Sunday, May 3, 2009

Develop and maintain a fraud risk register

Many organisations maintain a Risk Register, but few of these incorporate specific fraud risks and the associated review undertaken for a risk to be placed on the register.

A Fraud Risk Register can usually be developed from the completion of a Fraud Risk Assessment and should incorporate the following:

· A description of the risk;
· Explain the impact of the risk on the organisation if the risk is not mitigated;
· Assessment of the likelihood of the fraud occurring;
· Assessment of the seriousness / consequence of the fraud;
· What actions need to be taken to mitigate the loss;
· Who will be responsible for implementing the actions to mitigate the loss;
· What is the timeline to implement these actions; and
· The checklist for implementing the actions.

A Fraud Risk Register should be updated on a regular basis (preferably on a yearly basis) or at such times as when there is a change in such things as technology (eg. a new computer system) or a change in services provided or grants received.

No comments:

Post a Comment