Many organisations maintain a Risk Register, but few of these incorporate specific fraud risks and the associated review undertaken for a risk to be placed on the register.
A Fraud Risk Register can usually be developed from the completion of a Fraud Risk Assessment and should incorporate the following:
· A description of the risk;
· Explain the impact of the risk on the organisation if the risk is not mitigated;
· Assessment of the likelihood of the fraud occurring;
· Assessment of the seriousness / consequence of the fraud;
· What actions need to be taken to mitigate the loss;
· Who will be responsible for implementing the actions to mitigate the loss;
· What is the timeline to implement these actions; and
· The checklist for implementing the actions.
A Fraud Risk Register should be updated on a regular basis (preferably on a yearly basis) or at such times as when there is a change in such things as technology (eg. a new computer system) or a change in services provided or grants received.
A Fraud Risk Register can usually be developed from the completion of a Fraud Risk Assessment and should incorporate the following:
· A description of the risk;
· Explain the impact of the risk on the organisation if the risk is not mitigated;
· Assessment of the likelihood of the fraud occurring;
· Assessment of the seriousness / consequence of the fraud;
· What actions need to be taken to mitigate the loss;
· Who will be responsible for implementing the actions to mitigate the loss;
· What is the timeline to implement these actions; and
· The checklist for implementing the actions.
A Fraud Risk Register should be updated on a regular basis (preferably on a yearly basis) or at such times as when there is a change in such things as technology (eg. a new computer system) or a change in services provided or grants received.
No comments:
Post a Comment