Skip to main content

Assessing Fraud Risk: Principle 8 Focus Points

The organization also considers the potential for fraud when assessing risks to achieving objectives.

Focus Points:

The following focal points highlight essential aspects of activities, reporting, and compliance objectives:

Evaluates Various Types of Cheating

Fraud assessment considers fraudulent reporting, potential asset losses, and fraud resulting from the various ways fraud and abuse can occur.

Risk assessment involves management assessing risks related to fraudulent reporting and protecting the organization’s assets. In addition, management evaluates potential corruption issues that directly impact the ability of the organization’s personnel and external service providers to achieve the organization’s objectives.

When assessing risks that impede achieving financial reporting objectives, organizations typically evaluate the potential for fraud in the following areas.

  • Fraudulent Financial Reporting: An intentional act designed to deceive users of external financial reports, which may result in the omission or misrepresentation of material information in those financial reports.
  • Fraudulent Non-Financial Reporting: An intentional act designed to deceive users of non-financial reports, including sustainability reporting, occupational health and safety, or employment activities, which may result in reporting less than the desired level of accuracy.
  • Misappropriation of Assets: Theft of an organization’s assets with the effect of causing the omission or misrepresentation of material information in external financial reports.
  • Illegal Acts: Violations of laws or regulations that may have a material effect, directly or indirectly, on external financial reporting.

As part of the risk assessment process, the organization should identify the various ways fraudulent reporting may occur, considering the following.

  • Management misbehavior,
  • The degree of estimates and judgments made in external reporting,
  • Fraud patterns and scenarios that are common in the markets and sectors in which the organization operates,
  • Geographical regions in which the organization operates,
  • Incentives that may motivate fraudulent behavior
  • The nature of the technology and management’s ability to manipulate information,
  • Unusual and complex transactions that are under significant management influence,
  • Potential schemes to circumvent existing control actions and vulnerability to management breaches of internal control.

Protection of Assets: It means protecting assets against unauthorized and malicious acquisition, use, or disposal. Improper use of an organization’s assets may be for the benefit of an individual or group. Unauthorized acquisition, use, and disposal of assets. It may be linked to activities such as illegal marketing, theft of assets, theft of intellectual property rights, buying and selling securities outside stock exchange trading hours, and money laundering. Protecting assets is generally linked to operational purposes, although certain aspects may also be relevant to other purposes.

Corruption: In addition to assessing risks related to asset protection and fraudulent reporting, management also evaluates possible acts of corruption within the organization.

Corruption generally relates to the compliance category of objectives but can also affect the organization’s control environment, which affects its external financial reporting objectives.

When assessing possible fraud, the organization cannot be expected to directly manage the actions of personnel in third-party organizations, including outsourced activities, customers, suppliers, or consultants. However, depending on the level of risk assessed within this component, management may stipulate expected levels of performance and standards of behavior through contractual relationships and develop control actions that provide oversight over third-party actions. If necessary, management responds to unusual actions detected in others.

Management Violations: Management breaches of internal control refer to overriding an organization’s rules for an illegitimate purpose, including personal gain or overstating the organization’s financial or compliance status. For example, a manager improperly overrides internal control by approving a sales transaction that a manager who has properly checked has kept on hold for credit to allow a large quantity of goods to be shipped to a customer with poor credit to increase revenue. Acts of infringement are often not documented or disclosed because the goal is to cover up these acts.

Evaluate Incentive and Pressure Elements

In fraud risk assessment, incentive and pressure factors are taken into account.

Incentives and Pressures: Risk assessment involves considering behaviors, pretexts, and opportunities that lead to fraud. Where there is a loss of assets, fraudulent reporting, or corruption, there are often incentives, pressures, and opportunities to access those assets, as well as behavior and excuses that claim the action is justified. Incentives and pressures often arise from and are linked to the control environment, as noted in Principle 5 (Ensuring Accountability). As part of assessing fraud risk, the organization also considers possible incentives and pressures and their potential impact on fraud risk.

Evaluates Opportunities

Fraud risk assessment evaluates opportunities for unauthorized acquisition, use, or disposition of assets, falsification of the organization’s reporting records, or other improper acts.

Opportunity: Opportunity represents the possibility of acquiring, using, or disposing of assets, which may be accompanied by changing the entity’s records. Those who engage in inappropriate actions often also believe these actions cannot be detected. Opportunities arise from poor control and monitoring actions, inadequate oversight, and management violating internal controls. For example, situations that increase the likelihood of an asset loss or fraudulent reporting include:

  • A complex or inconsistent organizational structure
  • High turnover rates of employees in accounting, operations, risk management, internal audit, or technology staff
  • Ineffective design or poor execution of control actions
  • Ineffective technology systems
  • Evaluates Behaviors and Excuses

The fraud risk assessment also considers how management and other personnel may participate in or justify improper actions.

The behaviors and excuses of individuals who engage in inappropriate behavior or attempt to justify their inappropriate behavior may include the following.

  • A person who describes his use of resources as “borrowing” or intends to repay the stolen money in full
  • A person who feels that the organization owes him money because he is dissatisfied with his job (whether due to salary, work environment, managers’ behavior, etc.)
  • A person who does not understand or care about the consequences of inappropriate behavior or accepted concepts of decency and trust

Resources for Internal Control Article

  • Dr. Davut Pehlivanlı, Current Internal Audit Practices, Beta 2010
  • Prof. Dr. Nejat Bozkurt, Accounting Audit, Alfa 1998
  • Prof.Dr.Nejat Bozkurt, TÜRMOB Independent Audit Training Lecture Notes, 2012
  • Dr.Özgür Çatıkkaş, KGK, Marmara University. Corporate Governance Lecture Notes, 2013
  • İSMMMO-Practical Information for Internal Audit in SMEs, 2013
  • Turkish Internal Audit Institute,
  • Alp Buluch, Article, Internal Control, Hurses, 19 March 2013
  • Turkish Commercial Code No. 6102
  • International Internal Auditing Standards,
  • www.coso.orgTreadway Commission Supporting Institutions Committee, Internal Control-Integrated Framework, 2013
  • Public Financial Management and Control Law
  • Public Internal Control Standards
  • Public Internal Control Guide

Bu gönderi şu adreste de mevcuttur: Türkçe