection Information and Education

Fraud Policy FEBRUARY 2014

PHI Air Medical, L.L.C. Compliance Plan

Sempra Energy Corporate Compliance and Ethics Plan This page is managed by the Director of Business Conduct (Last revised on )

Fraud Prevention Policy

SUBJECT: BUSINESS ETHICS AND REGULATORY COMPLIANCE PROGRAM & PLAN (BERCPP)

Compliance Requirements for Healthcare Carriers

FRAUD PREVENTION STRATEGIES FOR HEALTH CARE A FORENSIC ACCOUNTANT S PERSPECTIVE

Fraud-Related Compliance

White Paper: The Seven Elements of an Effective Compliance and Ethics Program

BAPTIST HEALTH CORPORATE COMPLIANCE PLAN

Sample Healthcare Compliance Program

Standards of. Conduct. Important Phone Number for Reporting Violations

Compliance and Ethics Program Structure

Henkel s Compliance Management System (CMS)

TONE AT THE TOP: HOW MANAGEMENT CAN PREVENT FRAUD IN THE WORKPLACE

Fraud Prevention and Deterrence

Fraud Risk Management Procedures

US Sentencing Commission Compliance Recommendations Page 1 of 5

All questions relating to this Escalation Policy should be directed to Acacia s General Counsel.

Establishing An Effective Corporate Compliance Program Joan Feldman, Esq. Vincenzo Carannante, Esq. William Roberts, Esq.

Evergreen Solar, Inc. Code of Business Conduct and Ethics

The Advanced Certificate in Performance Audit for International and Public Affairs Management. Workshop Overview

Whistle Blower Policy National Engineering Industries Limited.

1-2 Corporate Compliance Practice Guide Corporate Compliance Practice Guide

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

CROCS, INC. Business Code of Conduct and Ethics Amended and Restated on February 18, 2008

Module 6 Documenting Processes and Controls

SMIC Business Ethics Statement

Medicare (Pioneer) Accountable Care Organization. Annual Compliance Training

Code of Conduct of adidas AG Herzogenaurach

VCU HEALTH SYSTEM Compliance Program. Updated August 2015

INSTITUTIONAL COMPLIANCE PLAN

Compliance and Ethics Program

Fraud Risk Management

Secondary Department(s): Corporate Investigations Date Policy Last Reviewed: September 28, Approval/Signature:

B. Prevent, detect, and respond to unacceptable legal risk and its financial implications. C. Route non-compliance issues to appropriate areas.

CODE OF ETHICS AND BUSINESS CONDUCT

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3

Medicare Advantage and Part D Fraud, Waste, and Abuse Training. October 2010

Internal Controls and Risk Management Report

Whistle-blowing. Policy and Procedure

COUNTY OF ORANGE DEPARTMENT OF HEALTH. Corporate Compliance Plan

U.S. SQUASH Whistleblower Policy

Delos M. Cosgrove, M.D. Chief Executive Officer and President, Cleveland Clinic

Corporate Resiliency Managing g the Growing Risk of Fraud and Corruption

PRINCIPLES FOR MANAGING ETHICS IN THE PUBLIC SERVICE

Compliance, Code of Conduct & Ethics Program Cantex Continuing Care Network. Contents

COMPLIANCE PROGRAM FOR XL GROUP PLC

HCA ETHICS AND COMPLIANCE PROGRAM

Puerto Rican Family Institute, Inc.

FRAUD RISK ASSESSMENT

May Duke Energy EHSMS Manual. Environmental, Health and Safety Management System Manual

MEDICAID COMPLIANCE POLICY

Detecting, Preventing, and Reporting FRAUD

Performing Fraud Risk Assessments

Transcription:

RISK ASSESSMENT CHECKLIST Provided By The Office of the Georgia State Inspector General Produced In Cooperation With The Governor s Office of Texas

Fraud Risk Assessment Checklist Performing an agency fraud risk assessment is a critical component of an agency s antifraud program. When agency management adds fraud to the list of potential risks it faces and assesses that risk, it will be more likely to identify potential fraud schemes and scenarios and better able to design effective controls to prevent and detect them. The fraud risk assessment should be performed in two steps: 1) Perform an agency-wide environmental infrastructure assessment or check-up. This section covers the Key Components of a Fraud Prevention and Detection Program document and addresses the tone at the top and the ethical culture at an agency. 2) Perform a detailed assessment by division, process, or core function. This section should include, at minimum, the following administrative functions and services: Finance and Accounting Purchasing and Contracting License and or Permit Issuing Financial Grant Management Information Technology Human Resources Management Any Cash/Revenue Producing Function Management should ensure that specific risks for fraud are included in the risk assessment process. The risk assessment process will result in the identification of agency activities, the risks associated with each activity, and the controls that are in place or should be in place to mitigate the risks. COMPONENT Y/N COMMENTS/COMPENSATING CONTROLS IF ANSWER IS NO I. Culture of Honesty and Ethics Setting the Tone at the Top: 1. Is there a written Code of Conduct? a) Is the Code of Conduct disseminated to all employees at time of hire? b) Is there at least annual refresher training on the code of conduct for every employee? c) Is there a method of determining that employees understand the contents of 2

COMPONENT Y/N COMMENTS/COMPENSATING CONTROLS IF ANSWER IS NO the code of conduct? d) Do employees have a communication avenue for asking questions when ethical situations arise? 2. Is there a Confidential Reporting Mechanism for employees to use to report suspected or possible fraud without fear of reprisal? a) Is the Confidential Reporting Mechanism contact widely advertised so that all employees are aware of it? b) Is there a protocol for handling all Confidential Reporting Mechanism activity? c) Is activity of the Confidential Reporting Mechanism reported to executive management and the board? Creating a Positive Workplace Environment: 1. Is there an employee recognition and reward system or compensation program? 2. Is there a whistle blower policy, a system for employees to obtain advice internally before making decisions that have significant legal or ethical implications, and/or a process to encourage employees to communicate or report, on a confidential or anonymous basis, without fear of retribution, concerns related to wrongdoing or violations? Hiring and Promoting Appropriate 3

COMPONENT Y/N COMMENTS/COMPENSATING CONTROLS IF ANSWER IS NO Employees: 1. Are background checks, both criminal and work, performed on employees, especially those in positions of trust? Training: 1. Is there a mechanism for tracking employee training and understanding of the code of conduct? Notification and Confirmation: 1. Are employees held accountable for proactively addressing the potential of fraud in the discharge of their assigned duties? a) Are awareness of fraud and the management of fraud risks included in every managers (perhaps employees) personnel evaluation? Discipline: 1. Are there consequences for employees who commit fraud and are those consequences consistent and fair? a) Are consequences pre-determined, that is defined in a fraud policy? b) Is there a formal procedure for documenting the consequences of each proven fraud? II. Antifraud Processes and Controls Identifying and Measuring Fraud Risks: 4

Mitigating Fraud Risks: Implementing and Monitoring Appropriate Internal Controls: 1. Is risk assessment performed by each division, location, or segment separately? a) Are possible misconduct schemes, fraud scenarios, fraud categories, and applicable business activity or process identified? Examples: If you were the Controller for the agency, how could you embezzle funds, manipulate the financial records, and not get caught? What various ways an insider or outsider can manipulate this process to commit fraud against the agency? b) Were consequences posed by each scheme and were management s tolerance for risks considered? Reputation damage Financial damage - Monetary loss Legal damage Criminal or civil sanctions c) Were they documented? 2. Were red flags of fraud considered in the evaluation? Personal characteristics or situational pressures that can lead to fraud Agency opportunities that can lead to fraud Opportunities that allow or encourage management fraud 5

3. Was the likelihood that each particular fraud will occur evaluated? Remote Reasonably possible Probable 4. Were direct or indirect controls applicable to above documented scenarios identified? Basic controls include: Segregation of duties relating to authorization, custody of assets, and recording and reporting of transactions Supervisory reviews, verifications, reconciliation Automated edit checks and system controls Physical and logical security of assets Embedded audit checks Fraud detection software III. Appropriate Oversight Process Commission or Board of Directors: 1. Is there a communication mechanism by which executive management and the board is made aware of antifraud programs, controls, and results? a) Are they advised of the potential fraud risks in the agency? b) Are they made aware of the elements of the agency s antifraud programs and 6

controls? c) Are they advised of all actual frauds and the actions taken to mitigate future similar frauds? d) Are they advised of activity to the Confidential Reporting Mechanism? Management: 1. Is there a member of executive management designated as the responsible party or point of contact for the fraud prevention? a) Is this person the liaison with the Office of the Inspector General? b) Does this person provide continuous reinforcement of the antifraud programs to all employees? c) Is this person responsible directly to executive management and the board for the antifraud programs of the agency? Sources Management Anti-fraud Programs and Controls commissioned by the Fraud Task Force of the American Institute of Certified Public Accountants, AICPA Auditing Standards Board. Key Elements of Anti-fraud Programs and Controls by Price Waterhouse Coopers Price Waterhouse Coopers article The Emerging Role of Internal Audit in Mitigating Fraud and Reputation Risks. Fraud Prevention Checkup by the Association of Certified Fraud Examiners SAO s Internal Audit Best Practice List SAO Small State Agency Risk Assessment (HB 2485) Instructions SAO Fraud and Criminal Activity Questionnaire Overview Statement on Auditing Standards No. 99, Consideration of Fraud in a Financial Statement Audit 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information