Fraud Risk Assessment in 4 Easy Steps

Posted by

Lynne Callister

on 17 Nov 2020

The risk of fraud is inherent in everyday life, particularly, in the world of business. Whilst risk cannot be entirely avoided, it can be mitigated by following a few simple steps.

Fraud Risk Assessment in 4 Easy Steps

Crime is on the rise in the UK, and fraud and computer misuse is growing the most, according to police reported figures with annual incidents rising from 3.4m in 2017 to 3.8m by 2019.

What is fraud?

Under the UK Fraud Act, there are three main offences:

  • Fraud by false representation: Where someone makes a dishonest representation (express or implied) with the intention of making a gain or causing a loss to another.
  • Fraud by failing to disclose information: Where someone dishonestly fails to disclose information which they're under a legal duty to disclose, with the intention of making a gain for himself or inflicting a loss on another.
  • Fraud by abuse of position: Where someone holding a position of responsibility (which requires him to safeguard the interests of another) dishonestly abuses the position, with the intention of making a gain for himself or inflicting a loss on another.

Other offences include the possession of articles for use in fraud, making or supplying articles for use in fraud, participating in fraudulent business, and obtaining services dishonestly.

Who commits fraud?

Organisations of all sizes are finding themselves victims of fraudulent activity. It's important to remember that there are both external and internal perpetrators of fraud.

  • Internal threats: examples include disgruntled employees who may pilfer company assets, overstate expenses or overbill customers. Workers may also collude with suppliers to defraud the firm (misappropriation of funds). There may also be fraudulent reporting of company accounts by senior managers.
  • External threats: these come from customers (obtaining goods or services without paying or misrepresenting their finances), suppliers (submitting false or duplicate invoices), or representatives (not passing on all the money they receive to our firm). Fraud may also >be committed by people who are unknown to us, via identity theft, CEO fraud, and so on.

Conducting a fraud risk assessment

To protect your company, you need to be aware of any vulnerabilities that you may be exposed to and strengthen your existing arrangements. This is why you need to conduct a robust fraud risk assessment, by following four simple steps.

Step 1: Identify risks

Firstly you need to assess your current operations and processes. To do this you could  refer to historical data as well as emerging trends and patterns.

Step 2: Quantify risks

Estimate the probability and impact of each type of fraud. Use the probability/impact matrix to estimate the level of risk along with your risk exposure.

Step 3: Mitigate risks

Once risks have been identified and quantified, you can use the 4T's model to mitigate them:

  1. Transfer - in other words move the financial consequences to a third party. Generally this involves getting insurance.
  2. Terminate - the simplest and most often overlooked solution. Stop doing things that are risky. This can be achieved through changes in practices and processes, or even by stopping engaging in activities with low reward and high risk.
  3. Treat - here you are aiming to reduce the likelihood and impact of risk. Again this could involve changes to systems and processes, but importantly this is where training your team about risk is vital.
  4. Tolerate - this is the tricky area. You've found a risk, know its potential impact, but the cost of doing anything about it simply isn't worth it. This could include risks with low incidence and medium impact, or medium incidence and low impact. However, don't consider doing this with catastrophic losses - like buildings insurance. Failing to transfer that risk prior to the COVID pandemic has been a stark reminder of why not.

4. Monitor and review risks

Its important to see risk assessment as an ongoing process rather than a one off task. As part of the identify stage you will have already gained insights that will help you understand what to monitor and how to review. But new risks can appear, and the impact and prevalence of threats can change (both up and down). Think of your assessment like you would virus software, there to protect you be regularly in need of checking and updating. And that includes keep both you processes and your people up to date!

Fraud Prevention Good Practice Guide

Want to learn more about fraud & compliance?

If you'd like to stay up to date with fraud best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news subscribe to Skillcast Compliance Bulletin.

To help you navigate the compliance landscape we have collated searchable glossaries of key terms and definitions across complex topics including GDPR, EqualityFinancial Crime and SMCR.

You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.

And if you're looking for a compliance training solution, why not visit our Compliance Essentials Course Library.

Last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!

If you've any questions or concerns about fraud, compliance or e-learning, please get in touch.

We are happy to help!

Compliance Essentials

Our comprehensive off-the-shelf compliance solution of 30+ in-depth courses and dozens of microlearning modules helps companies from SMEs to global corporates to achieve compliance success.

Start a Free Trial