Fraud Risk Assessment Tool

Module 1- Employee Assessment

Not
Yes No Applicable

Are employees provided formal written job descriptions?

Comments:

Are employees provided with an organizational chart that

shows lines of responsibilities?
Comments:

Does the company have written accounting policies and

procedures?
Comments:

Is there a formal policy covering approval authority for

financial transactions, such as purchasing or travel?
Comments:

Does the company have an ethics statement?

Comments:

Does senior management exhibit and encourage ethical

behavior?
Comments:

Does the company have written fraud policies and

procedures?
Comments:

Is a senior member of management responsible for

compliance with fraud policies?
Comments:

Page 1 of 122
 Fraud Risk Assessment Tool

Module 1- Employee Assessment

Not
Yes No Applicable

Does the organization provide an anonymous way to report

suspected violations of the ethics and anti-fraud programs?
Comments:

Are fraud incidents promptly and thoroughly investigated?

Comments:

Does the company maintain a record of fraud incidents?

Comments:

Does the company conduct pre-employment background

checks?
Comments:

Does the company have a loss prevention function?

Comments:

Does the company have an internal audit function?

Comments:

Are the duties related to authorization, custody of assets, and

recording or reporting of transactions segregated?
Comments:

Is compliance with internal controls audited periodically?

Comments:

Page 2 of 122
 Fraud Risk Assessment Tool

Do employees feel they are treated and compensated fairly?

Comments:

Module 1- Employee Assessment

Not
Yes No Applicable

Do any employees have large personal debts or credit

problems?
Comments:

Do any employees appear to be spending far more than they

are earning?
Comments:

Do any employees gamble excessively?

Comments:

D any employees use alcohol or drugs excessively?

Comments:

Do any employees resent their superiors?

Comments:

Do any employees have a close association with vendors or

competitors?
Comments:

Do any employees have outside business interests that might

conflict with their duties at the company?
Comments:

Page 3 of 122
 Fraud Risk Assessment Tool

Is the company experiencing high employee turnover?

Comments:

Are employees required to take annual vacations?

Comments:

Module 1- Employee Assessment

Not
Yes No Applicable

Is the company dominated by a small group of individuals?

Comments:

Does the company have unrealistic productivity

measurements and expectations?
Comments:

Does the management fail to give employees positive

feedback and recognition for job performance?
Comments:

Does the organization educate employees about the

importance of ethics and anti-fraud programs?
Comments:

Are employees afraid to deliver bad news to supervisors or

management?
Comments:

Is there lack of communication between employees and

management?
Comments:

Page 4 of 122
 Fraud Risk Assessment Tool

Is there lack of clear organizational responsibilities in the

company?
Comments:

Does management not seem to care about or reward

appropriate behavior?
Comments:

Page 5 of 122
 Fraud Risk Assessment Tool

Module 1- Employee Assessment

Not
Yes No Applicable

Has a code of conduct been developed and distributed to all

employees?
Comments:

Has a code of conduct been developed and distributed to all

third parties?
Comments:

Have employees signed an acknowledgement form that they

have received training on the code of conduct?
Comments:

Are employees provided counseling or assistance for any

personal problems they might be having?
Comments:

Are employees aware that an employee assistance program

exists?
Comments:

Does the organization have fair practices when it comes to

bonuses, promotions, salary increases?
Comments:

Are exit interviews of employees conducted?

Comments:

Is there proper alignment between an individual’s authority

and his level of responsibility?
Comments:

Page 6 of 122
 Fraud Risk Assessment Tool

Module 1- Employee Assessment

Not
Yes No Applicable

Are third party relationships and related party transactions

formally disclosed?
Comments:

Has the proper segregation of duties been performed?

Comments:

Are other employees informed about the risks related to

management override of controls?
Comments:

Do candidates for particularly sensitive positions (e.g., those

with significant authority or extensive access to company
assets) undergo additional screening procedures?
Comments:

Are employees provided clear and reasonable performance

goals?
Comments:

Are ethical considerations formally included in employee

reviews and promotion decisions?
Comments:

Are employees provided with access to appropriate training

to help them maintain and improve their professional skills?
Comments:

Page 7 of 122
 Fraud Risk Assessment Tool

Do employees rotate job responsibilities (in positions where

appropriate and possible)?
Comments:

Module 2- Management/Key Employee Assessment

Not
Yes No Applicable

Is the board of directors composed of mainly officers of the

company or related individuals?
Comments:

Is there and independent audit committee?

Comments:

Has there been high turnover of managers and members of the

board of directors?
Comments:

Have an unusually high number of key employees left the

company recently?
Comments:

Is the company involved in any litigation?

Comments:

Does the company have offshore activities or bank accounts?

Comments:

Do any of the senior managers have offshore bank accounts or

business interests?
Comments:

Page 8 of 122
 Fraud Risk Assessment Tool

Are any key employees experiencing financial pressures, such

as debts, gambling, medical bills, or divorce?
Comments:

Module 2- Management/Key Employee Assessment

Not
Yes No Applicable

Do any key employees appear to be living beyond their means?

Comments:

Do any key employees have civil judgments or bankruptcies on

record?
Comments:

Do any key employees have a criminal conviction?

Comments:

Do one or two key employees appear to dominate the

company?
Comments:

Do any key employees have friends or relatives reporting

directly to them?
Comments:

Do any of the key employees appear to have a close association

with a vendor?
Comments:

Page 9 of 122
 Fraud Risk Assessment Tool

Do any key employees have outside business interests that

might conflict with their duties at the company?
Comments:

Do any key employees own a portion of any company that does

business with this company?
Comments:

Module 2- Management/Key Employee Assessment

Not
Yes No Applicable

Has any key employee failed to take vacation?

Comments:

Do any key employees have a significant amount of their net

worth invested in the company?
Comments:

Does the company have unusually high debts?

Comments:

Is key employee compensation primarily based on company

performance?
Comments:

Is there an incentive to use inappropriate means to minimize

earnings for tax reasons?
Comments:

Is there excessive pressure to increase the company’s stock

price?
Comments:

Page 10 of 122
 Fraud Risk Assessment Tool

Has the company recently experienced large operating or

investment losses?
Comments:

Does the organization have sufficient working capital?

Comments:

Page 11 of 122
 Fraud Risk Assessment Tool

Module 2- Management/Key Employee Assessment

Not
Yes No Applicable

Does the organization have sufficient credit?

Comments:

Is the organization under pressure to report favorable earnings?

Comments:

Does the company depend heavily on only a limited number of

products or customers?
Comments:

Has the company experienced difficulty in collecting

receivables?
Comments:

Has the company recently expanded rapidly into new business

or product lines?
Comments:

Has the company experienced a reduction in sales volume?

Comments:

Does the company have strong competitors that are

outperforming?
Comments:

Is the company under pressure to sell or merge with another

company?
Comments:

Page 12 of 122
 Fraud Risk Assessment Tool

Module 2- Management/Key Employee Assessment

Not
Yes No Applicable

Does the company change auditors often?

Comments:

Does the company delay or avoid supplying auditors with the

information necessary to complete the audits?
Comments:

Does the company have problems with regulatory agencies?

Comments:

Does the company have poor accounting records?

Comments:

Does the accounting department appear to be inadequately

staffed?
Comments:

Does the organization fail to disclose questionable or unusual

accounting practices?
Comments:

Does the company have a number of large year-end or unusual

transactions?
Comments:

Does the organization lack an adequate internal audit staff?

Comments:

Page 13 of 122
 Fraud Risk Assessment Tool

Module 2- Management/Key Employee Assessment

Not
Yes No Applicable

Does the organization lack an internal control system or does it

fail to enforce the existing internal controls?
Comments:

Does the organization have a policy in place that determines

when charges would be pressed for a fraud occurrence and be
turned over to the authorities?
Comments:

When fraud occurs, does the organization determine the reasons

that led to the fraud and implement corrective actions?
Comments:

Does the organization have a mission statement that clearly

outlines company objectives?
Comments:

Does management set the proper tone and follow the

organization’s mission statement?
Comments:

Has the organization considered fraud risks when designing

their system of internal controls?
Comments:

Does management thoroughly review that reconciliations have

been adequately performed by their direct reports?
Comments:

Page 14 of 122
 Fraud Risk Assessment Tool

Module 2- Management/Key Employee Assessment

Not
Yes No Applicable

Does the internal audit function regularly perform checks on

internal controls to determine if they are working as intended?
Comments:

Do external auditors perform audits on a regular basis?

Comments:

Do external auditors provide reasonable assurance that there are

no material misstatements in financial statements?
Comments:

Does management respect the input from external auditors and

respect their role?
Comments:

Is the organization’s reputation or bottom line affected by

external threats (e.g. market prices, regulatory agencies)?
Comments:

Is the organization’s structure overly complex or a large

number of complex business units?
Comments:

Does management use inappropriate judgment when making

accounting estimates?
Comments:

Have employees been made aware of mass layoffs?

Comments:

Page 15 of 122
 Fraud Risk Assessment Tool

Module 2- Management/Key Employee Assessment

Not
Yes No Applicable

Are surprise internal audits conducted on a periodic basis?

Comments:

Have key employees been identified and documented?

Comments:

Have key employees signed an acknowledgement form that

they have received training on the code of conduct?
Comments:

Are key employees provided counseling or assistance for any

personal problems they might be having?
Comments:

Are employees aware that an employee assistance program

exists?
Comments:

Does the organization have fair practices when it comes to

bonuses, promotions, salary increases?
Comments:

Has the proper segregation of duties been performed?

Comments:

Page 16 of 122
 Fraud Risk Assessment Tool

Is there proper alignment between an individual’s authority and

his level of responsibility?
Comments:

Module 2- Management/Key Employee Assessment

Not
Yes No Applicable

Has management implemented fraud detection procedures such

as data analysis or continuous auditing techniques?
Comments:

Is the organization in a rapidly growing or technology-

dependent industry?
Comments:

Has the company had a recent round of layoffs?

Comments:

Does the company have an adequately staffed internal audit

function that reports directly to the board or audit committee?
Comments:

Is the board of directors composed of individuals who are

independent of management?
Comments:

Does the board meet regularly enough to fulfill their oversight

responsibilities?
Comments:

Page 17 of 122
 Fraud Risk Assessment Tool

Does the board have an independent audit committee?

Comments:

Are the audit committee’s responsibilities set forth in a formal

charter and fully understood by both the board and
management?
Comments:

Module 2- Management/Key Employee Assessment

Not
Yes No Applicable

Does the audit committee contain an appropriate level of

financial expertise?
Comments:

Does the board or audit committee exercise appropriate

oversight of the financial reporting process?
Comments:

Does the board or audit committee exercise appropriate

oversight of the organization’s internal controls?
Comments:

Does the board exercise appropriate oversight of the

organization’s fraud risk management program?
Comments:

Does the board have an ethics subcommittee?

Comments:

Page 18 of 122
 Fraud Risk Assessment Tool

Does the board include a director who serves as the company’s

“ethics champion”?
Comments:

Has there been a high turnover of managers or board members?

Comments:

Does the company have an ethics policy?

Comments:

Module 2- Management/Key Employee Assessment

Not
Yes No Applicable

Does the company have a code of conduct?

Comments:

Does the company have a conflict-of-interest policy that clearly

outlines what is a prohibited relationship?
Comments:

Are the ethics policy, code of conduct, and conflict-of-interest

policy available online to both internal and external parties?
Comments:

Do staff members at all levels periodically recertify their

compliance with the code of conduct and conflict-of-interest
policy?
Comments:

Page 19 of 122
 Fraud Risk Assessment Tool

Are the ethics policy and code of conduct periodically reviewed

for relevance, clarity, and effectiveness?
Comments:

Does management clearly communicate changes in the ethics

policy and code of conduct to all staff members?
Comments:

Does management consistently apply and publicize penalties

for violations of the ethics policy, code of conduct, and
conflict-of-interest policy?
Comments:

Module 2- Management/Key Employee Assessment

Not
Yes No Applicable

Does the company have a chief ethics officer?

Comments:

Does the company use a clearly articulated mission or value

statement to guide strategy and decision making at all levels?
Comments:

Does senior management exhibit and encourage ethical

behavior?
Comments:

Does management periodically send out communications that

emphasize and discuss business ethics?
Comments:

Page 20 of 122
 Fraud Risk Assessment Tool

Does the organization undergo an ethical assessment by an

external party (e.g. an ethics risk assessment conducted by an
independent consultant or auditor)?
Comments:

Do employees at all levels feel able to challenge the ideas or

directives of supervisors or management?
Comments:

Are employees provided with ongoing access to resources and

guidance for making ethical decisions?
Comments:

Does management actively solicit feedback from employees?

Comments:

Module 2- Management/Key Employee Assessment

Not
Yes No Applicable

Does management empower employees to implement

improvements in their areas of responsibility?
Comments:

Does management display appropriate regard for regulatory

authorities?
Comments:

Does management periodically review the organization’s

business relationships to ensure it only does business with
reputable parties?
Comments:

Page 21 of 122
 Fraud Risk Assessment Tool

Are managers prohibited from overriding controls?

Comments:

Does management take timely and appropriate action in

response to identified internal control weaknesses?
Comments:

Are employees made aware of the reporting program through

multiple and repeated means (e.g., formal training, company
newsletters, posters, etc.)?
Comments:

Does management provide an anonymous way to report

suspected violations of the ethics and anti-fraud programs ?
Comments:

Module 2- Management/Key Employee Assessment

Not
Yes No Applicable

Does a party or department with appropriate resources,

authority, and independence to follow up on incoming reports
handle them?
Comments:

Is there a formal response system in place that ensures high-risk

reports are routed to the appropriate level of authority?
Comments:

Are tips promptly and thoroughly investigated?

Comments:

Page 22 of 122
 Fraud Risk Assessment Tool

Are employees encouraged to report concerns about potential

ethics violations and fraudulent behavior?
Comments:

Does the company have a publicized and supported

whistleblower protection policy?
Comments:

Is there a reward program for individuals who provide

substantiated tips?
Comments:

Does management publicize its zero-tolerance stance on fraud?

Comments:

Is an individual or a team formally charged with overseeing and

implementing the anti-fraud program?
Comments:

Module 2- Management/Key Employee Assessment

Not
Yes No Applicable

Does the organization undergo regular fraud risk assessments?

Comments:

Has management clearly defined its acceptable level of fraud

risk (i.e., its fraud-risk tolerance), and is that level used to focus
fraud risk management efforts?
Comments:

Page 23 of 122
 Fraud Risk Assessment Tool

Are the results of the fraud risk assessment used to drive

changes within the organization?
Comments:

Does the organization conduct formal anti-fraud training?

Comments:

Are managers and supervisors provided with supplemental

fraud awareness training that covers their additional
responsibilities and opportunities with regard to preventing and
detecting fraud?
Comments:

Does the company maintain a record of substantiated fraud

incidents?
Comments:

Does the company immediately dismiss any employees found

to have committed fraud?
Comments:

Module 2- Management/Key Employee Assessment

Not
Yes No Applicable

Does the company report all incidents of fraud to law

enforcement and press charges against the perpetrators?
Comments:

Does management proactively identify factors that contributed

to instances of fraud and take appropriate corrective action?
Comments:

Page 24 of 122
Fraud Risk Assessment Tool

Page 25 of 122
 Fraud Risk Assessment Tool

Module 3- Physical Controls to Deter Employee Theft and Fraud

Not
Yes No Applicable

Does the organization conduct pre-employment background

checks to identify previous dishonest or unethical behavior?
Comments:

Are there policies and procedures that address dishonest or

unethical behavior?
Comments:

Does management support the ethics and anti-fraud policies?

Comments:

Does the organization educate employees about the

importance of ethics and anti-fraud programs?
Comments:

Does the organization provide an anonymous way to report

suspected violations of the ethics and anti-fraud policies?
Comments:

Does the organization restrict access to areas containing

sensitive documents (such as invoices, receipts, journals,
ledgers, and checks) and maintain a system for providing an
audit trail of access?
Comments:

Does the organization restrict access to computer systems

with sensitive documents (such as accounting software,
inventory, and payroll) and create a system to provide an
audit trail of access?
Comments:

Page 26 of 122
 Fraud Risk Assessment Tool

Module 3- Physical Controls to Deter Employee Theft and Fraud

Not
Yes No Applicable

Does the organization restrict access to areas with high value

assets, such as shipping, receiving, storerooms, and cash?
Comments:

Does the organization use CCTV and recording equipment to

monitor entries, exits, areas with sensitive or high value
assets, and sales areas?
Comments:

Does the organization conduct random, unannounced audits

of inventory, cash, expense, purchasing, billing, and other
accounts by internal or external auditors?
Comments:

Does the organization use professional loss prevention or

security personnel to monitor physical controls?
Comments:

Does the organization promptly investigate incidents of

suspected or reported fraud?
Comments:

Has the organization segregated duties in areas that could

potentially be an opportunity for fraud to occur?
Comments:

Does the organization require the use of passwords to access

computer files?
Comments:

Page 27 of 122
 Fraud Risk Assessment Tool

Module 3- Physical Controls to Deter Employee Theft and Fraud

Not
Yes No Applicable

Does the organization require passwords to be changed

periodically and have a combination of letters, numbers, and
symbols?
Comments:

Does the organization have a strict policy against the sharing

of passwords between employees?
Comments:

Does the level of access controls appear to be adequate by an

impartial observer?
Comments:

Is there an ethical component in all policies,

communications, and decision-making?
Comments:

Does the organization prohibit the use of the same password

multiple times?
Comments:

Is there a written policy that restricts system access when

someone leaves the organization?
Comments:

Are non-employees required to sign a confidentiality

agreement if they have access to the system?
Comments:

Page 28 of 122
 Fraud Risk Assessment Tool

Module 3- Physical Controls to Deter Employee Theft and Fraud

Not
Yes No Applicable

Is access to the organization’s equipment available to

employees after business hours?
Comments:

Are company cars allowed to be used after business hours?

Comments:

Does management have and enforce a policy that requires

employees to log off computers after business hours or when
computers are unattended?
Comments:

Page 29 of 122
Fraud Risk Assessment Tool

Page 30 of 122
 Fraud Risk Assessment Tool

Module 4- Skimming Schemes

Not
Yes No Applicable

Is there periodic analytical review of sales accounts using

vertical, horizontal, and ratio analysis?
Comments:

Is there periodic review of the inventory and receiving

records using statistical sampling?
Comments:

Is there periodic review of the inventory and receiving

records using trend analysis?
Comments:

Is there periodic review of the inventory and receiving

records using physical inventory counts?
Comments:

Is there periodic review of the inventory and receiving

records using verification of shipping and requisition
documents?
Comments:

Is there periodic review of inventory accounts for write-offs?

Comments:

Is there periodic review of accounts receivable and

allowance for uncollectible accounts to look for write-offs of
accounts receivables?
Comments:

Page 31 of 122
 Fraud Risk Assessment Tool

Module 4- Skimming Schemes

Not
Yes No Applicable
Is there periodic review of cash accounts for irregular
entries?
Comments:

Is the company mail opened by someone other than

bookkeepers, cashiers, or other accounting employees who
make journal entries?
Comments:

Do vouchers for credit and sales receipts contain serial

numbers?
Comments:

Is the accounts receivable bookkeeper restricted from

preparing the bank deposit?
Comments:

Is the accounts receivable bookkeeper restricted from

collecting cash from customers?
Comments:

Is the accounts receivable bookkeeper restricted from access

to the cash receipts?
Comments:

Is the cashier restricted from accessing accounts receivable

records?
Comments:

Page 32 of 122
 Fraud Risk Assessment Tool

Is the cashier restricted from accessing bank and customer

statements?
Comments:

Module 4- Skimming Schemes

Not
Yes No Applicable
Is each of the following responsibilities assigned to a
separate employee: general ledger entries, cash receipt
entries, and accounts receivable billing?
Comments:

Does the employee who opens incoming checks place

restrictive endorsements on all checks received?
Comments:

Does the person who opens the mail prepare a list of all
checks and cash received?
Comments:

Does the person who opens the mail deliver all checks and
cash to the person responsible for the daily bank deposit?
Comments:

Does any employee perform an independent verification of

the bank deposit ticket to the remittance list generated by the
employee who opened the mail?
Comments:

Does the company use a lockbox service for cash receipts?

Comments:

Page 33 of 122
 Fraud Risk Assessment Tool

Does the company have a safe with restricted access?

Comments:

Is cash deposited daily?

Comments:

Module 4- Skimming Schemes

Not
Yes No Applicable
Are there pre-numbered cash receipts for cash sales?
Comments:

Are employees who handle cash bonded?

Comments:

Is there a written policy and procedure for turning over

delinquent accounts for collection?
Comments:

Is the person who handles customer complaints independent

of the cashier or accounts receivable function?
Comments:

Is physical access to the accounting system restricted to only

authorized persons?
Comments:

Are accounts receivable reconciled monthly?

Comments:

Page 34 of 122
 Fraud Risk Assessment Tool

Does management approve all discounts or coupons to

customers?
Comments:

Are returns, voids, or credit memos greater than all sales

transactions by 10 to 15 percent?
Comments:

Module 4- Skimming Schemes

Not
Yes No Applicable

Are employees with access to accounting records prohibited

from the delivery of unopened business mail?
Comments:

Are lockbox receipts reconciled with customer remittances?

Comments:

Are deposits made in a night drop at the bank and each

deposit verified at the beginning of the next business day?
Comments:

Is any un-deposited money and change funds in a time-lock

safe?
Comments:

Are excessive amounts of cash on hand?

Comments:

Page 35 of 122
 Fraud Risk Assessment Tool

Is the trash in the mailroom examined for discarded

envelopes, and compared against the number of envelopes
from customers to the number of payments posted?
Comments:

Do employees involved in sales, A/R, and cash receipts

functions put in an excessive amount of weekend or after-
hours work, particularly when their hours seem to exceed the
demands of their jobs?
Comments:

Module 4- Skimming Schemes

Not
Yes No Applicable

Does the work area and trash of suspects contain notes or

other evidence of a second set of records?
Comments:

Are there any unusual delays in the posting dates of

payments and the dates customers mailed payments?
Comments:

Do deposit totals match accounts receivable postings?

Comments:

Are there any unexplained shortages in the cash account

when cash accounts are reconciled with bank records?
Comments:

Page 36 of 122
 Fraud Risk Assessment Tool

Does support exist for all adjustments to accounts

receivable?
Comments:

Are there patterns with employees, customers, or amounts in

accounts receivable write-offs and discounts?
Comments:

Is a trend analysis on accounts receivable performed to look

for an unusual number of overdue customer accounts?
Comments:

Module 4- Skimming Schemes

Not
Yes No Applicable

Are dormant activity reports run to look for debits to

dormant customer accounts?
Comments:

Does an employee independent of the accounts receivable

function closely review aging accounts receivable and
confirm overdue balances with customers?
Comments:

Are customer satisfaction surveys randomly sent out to

verify price, mode of payment, and other essential
information from past sales?
Comments:

Page 37 of 122
 Fraud Risk Assessment Tool

Are invoices checked against an established price list to

verify that customers were appropriately charged?
Comments:

Are deposit slips reviewed for signs of alteration or used to

reconcile cash receipt records?
Comments:

Are instances where deposits in transit did not clear the bank
in a reasonable amount of time investigated?
Comments:

Are unexplained decreases in cash availability amounts

investigated?
Comments:

Module 4- Skimming Schemes

Not
Yes No Applicable

Are ending balances of daily cash balances compared to

other months to see if there has been any significant change?
Comments:

Are all journal entries made to the cash accounts reviewed

and analyzed?
Comments:

Page 38 of 122
Fraud Risk Assessment Tool

Page 39 of 122
 Fraud Risk Assessment Tool

Module 5- Cash Larceny Schemes

Not
Yes No Applicable

Are cash register tape totals reconciled to the amount in the

cash drawer?
Comments:

Is an employee other than the cash register worker

responsible for preparing register count sheets and agreeing
them to register totals?
Comments:

Is access to registers or the cash box closely monitored? Are

access codes kept secure?
Comments:

Are customer complaints regarding short change or improper

posting handled by someone other than the employee who
receives the cash?
Comments:

Are register workers properly supervised?

Comments:

Are CCTV cameras and digital recorders used to monitor

register areas?
Comments:

Is each receivable transaction reviewed for legitimacy and

supporting documentation?
Comments:

Page 40 of 122
 Fraud Risk Assessment Tool

Module 5- Cash Larceny Schemes

Not
Yes No Applicable

Is an independent listing of cash receipts prepared before the

receipts are submitted to the cashier or accounts receivable
bookkeeper?
Comments:

Does a person independent of the cash receipts and accounts

receivable functions compare entries to the cash receipts
journals with the bank deposit slips and bank deposit
statements?
Comments:

Are the cash receipts, cash counts, bank deposits, deposit

receipt reconciliations, bank reconciliations, posting of
deposits, and cash disbursements duties segregated?
Comments:

Does an employee other than the cashier or accounts

receivable bookkeeper make the daily bank deposit?
Comments:

Is job or assignment rotation mandatory for employees who

handle cash receipts and accounting duties?
Comments:

Are vacations mandatory for employees who handle cash

receipts and accounting duties?
Comments:

Are surprise cash counts conducted?

Comments:

Page 41 of 122
 Fraud Risk Assessment Tool

Module 5- Cash Larceny Schemes

Not
Yes No Applicable

Are journal entries made to the cash accounts reviewed and

analyzed on a regular basis?
Comments:

Does the company use a point of sale (POS) system?

Comments:

Does the POS system track perpetual inventory?

Comments:

Does the POS system track exceptions, such as voids,

refunds, no sales, overages, and shortages?
Comments:

Are register exception reports reviewed on a regular basis?

Comments:

Are all employees, except for managers, prohibited from

making changes to the POS system?
Comments:

Is access to the accounts receivable subledger and the

general ledger restricted to authorized employees? Does
access leave an audit trail?
Comments:

Page 42 of 122
 Fraud Risk Assessment Tool

Module 5- Cash Larceny Schemes

Not
Yes No Applicable

Is each receivable transaction reviewed for legitimacy and

supporting documentation?
Comments:

Are cash registers physically organized to facilitate

monitoring of sales transactions?
Comments:

Is there a secure area where salespersons are required to

store their coats, hats, handbags, etc.?
Comments:

Do cash registers have adequate security features, such as

access controls and a management-override key for voids
and returns?
Comments:

Are there separate register drawers for each cashier?

Comments:

Is the cash register tape compartment locked, with only

management having the key?
Comments:

For all voided transactions, is it required that a copy of the

customer’s receipt from the initial purchase be retained along
with a copy of a void slip or other documentation of the
transaction?
Comments:

Page 43 of 122
 Fraud Risk Assessment Tool

Module 5- Cash Larceny Schemes

Not
Yes No Applicable

Is a physical security system installed which provides each

employee (with the appropriate level of authority) access
using a distinct entry code?
Comments:

Are customers encouraged to request and examine receipts

(e.g., by offering a discount to customers who do not receive
a receipt for their purchase)?
Comments:

Are gaps in pre-numbered forms used for sales receipts and

sales returns investigated?
Comments:

Are customer statements sent monthly?

Comments:

Have managers been trained to watch for and identify

markers used by fraudsters to keep track of how much they
have stolen from cash registers (e.g., an employee keeping a
nickel near the register to represent the $500 he has taken)?
Comments:

Are transaction records monitored for an excessive number

of non-sale transactions?
Comments:

Page 44 of 122
 Fraud Risk Assessment Tool

Does the organization use a secret shopper service to

monitor procedures and test the integrity of sales clerks?
Comments:

Module 5- Cash Larceny Schemes

Not
Yes No Applicable

Are login and logout times of each cash register user

reviewed to identify use during non-business hours?
Comments:

Has a trend analysis been performed for sales discounts,

coupons, over-rings, etc. by each cashier or salesperson?
Comments:

Have red flags and patterns in refunds, voids, or other

reversing transactions been identified, such as recurring
transactions that fall just under review limits or transactions
that are for round numbers?
Comments:

Have transactions been approved by a manager on days that

the manager did not work?
Comments:

Are there multiple refunds of the same merchandise or

multiple voids of the same sales transaction?
Comments:

Page 45 of 122
 Fraud Risk Assessment Tool

Module 6- Check Tampering Schemes

Not
Yes No Applicable

Are unused checks stored in a secure container with limited

access?
Comments:

Are unused checks from accounts that have been closed

promptly destroyed?
Comments:

Are electronic payments used where possible to limit the

number of paper checks issued?
Comments:

Are printed and signed checks mailed immediately after

signing?
Comments:

Are new checks purchased from reputable check vendors?

Comments:

Do company checks contain security features to ensure their

integrity?
Comments:

Page 46 of 122
 Fraud Risk Assessment Tool

Has the company notified its bank to not accept checks over
a predetermined maximum amount?
Comments:

Module 6- Check Tampering Schemes

Not
Yes No Applicable

Has the company established positive pay controls with its

bank by supplying the bank with a daily list of checks issued
and authorized for payment?
Comments:

Is the employee who prepares the check prohibited from

signing the check?
Comments:

Are detailed comparisons made between the payees on the

check and the payees listed in the cash disbursements
journal?
Comments:

Are employees responsible for handling and coding checks

periodically rotated?
Comments:

Are bank reconciliations completed immediately after bank

statements are received?
Comments:

Page 47 of 122
 Fraud Risk Assessment Tool

Are bank statements and account reconciliations

independently audited to confirm accuracy?
Comments:

Are cancelled checks independently reviewed for alterations

and forgeries?
Comments:

Module 6- Check Tampering Schemes

Not
Yes No Applicable

Are checks for a material amount matched to the supporting

documentation?
Comments:

Are voided checks examined for irregularities and to ensure

they haven’t been processed?
Comments:

Are missing checks recorded and stop payments issued?

Comments:

Do questionable payees or payee addresses trigger review of

the corresponding check and support documentation?
Comments:

With the exception of payroll, are checks issued to

employees reviewed for irregularities?
Comments:

Page 48 of 122
 Fraud Risk Assessment Tool

Are two signatures required for check issuance?

Comments:

Area all company payments made by check or other

recordable payment device?
Comments:

Are handwritten checks prohibited?

Comments:

Module 6- Check Tampering Schemes

Not
Yes No Applicable

Is check signing authority only given to specific individuals

within the organization?
Comments:

Is there a separation of duties for cutting and posting checks,

signing checks, delivering or mailing checks, and reconciling
the bank statement?
Comments:

Are canceled checks returned with bank statements kept

secure?
Comments:

Are physical and software controls used to restrict access to

the cash disbursements system?
Comments:

Page 49 of 122
 Fraud Risk Assessment Tool

If manual checks must be used, do check preparers use

permanent ink?
Comments:

Are accounts payable clerks required to verify support for

any payment before cutting and posting a check?
Comments:

Are dual signatures required for checks?

Comments:

Are check-signers instructed to never sign blank checks?

Comments:

Module 6- Check Tampering Schemes

Not
Yes No Applicable

Is there limited access to a signature stamp?

Comments:

Do all voided checks require independent authorization?

Comments:

Are voided checks defaced and either promptly destroyed or

kept in a secure location?
Comments:

Are copies of all voided checks attached to the bank

statement reconciliation?
Comments:

Page 50 of 122
 Fraud Risk Assessment Tool

Are accurate records of the work schedules of mailroom

employees and other personnel who might have access to
signed checks maintained?
Comments:

Are vendor complaints about non-payment of bills

investigated when company records show payments were
issued?
Comments:

Are missing, out-of-sequence, or duplicate check numbers

on the bank statement investigated?
Comments:

Are past-due notices received by the entity investigated?

Comments:

Module 6- Check Tampering Schemes

Not
Yes No Applicable

Are out-of-balance cash accounts, unexplained shortages of

cash, or checks returned due to insufficient funds
investigated?
Comments:

Are unusual payee names reviewed (i.e., handwritten or

typewritten vs. computer written, or payee name not on
vendor list)?
Comments:

Is there a review of non-payroll checks written to

employees?
Comments:

Page 51 of 122
 Fraud Risk Assessment Tool

Are canceled checks reviewed for signatures by authorized

signers who were on vacation or out of the office on the date
of the check?
Comments:

Are practice signatures or indentation marks in employee

work areas examined?
Comments:

Are duplicate payments to vendors identified and reviewed?

Comments:

Are test checks inserted in the payables system and their trail
followed to ensure proper delivery?
Comments:

Module 6- Check Tampering Schemes

Not
Yes No Applicable

Are any changes made to vendor addresses, amounts,

payees, etc., reviewed to identify any employees who make
an inordinate number of changes?
Comments:

Are the number of voided checks monitored?

Comments:

Page 52 of 122
 Fraud Risk Assessment Tool

Are surprise sample audits of cash disbursements

periodically conducted?
Comments:

Are canceled checks with dual endorsements reviewed,

particularly when one of the endorsers is an employee?
Comments:

Are canceled checks that appear to have been prepared,

signed, and endorsed in the same handwriting investigated?
Comments:

Are any company checks made payable to “cash” reviewed?

Comments:

Are out-of-sequence checks or duplicate check numbers

investigated?
Comments:

Are canceled checks missing from the bank statement?

Comments:

Module 6- Check Tampering Schemes

Not
Yes No Applicable

Are there duplicate payments on vendor invoices?

Comments:

Are checks to the same vendor sent to more than one

address?
Comments:

Page 53 of 122
 Fraud Risk Assessment Tool

Are payments made to known vendors at unusual times or in

unusual amounts?
Comments:

Are checks issued without support documentation?

Comments:

Are there significant lifestyle changes for employees who

deal with the preparation or signing of company checks?
Comments:

Is there an excessive number of voided checks recorded in

the disbursements journal?
Comments:

Page 54 of 122
 Fraud Risk Assessment Tool

Module 7- Cash Register Schemes

Not
Yes No Applicable
Are refunds, voids, and discounts evaluated on a routine
basis to identify patterns of activity among employees,
departments, shifts, merchandise, etc.?
Comments:

Is there a sign posted at the register asking the customer to

request and examine a sales receipt?
Comments:

Are cash disbursements recorded on a pre-numbered form

and reconciled daily?
Comments:

Do the cash disbursement forms have an explanation section

or code?
Comments:

Are customers that are involved in voided sales and refunds

randomly contacted to verify the accuracy of the transaction?
Comments:

Is access to the necessary control keys for refunds and voids

restricted to supervisors?
Comments:

Do void or refund transactions have to be approved by a

supervisor and documented?
Comments:

Page 55 of 122
 Fraud Risk Assessment Tool

Module 7- Cash Register Schemes

Not
Yes No Applicable

Is documentation of void and refund transactions maintained

on file?
Comments:

Is missing or altered register tape thoroughly investigated?

Comments:

Are gaps in the register tape investigated?

Comments:

Are multiple voids or refunds for amounts just under any

review limit investigated?
Comments:

Is an employee other than the register worker responsible for

preparing register count sheet and comparing them to
register totals?
Comments:

Are customer complaints regarding payment errors

thoroughly investigated?
Comments:

Does each cashier have a separate access code to the

register?
Comments:

Does each cashier have a separate cash drawer?

Comments:

Page 56 of 122
 Fraud Risk Assessment Tool

Module 7- Cash Register Schemes

Not
Yes No Applicable

Is an over and short log kept for each person and/or register?
Comments:

Are over and short incidents thoroughly investigated and

monitored?
Comments:

Are all “no sale” receipts accounted for and attached to a

daily cashier’s report?
Comments:

Is access to the register area restricted to authorized

employees and supervisors?
Comments:

Are all cashiers periodically integrity shopped?

Comments:

Are cash registers physically organized to facilitate

monitoring of sales transactions?
Comments:

Is there a secure area where salespersons are required to

store their coats, hats, handbags, etc.?
Comments:

Page 57 of 122
 Fraud Risk Assessment Tool

Do cash registers have adequate security features, such as

access controls and a management-override key for voids
and returns?
Comments:

Module 7- Cash Register Schemes

Not
Yes No Applicable

Is the cash register tape compartment locked, with only

management having the key?
Comments:

For all voided transactions, is it required that a copy of the

customer’s receipt from the initial purchase be retained along
with a copy of a void slip or other documentation of the
transaction?
Comments:

Is a physical security system installed which provides each

employee (with the appropriate level of authority) access
using a distinct entry code?
Comments:

Are customers encouraged to request and examine receipts

(e.g., by offering a discount to customers who do not receive
a receipt for their purchase)?
Comments:

Are gaps in pre-numbered forms used for sales receipts and

sales returns investigated?
Comments:

Page 58 of 122
 Fraud Risk Assessment Tool

Have managers been trained to watch for and identify

markers used by fraudsters to keep track of how much they
have stolen from cash registers (e.g., an employee keeping a
nickel near the register to represent the $500 he has taken)?
Comments:

Are transaction records monitored for an excessive number

of non-sale transactions?
Comments:

Module 7- Cash Register Schemes

Not
Yes No Applicable

Are login and logout times of each cash register user

reviewed to identify use during non-business hours?
Comments:

Has a trend analysis been performed for sales discounts,

coupons, over-rings, etc. by each cashier or salesperson?
Comments:

Have red flags and patterns in refunds, voids, or other

reversing transactions been identified, such as recurring
transactions that fall just under review limits or transactions
that are for round numbers?
Comments:

Have transactions been approved by a manager on days that

the manager did not work?
Comments:

Are there multiple refunds of the same merchandise or

multiple voids of the same sales transaction?
Comments:

Page 59 of 122
Fraud Risk Assessment Tool

Page 60 of 122
 Fraud Risk Assessment Tool

Module 8- Purchasing and Billing Schemes

Not
Yes No Applicable
Does the organization have a purchasing department?
Comments:

Is the purchasing department independent of the accounting,

receiving, and shipping departments?
Comments:

Do purchase requisitions require management approval?

Comments:

Do purchase orders specify a description of items, quantities,

prices and dates?
Comments:

Are purchase order forms pre-numbered and accounted for?

Comments:

Does the company maintain a master vendor file?

Comments:

Are competitive bids required for all purchases?

Comments:

Does the receiving department prepare receiving reports for

all items received?
Comments:

Page 61 of 122
 Fraud Risk Assessment Tool

Module 8- Purchasing and Billing Schemes

Not
Yes No Applicable
Does the receiving department maintain a log of all items
received?
Comments:

Are copies of receiving reports furnished to the accounting

and purchasing departments?
Comments:

Are purchasing and receiving functions separate from

invoice processing, accounts payable, and general ledger
functions?
Comments:

Are vendor invoices, receiving reports, and purchase orders

matched before the related liability is recorded?
Comments:

Are purchase orders recorded in a purchase register or

voucher register before being processed through cash
disbursements?
Comments:

Are procedures adequate to ensure that merchandise

purchased for direct delivery to the customer is promptly
billed to the customer and recorded as both a receivable and
a payable?
Comments:

Are records of goods returned to vendors matched to vendor

credit memos?
Comments:

Page 62 of 122
 Fraud Risk Assessment Tool

Module 8- Purchasing and Billing Schemes

Not
Yes No Applicable
Is the accounts payable ledger or voucher register reconciled
monthly to the general ledger controls accounts?
Comments:

Do write-offs of accounts payable debit balances require

approval of a designated manager?
Comments:

Is the master vendor file periodically reviewed for unusual

vendors and addresses?
Comments:

Are vendor purchases analyzed for abnormal levels?

Comments:

Are control methods in place to check for duplicate invoices

and purchase order numbers?
Comments:

Are credit card statements reviewed monthly for

irregularities?
Comments:

Are vendors with post office box addresses verified?

Comments:

Are voucher payments reviewed regularly for proper

documentation?
Comments:

Page 63 of 122
 Fraud Risk Assessment Tool

Module 8- Purchasing and Billing Schemes

Not
Yes No Applicable
Is access to the accounts payable subledger and the general
ledger restricted? Does access create an audit trail?
Comments:

Is someone designated to approve purchase orders over a

certain dollar limit?
Comments:

Are all orders placed using a purchase order (PO)?

Comments:

Are quantities of materials received counted and compared

to purchase orders?
Comments:

Are mandatory vacations of employees in the purchasing and

accounts payable functions required?
Comments:

Is purchase authority rotated among supervisors, and trends

in expenditures based on who approves invoices monitored?
Comments:

Is there increased scrutiny of and approval for invoices for

services rendered?
Comments:

Page 64 of 122
 Fraud Risk Assessment Tool

Is dual approval required when a new vendor is set up for

electronic payment?
Comments:

Is multiple-level approval required for large purchases?

Comments:

Module 8- Purchasing and Billing Schemes

Not
Yes No Applicable

Is access to the vendor master file restricted and any changes

made to the file flagged?
Comments:

Is the vendor master file periodically purged to maintain

only active approved vendors?
Comments:

Is management approval required of any adjustments to

accounts payable (e.g., writing off debit balances)?
Comments:

Is it required that all incoming mail be opened by mailroom

personnel to ensure that every incoming check is recorded?
Comments:

Have the organization’s banks been instructed not to cash

checks payable to the organization?
Comments:

Are spending limits established for credit card users?

Comments:

Page 65 of 122
 Fraud Risk Assessment Tool

Are the types of purchases that are allowable on the

company card limited?
Comments:

Is the original support for all credit card transactions

required?
Comments:

Is a clear explanation of the business purpose for every

charge made on a company credit card required?
Comments:

Module 8- Purchasing and Billing Schemes

Not
Yes No Applicable

Are vendor complaints investigated?

Comments:

Are other sources considered to verify the existence and

ownership of vendors (e.g. articles of incorporation, online
databases, Dun & Bradstreet reports, and site visits of
vendors)?
Comments:

Are vendors that have an address and a telephone area code

that reflect different geographical areas reviewed?
Comments:

Is a list of outstanding purchase orders periodically

reviewed?
Comments:

Are all receipts under blanket purchase orders reviewed, and

any quantities exceeding authorized totals rejected?
Comments:

Page 66 of 122
 Fraud Risk Assessment Tool

Are invoices that lack an invoice number investigated?

Comments:

Are invoices that lack the vendor’s address, phone number,

or fax number investigated?
Comments:

Are invoices that lack detailed descriptions of the items for

which the organization is being billed investigated?
Comments:

Module 8- Purchasing and Billing Schemes

Not
Yes No Applicable

Are invoices that show a different mailing address than the

vendor’s official address investigated?
Comments:

Have invoices been folded?

Comments:

Do invoices show signs of erasures, correction fluid, cross-

outs, or other indications of tampering?
Comments:

Is the vendor invoice from a supplier that is unknown within

the organization or in the marketplace and does not appear to
have other customers?
Comments:

Are orders for goods or services that the organization does

not normally purchase or for quantities that are out of line
with the victim organization’s normal operations examined?
Comments:

Page 67 of 122
 Fraud Risk Assessment Tool

Are vendors that regularly charge more than other vendors

for similar products or services examined?
Comments:

Are noticeable changes in an employee’s lifestyle

investigated?
Comments:

Is there a review of high-volume vendor activity for new

vendors?
Comments:

Module 8- Purchasing and Billing Schemes

Not
Yes No Applicable

Are employee workstations and trash examined for vendor

invoices or letterhead?
Comments:

Is the same employee consistently approving payments to

unknown vendors?
Comments:

Does the same employee approve an unusually high number

of payments to individuals, rather than companies?
Comments:

Is trend analysis performed to identify abnormal vendor

purchase levels?
Comments:

Page 68 of 122
 Fraud Risk Assessment Tool

Is trend analysis performed to identify significant increases

in the average unit price of various goods?
Comments:

Is trend analysis performed to identify unexpected

relationships in purchases and inventory levels?
Comments:

Is there a periodic review of paid invoices with supporting

documentation?
Comments:

Are records of returned purchases matched to vendor credit

memos?
Comments:

Module 8- Purchasing and Billing Schemes

Not
Yes No Applicable

Does someone independent of the signature authority on the

company credit card thoroughly review and reconcile each
credit card statement?
Comments:

Page 69 of 122
 Fraud Risk Assessment Tool

Module 9- Payroll Schemes

Not
Yes No Applicable
Is the employee payroll list reviewed periodically for
duplicate or missing Social Security numbers?
Comments:

Are personnel records maintained independently of payroll

and timekeeping functions?
Comments:

Are references checked on all new hires?

Comments:

Are sick leave, vacations, and holidays reviewed for

compliance with company policy?
Comments:

Are appropriate forms completed and signed by the

employee to authorize payroll deductions and withholding
exemptions?
Comments:

Is payroll periodically compared with personnel records for

terminations?
Comments:

Are payroll checks pre-numbered and issued in sequential

order?
Comments:

Is the payroll bank account reconciled by an employee who

is not involved in preparing payroll checks, does not sign the
checks, and does not handle payroll distribution?
Comments:

Page 70 of 122
 Fraud Risk Assessment Tool

Module 9- Payroll Schemes

Not
Yes No Applicable
Are payroll registers reconciled to general ledger control
accounts?
Comments:

Are cancelled payroll checks examined for alterations and

endorsements?
Comments:

Is access restricted to payroll check stock and signature

stamps?
Comments:

Are payroll withholdings for taxes, insurance, etc. examined

to determine if any employees are not having these items
deducted from their paychecks?
Comments:

Is the employee payroll list reviewed periodically for

duplicate or missing home addresses and telephone
numbers?
Comments:

Is the account information for automatically deposited

payroll checks reviewed periodically for duplicate entries?
Comments:

Is an employee separate from the payroll department

assigned to distribute payroll?
Comments:

Page 71 of 122
 Fraud Risk Assessment Tool

Module 9- Payroll Schemes

Not
Yes No Applicable
Are new employees required to furnish proof of immigration
status?
Comments:

Does any change to an employee’s salary require more than

one level of management approval?
Comments:

Does overtime have to be authorized by a supervisor?

Comments:

Do supervisors verify and sign timecards for each pay

period?
Comments:

Are commission expenses compared to sales figures to verify

amounts?
Comments:

Does someone separate from the sales department calculate

sales commissions?
Comments:

Is the payroll function processed by a third party or

internally?
Comments:

Are the following functions separated: payroll, HR, general

accounting, and treasury?
Comments:

Page 72 of 122
 Fraud Risk Assessment Tool

Module 9- Payroll Schemes

Not
Yes No Applicable

Are mandatory vacations of employees in the personnel and

payroll functions required?
Comments:

Does the organization have an imprest payroll bank account

where only deposits needed to cover payroll are used?
Comments:

Does a positive pay or reverse positive pay system for

payroll payments exist?
Comments:

Is the use of direct deposit for payroll payments strongly

encouraged?
Comments:

Is the use of manual payroll checks severely restricted?

Comments:

Are any payroll payments distributed in cash?

Comments:

Are pre-numbered payroll checks used?

Comments:

Is payroll check stock and signature stamps or plates kept

locked up?
Comments:

Page 73 of 122
 Fraud Risk Assessment Tool

Module 9- Payroll Schemes

Not
Yes No Applicable

Does an executive or high-level manager sign all payroll

checks or review payroll registers?
Comments:

Are signed paychecks maintained in a secure location until

distribution?
Comments:

Are unclaimed paychecks or pay stubs logged and kept

secure?
Comments:

Is the signing of blank payroll checks prohibited?

Comments:

Are personnel files kept locked up?

Comments:

Are employees required to provide identification to collect

their paycheck or stub?
Comments:

Does an alternate person periodically distribute payroll

checks or pay stubs directly to employees?
Comments:

Page 74 of 122
 Fraud Risk Assessment Tool

Is an electronic timekeeping mechanism used if possible?

Comments:

Module 9- Payroll Schemes

Not
Yes No Applicable

Are supervisors required to verify the time worked by each

of their employees?
Comments:

If physical time cards are used are the they kept in a secure
location?
Comments:

If physical time cards are used is a supervisor present

whenever time cards are punched?
Comments:

If physical time cards are used is supervisory approval

required of completed time cards?
Comments:

Are original time cards sent directly to payroll after

approval?
Comments:

Do employees have access to their time cards after they have

been approved?
Comments:

Page 75 of 122
 Fraud Risk Assessment Tool

Do employees clock in and out of the timekeeping system

for coworkers?
Comments:

Are employees permitted to collect a paycheck for

coworkers?
Comments:

Module 9- Payroll Schemes

Not
Yes No Applicable

Are duplicate employee names, addresses, government-

issued identification, and bank account numbers
investigated?
Comments:

Are employees who lack withholding taxes, insurance, or

other deductions from paychecks investigated?
Comments:

Are employees who have no personnel file investigated?

Comments:

Is payroll periodically checked against personnel records?

Comments:

Are unclaimed paychecks investigated?

Comments:

Page 76 of 122
 Fraud Risk Assessment Tool

Are payroll expenses compared to production schedules and

supervisors verify the distribution of hours to activity or
department?
Comments:

For each pay period, are employee counts compared with the
total number of payroll payments made (i.e., checks issued
and direct deposits made)?
Comments:

If a payroll service is used, are total payroll disbursements

compared to control totals provided by the service provider?
Comments:

Module 9- Payroll Schemes

Not
Yes No Applicable

Are any signs of alteration on manually prepared time cards

investigated?
Comments:

Does only one employee work overtime in a given

department?
Comments:

Does a particular individual work excessive overtime?

Comments:

Are high levels of overtime consistently claimed by

employees who work under a common supervisor?
Comments:

Page 77 of 122
 Fraud Risk Assessment Tool

Is overtime approved by a supervisor outside the department

of the employee in question?
Comments:

Is trend analysis performed to look for payroll expenses that

exceed budget projections or prior years’ totals?
Comments:

Does the recorded payroll taxes for the year equal the
amounts reported on federal tax forms?
Comments:

Page 78 of 122
 Fraud Risk Assessment Tool

Module 10- Expense Schemes

Not
Yes No Applicable

Are the expense accounts reviewed and analyzed

periodically using historical comparisons or comparisons
with budgeted amounts?
Comments:

Do employee expense reimbursement claims receive a

detailed review before payment is made?
Comments:

Are employees required to submit detailed expense reports?

Comments:

Is a limit placed on expenses such as hotels, meals, and

entertainment?
Comments:

Are receipts required for all expenses to be reimbursed?

Comments:

Are supervisors required to review and approve all expense

reimbursement requests?
Comments:

Is there a random authentication of expense receipts and

expenses claimed?
Comments:

Is there a written travel and entertainment policy that

employees are required to follow when submitting expenses?
Comments:

Page 79 of 122
 Fraud Risk Assessment Tool

Module 10- Expense Schemes

Not
Yes No Applicable

Does the company provide a corporate credit for employees

to use when traveling on company business?
Comments:

Does the company have per diem requirements for certain

type of expenses (e.g. meals)?
Comments:

Does the company require all attendees for business meals to

be documented?
Comments:

Is a review of expenses performed to look for unusual items

being expensed before they are approved?
Comments:

Are only business and not personal expenses reimbursed?

Comments:

Are detailed receipts required for all cash expenses?

Comments:

Is a review of merchants matched against expenses to ensure

that they are not misclassified?
Comments:

Are receipts and expenses examined to ensure the same

expense was not submitted more than once?
Comments:

Page 80 of 122
 Fraud Risk Assessment Tool

Module 10- Expense Schemes

Not
Yes No Applicable

Are expense reports required to be submitted within a certain

amount of time from the date on which the expense was
incurred?
Comments:

Page 81 of 122
 Fraud Risk Assessment Tool

Module 11- Theft of Inventory and Equipment

Not
Yes No Applicable

Has a recent inventory of company equipment, listing serial

numbers and descriptions, been completed?
Comments:

Does the company assign an individual from outside of the

department to conduct the department’s inventory?
Comments:

Are unexplained entries to the inventory records examined

for source documentation?
Comments:

Is the company experiencing sizeable inventory increases

without comparable sales increases?
Comments:

Are analytical reviews of beginning inventory, sales, cost of

goods sold, and ending inventory conducted periodically to
look for unexplained differences?
Comments:

Is there an unusual volume of inventory adjustments, write-

offs, or disposals?
Comments:

Does the organization have written inventory instructions

and orders?
Comments:

Does someone independent of the purchasing, receiving, and

warehousing functions physically count the inventory?
Comments:

Page 82 of 122
 Fraud Risk Assessment Tool

Module 11- Theft of Inventory and Equipment

Not
Yes No Applicable

Are pre-numbered inventory tags used?

Comments:

Are the inventory tags controlled and accounted for?

Comments:

Do the inventory procedures prevent double counting?

Comments:

Are inventory counts subject to independent recounts?

Comments:

Is the inventory reasonably identifiable for proper

classification in the accounting system, such as description,
condition, or stage of completion?
Comments:

Are differences between physical counts and inventory

records investigated before inventory records are adjusted?
Comments:

Is scrap inventoried and is scrap disposal accounted for?

Comments:

Are the following duties segregated: requisition of inventory,

receiving of inventory, disbursements of inventory, writing
off of inventory as scrap, and receipt of proceeds from the
sale of scrap inventory?
Comments:

Page 83 of 122
 Fraud Risk Assessment Tool

Module 11- Theft of Inventory and Equipment

Not
Yes No Applicable

Is a receiving report prepared for all purchased goods?

Comments:

Are copies of receiving reports sent directly to the

purchasing and accounting departments?
Comments:

Is the receiving department provided with a copy of the

purchase order on all items to be received?
Comments:

Are partial shipments annotated on purchase orders or

attached as separate sheets?
Comments:

Are overage, shortage, and damage reports completed and

sent to the purchasing and accounting departments?
Comments:

Are quantities of materials received counted and compared

to purchase orders?
Comments:

Is there a written policy allowing management to inspect all

desks, file cabinets, and other containers on company
property?
Comments:

Is there an equipment removal authorization policy requiring

written management approval to remove any company
equipment from the company premises?
Comments:

Page 84 of 122
 Fraud Risk Assessment Tool

Module 11- Theft of Inventory and Equipment

Not
Yes No Applicable

Is there a policy requiring the inspection of packages, boxes,

and other containers before they leave the company
premises?
Comments:

Is the removal of trash and trash receptacles periodically

monitored?
Comments:

Are the shipping and receiving areas adequately supervised

to prevent theft?
Comments:

Are high value items stored in secure or continuously

monitored areas?
Comments:

Is the shipping function separate from the purchasing and

inventory functions?
Comments:

Are shipping documents pre-numbered and accounted for?

Comments:

Are shipping orders matched with sales orders and contracts?

Comments:

Are shipments of goods required to have authorized sales

orders and contracts prior to shipping?
Comments:

Page 85 of 122
 Fraud Risk Assessment Tool

Module 11- Theft of Inventory and Equipment

Not
Yes No Applicable

Are shipping documents forwarded directly to the

accounting department for recording inventory reduction and
cost of sales?
Comments:

Are the shipping and receiving areas adequately supervised

to prevent theft?
Comments:

Is the perpetual inventory system updated to reflect the

activity of each transaction?
Comments:

Is the warehouse manager required to reconcile the receiving

report and the goods received for all incoming shipments?
Comments:

Is the accounts payable department required to compare

invoices to receiving reports before issuing payments?
Comments:

Are vacations required for employees with inventory

responsibilities?
Comments:

Is physical security maintained over high-value or high-risk

items?
Comments:

Page 86 of 122
 Fraud Risk Assessment Tool

Is the perimeter of the building secured?

Comments:

Module 11- Theft of Inventory and Equipment

Not
Yes No Applicable

Are access logs used to track those who enter these restricted
areas?
Comments:

If practical, are personalized entry codes assigned to

employees who can enter facilities on weekends or after
hours?
Comments:

Are access codes and locks changed when employees are

terminated?
Comments:

Have access controls over computerized inventory and

accounting systems been implemented?
Comments:

Does an automated perpetual inventory system provide

notification when inventory levels fall below a
predetermined reorder point?
Comments:

Are their clear procedures for counting work-in-progress

inventory?
Comments:

Page 87 of 122
 Fraud Risk Assessment Tool

Are their clear procedures for any special counting issues,

such as volume conversions?
Comments:

Is a recording method specified for counts of inventory

items?
Comments:

Module 11- Theft of Inventory and Equipment

Not
Yes No Applicable

Is shipping and receiving activities suspended during

physical counts to ensure a proper cut-off?
Comments:

Is proper identification and segregation of obsolete, slow-

moving, or damaged items performed?
Comments:

Is approval required for adjustments to inventory records,

including write-downs?
Comments:

Is there a review of authorization for scrap sales?

Comments:

Are itemized packing slips included in all shipments to

customers?
Comments:

Page 88 of 122
 Fraud Risk Assessment Tool

Are all materials requisitions to be signed by the requestor

and approved by the requestor’s supervisor?
Comments:

Has a policy on personal use of company fixed assets been

created and communicated?
Comments:

Is mileage maintained on company cars?

Comments:

Module 11- Theft of Inventory and Equipment

Not
Yes No Applicable

Is authorization required for fixed asset purchases,

improvements, and retirements, and for additions to and
deletions from fixed asset accounts?
Comments:

Are the duties of disposing of assets and receiving the

proceeds from their sale separated?
Comments:

Are procedures and personnel used to receive materials,

supplies, and merchandise monitored?
Comments:

Are any employees who frequently enter a warehouse or

stockroom after hours or on weekends investigated?
Comments:

Are physical inventory counts re-counted or spot-checked?

Comments:

Page 89 of 122
 Fraud Risk Assessment Tool

In addition to regularly scheduled inventory counts, are

surprise counts of inventory performed?
Comments:

Are all increases explained by source documents such as

receiving reports?
Comments:

Are sales that are canceled after merchandise has been

shipped reviewed?
Comments:

Module 11- Theft of Inventory and Equipment

Not
Yes No Applicable

Are shipments of merchandise for which no corresponding

sale was booked reviewed?
Comments:

Are sales where the shipping records indicate delivery to the

address of one or more employees or to a competitor
reviewed?
Comments:

Are sales where the sales tickets contain signs of alterations

reviewed?
Comments:

Are purchases that cannot be traced to inventory

investigated?
Comments:

Page 90 of 122
 Fraud Risk Assessment Tool

Are purchases in which full price was paid for shipments that
were designated as having missing or defective merchandise
investigated?
Comments:

Is trend analysis to identify unexpected increases in

uncollectable sales or bad debt expense?
Comments:

Is trend analysis of excessive purchases of materials or

merchandise performed?
Comments:

Is a historical analysis of inventory conducted to look for

significant levels of shrinkage?
Comments:

Module 11- Theft of Inventory and Equipment

Not
Yes No Applicable

Is the receipt of proceeds from the sale of any assets sold as

scrap investigated?
Comments:

Are shipping addresses compared to employee addresses?

Comments:

Are shipping addresses compared to the addresses of other

vendors?
Comments:

Is there verification that all equipment additions are properly

authorized, reconciled, and are in the company’s possession?
Comments:

Page 91 of 122
 Fraud Risk Assessment Tool

Are mileage records on company cars compared to the stated

business purpose to ensure that the use was reasonable?
Comments:

Are unexplained increases in bad debt expense, which can

indicate that an employee is creating fraudulent sales to
account for stolen inventory investigated?
Comments:

Page 92 of 122
 Fraud Risk Assessment Tool

Module 12- Theft of Intellectual Property and Data Security

Not
Yes No Applicable
Are there policies and procedures addressing the
identification, classification, and handling of proprietary
information?
Comments:

Are employees who have access to proprietary information

required to sign nondisclosure agreements?
Comments:

Are employees who have access to proprietary information

required to sign noncompete agreements to prevent them
from working for competitors within a stated period of time
and location?
Comments:

Are employees provided with training to make them aware

of proprietary information, their responsibility to protect the
information, and the company policies and procedures
relating to proprietary information?
Comments:

Is there an established procedure to identify what

information should be classified as sensitive and for how
long?
Comments:

Are sensitive documents properly classified and marked as

confidential?
Comments:

Is sensitive information properly secured when not being

used?
Comments:

Page 93 of 122
 Fraud Risk Assessment Tool

Is access to sensitive information physically controlled and

accounted for?
Comments:

Module 12- Theft of Intellectual Property and Data Security

Not
Yes No Applicable

Is sensitive information promptly destroyed when it is no

longer needed?
Comments:

Are compromises to the security of proprietary information

promptly investigated to determine the source?
Comments:

Are employees required to use screensaver and/or server

passwords to protect unattended computer systems?
Comments:

Are confidential documents shredded when discarded?

Comments:

Is there a written policy on the prohibition of software

piracy?
Comments:

Are there any policies related to data integrity, security, or

quality standards regarding information technology software
or hardware used by the organization?
Comments:

Page 94 of 122
 Fraud Risk Assessment Tool

Is a disaster recovery plan in place to protect the

organization’s data (e.g. servers, network) should a disaster
occur?
Comments:

Does the organization have backup generators or surge

protectors for all computers?
Comments:

Module 12- Theft of Intellectual Property and Data Security

Not
Yes No Applicable

Is there a written policy that prohibits the downloading of

unauthorized software?
Comments:

Are there controls in place that prohibit users from using the
same login information?
Comments:

Are passwords required to be changed periodically?

Comments:

Does the system monitor and limit the number of log-in

attempts?
Comments:

Are encryption methods used for the transmission of

sensitive data?
Comments:

Page 95 of 122
 Fraud Risk Assessment Tool

Are files backed up and stored in a safe place only accessible

by specific individuals?
Comments:

Is anti-virus software installed on every computer and

updated periodically?
Comments:

Are there documented procedures related to the installation

or updating of new software on the network?
Comments:

Module 12- Theft of Intellectual Property and Data Security

Not
Yes No Applicable

Is there one person designated to oversee any new software

installations or upgrades?
Comments:

Are any backup files stored off-site?

Comments:

Is computer activity reviewed and any unusual activity

logged and investigated?
Comments:

Are there written procedures regarding organizational data

used on personal devices?
Comments:

Page 96 of 122
 Fraud Risk Assessment Tool

Does the organization manage the on-site and online

locations of their electronic documents?
Comments:

Is there a written policy in place on how to handle electronic

document retention and destruction?
Comments:

Are employees aware of their responsibility on handling

electronic documents when there is a legal hold?
Comments:

Does the organization use another method to identify

employees, such as randomly-selected employee id numbers,
other than their Social Security Numbers (SSNs)?
Comments:

Module 12- Theft of Intellectual Property and Data Security

Not
Yes No Applicable

Does the organization conduct background checks on

employees or third parties who will be handling personal
information?
Comments:

Has an overall information security policy that clearly

defines the overall security posture and direction of the
company, employee responsibilities, approved and
unapproved use of hardware and software, and consequences
been communicated to all employees?
Comments:

Page 97 of 122
 Fraud Risk Assessment Tool

Have policies and procedures for the use of VPN and remote
and desktop access, web-based email, instant messaging
programs, and cloud storage been developed and
communicated to all employees?
Comments:

Has a Bring Your Own Device (BYOD) policy regarding the

use of personal cell phones, tablets, and other devices for
work purposes been developed and communicated?
Comments:

Is management required to review and update all information

security policies at least annually?
Comments:

Has an inventory of all authorized network devices been

compiled and maintained?
Comments:

Module 12- Theft of Intellectual Property and Data Security

Not
Yes No Applicable

Has an inventory of all authorized software been created and

maintained?
Comments:

Have periodic risk assessments been conducted to identify

and address new or increased risks to the organization’s
proprietary information?
Comments:

Page 98 of 122
 Fraud Risk Assessment Tool

Are all employees required to use server passwords to log in

to computers?
Comments:

Are employees required to log off their computers when they

leave their desks?
Comments:

Are computers set to automatically log off when left

unattended?
Comments:

Have employees been provided with training regarding

company policies and procedures relating to information
security, their responsibility to protect intellectual property,
safe internet browsing, and the appropriate use of social
media?
Comments:

Have employees been trained on a safe means to send emails

or other communications containing sensitive information?
Comments:

Module 12- Theft of Intellectual Property and Data Security

Not
Yes No Applicable

Have employees been trained on how to handle outside

threats to company information (e.g., social engineering or
phishing)?
Comments:

Page 99 of 122
 Fraud Risk Assessment Tool

Have local administrator rights been removed to prevent

employees from installing unapproved software on their
computers?
Comments:

Has auto-run been disabled on company machines to prevent

infections from portable storage devices and mobile devices?
Comments:

Has the employees’ ability to write to external storage

devices been disabled?
Comments:

Is encryption required of all sensitive data?

Comments:

Are all sensitive documents required to be properly classified

and marked as confidential?
Comments:

Is all sensitive information properly secured when not being

used?
Comments:

Module 12- Theft of Intellectual Property and Data Security

Not
Yes No Applicable

Page 100 of 122

 Fraud Risk Assessment Tool

Are physical, software, and hardware controls used to restrict

access to areas where proprietary information is stored?
Comments:

Is access to proprietary information immediately removed

for terminated employees?
Comments:

Is sensitive and confidential information required to be

promptly and effectively destroyed when it is no longer
needed?
Comments:

Are access logs for all sources of intellectual property

reviewed?
Comments:

Are trends in use of company email monitored for

employees with abnormal file transfer patterns (e.g. emailing
attachments more frequently than is appropriate, emailing
attachments after hours or on weekends)?
Comments:

Is network access monitored to identify employees who

attempt to access files unrelated to their positions or
employees who repeatedly log in and access intellectual
property during non-working hours?
Comments:

Module 12- Theft of Intellectual Property and Data Security

Not
Yes No Applicable

Page 101 of 122

 Fraud Risk Assessment Tool

Are any instances of unacceptable software use by

employees identified and investigated?
Comments:

Is any compromise to the security of proprietary information

promptly investigated?
Comments:

Page 102 of 122

 Fraud Risk Assessment Tool

Module 13- Corruption

Not
Yes No Applicable
Is there a company policy that addresses the receipt of gifts,
discounts, and services offered by a supplier or customer?
Comments:

Is there an established bidding policy?

Comments:

Are purchases reviewed to detect out of line costs?

Comments:

Are purchases reviewed to identify favored vendors?

Comments:

Are purchases reviewed to identify excessive amounts?

Comments:

Are pre-bid solicitation documents reviewed for any

restrictions on competition?
Comments:

Are bid solicitation packages numbered and controlled?

Comments:

Is communication between bidders and purchasing

employees restricted?
Comments:

Are the bids received kept confidential?

Comments:

Page 103 of 122

 Fraud Risk Assessment Tool

Module 13- Corruption

Not
Yes No Applicable
Are bidders’ qualifications verified?
Comments:

Are contracts awarded based on predetermined criteria?

Comments:

Are purchasing account assignments rotated?

Comments:

Are vendors surveyed periodically regarding company

purchasing practices?
Comments:

Does an employee show an unusual interest in a specific

contract or contractor?
Comments:

Does an employee accept contracts, products, services that

are not favorable to the organization?
Comments:

Does an employee decline a promotion that does not involve

procurement?
Comments:

Does an employee insist on specific contractors or

subcontractors?
Comments:

Page 104 of 122

 Fraud Risk Assessment Tool

Module 13- Corruption

Not
Yes No Applicable

Does an employee in procurement rarely or never take a

vacation?
Comments:

Does an employee accept inappropriate gifts from vendors?

Comments:

Does an employee have an undisclosed outside business or

appear to conduct a side business?
Comments:

Does an employee approve an unusually high volume of

purchases?
Comments:

Does a third party have a record of poor performance?

Comments:

Does a third party have a reputation for dishonesty?

Comments:

Does a third party have an undisclosed interest in a company

or business owned by an employee?
Comments:

Are multiple addresses listed for a third party?

Comments:

Page 105 of 122

 Fraud Risk Assessment Tool

Module 13- Corruption

Not
Yes No Applicable

Is a third party not on the approved contractor list?

Comments:

Is there a lack of separation of duties in the purchasing

department?
Comments:

Are contract terms favorable to the organization's product or

services?
Comments:

Is there poor documentation supporting awards of contracts

or subcontracts?
Comments:

Does an employee approve an unusually high volume of

purchases?
Comments:

Does an employee have frequent hospitality and travel

expenses for public officials?
Comments:

Does an employee have a high success rate in markets where

competitors are known to bribe?
Comments:

Does a third party make payments in cash?

Comments:

Page 106 of 122

 Fraud Risk Assessment Tool

Module 13- Corruption

Not
Yes No Applicable

Is there pressure for payments to a third party to be made

urgently or ahead of schedule?
Comments:

Are payments to a third party made through a third-party

country?
Comments:

Are there missing documents or records regarding meetings

or decisions for contracts?
Comments:

Are company procedures or guidelines for bids not being

followed?
Comments:

Are internal checks and balances being used to monitor and

review anti-bribery policies and programs?
Comments:

Does the organization have policies dedicated to combating

bribery and corruption?
Comments:

Is the organization conducting compliance assessments?

Comments:

Is there in-person training for high-risk individuals?

Comments:

Page 107 of 122

 Fraud Risk Assessment Tool

Module 13- Corruption

Not
Yes No Applicable

How knowledgeable are employees about the application of

the company's existing anti-bribery policies and procedures?
Comments:

Does the organization inform relevant third parties of the

organization's commitment to adhere to anti-corruption laws?
Comments:

Does the organization obtain a reciprocal agreement from

agents and business partners that show that they will abide by
anti-corruption laws?
Comments:

Are anti-corruption provisions in agreements and contracts

with agents and business partners?
Comments:

Was a third party recommended by a government official?

Comments:

Does a third party refuse to provide express certification of

compliance with the Bribery Act?
Comments:

Does a third party have personal or business ties to a foreign

official?
Comments:

Does the third party offer a deal too good to be true?

Comments:

Page 108 of 122

 Fraud Risk Assessment Tool

Module 13- Corruption

Not
Yes No Applicable

Does the third party's business model not make sense?

Comments:

Is the third party checked against government watch lists?

Comments:

Is the third party's insurance verified?

Comments:

Are any professional licenses held by a third party verified?

Comments:

Are site visits performed at a third party's principal place of

business?
Comments:

Is a third party's policies and procedures on fraud,

governance, and compliance reviewed?
Comments:

Are inactive vendors that have become active reviewed?

Comments:

Are there unusually large payments to a vendor in relation to

the average (e.g. the vendor is paid additional amounts that
are kicked back to the employee who enters the payment)?
Comments:

Page 109 of 122

 Fraud Risk Assessment Tool

Module 13- Corruption

Not
Yes No Applicable

Are payments to high-risk vendors reviewed?

Comments:

Are duplicate payments to vendors reviewed?

Comments:

Are vendors with PO Box addresses reviewed?

Comments:

Are there invoicing discrepancies with the vendor?

Comments:

Are any payments categorized as government expenses?

Comments:

Is there frequent use of one-time vendor arrangements?

Comments:

Are vendor payments made without supporting

documentation or proper explanation?
Comments:

Is the general ledger reviewed to identify any booked receipts

or payments that relate to foreign officials?
Comments:

Page 110 of 122

 Fraud Risk Assessment Tool

Module 13- Corruption

Not
Yes No Applicable

Are multiple invoices at or just under the approval cut-off

levels?
Comments:

Are there invoices without valid purchase orders?

Comments:

Are there invoices for poorly defined services?

Comments:

Are there weak controls over the bidding process?

Comments:

Do competing contractors complain about a purchasing

entity's practices?
Comments:

Is there a high number of competitive awards given to one

supplier?
Comments:

Are there similarities between bid specifications and the

winning contractor's products or services?
Comments:

Are there a high number of change orders for one supplier?

Comments:

Page 111 of 122

 Fraud Risk Assessment Tool

Module 13- Corruption

Not
Yes No Applicable

Are late bids accepted?

Comments:

Are bid deadlines extended?

Comments:

Are contracts changed after bids are received?

Comments:

Are invitations for bids sent to contractors that previously

declined to bid?
Comments:

Are invitations for bids sent to unqualified contractors?

Comments:

Are contracts awarded to non-responsive bidders?

Comments:

Is the last party to bid usually the winning contract?

Comments:

Is the winning bid just below the next lowest bid?

Comments:

Is there evidence of missing, copied, or fraudulent invoices?

Comments:

Page 112 of 122

 Fraud Risk Assessment Tool

Module 13- Corruption

Not
Yes No Applicable

Is the amount on an invoice and even amount (round number)

that is not expected or reasonable?
Comments:

Are purchases made after business hours?

Comments:

Do supervisors place a lot of trust in employees who have

purchasing cards?
Comments:

Does an employee rush the purchasing card reconciliation

process seeking to reduce the amount of time for review?
Comments:

Does an employee submit several purchasing card

reconciliations at the same time?
Comments:

Does a contractor submit several invoices for the same or

similar work under different jobs or contracts?
Comments:

Does the procuring entity give the same contractor multiple

contract awards for the similar work?
Comments:

Page 113 of 122

 Fraud Risk Assessment Tool

Module 14- Conflicts of Interest

Not
Yes No Applicable

Are there periodic comparisons of vendor information with

employee information, such as addresses and telephone
numbers?
Comments:

Are vendors who employ former company employees under

increased scrutiny?
Comments:

Does the organization have a reporting procedure for

personnel to report their concerns about vendors receiving
favored treatment?
Comments:

Are employees required to complete an annual disclosure

document that includes business ownership, income, and
investment information?
Comments:

Does the organization require vendors to sign an agreement

allowing vendor audits?
Comments:

Are vendor audits conducted by someone independent of the

purchase, sales, billing, and receiving departments?
Comments:

Are third party relationships and related party transactions

formally disclosed?
Comments:

Page 114 of 122

 Fraud Risk Assessment Tool

Module 14- Conflicts of Interest

Not
Yes No Applicable

Does an employee show an unusual interest in a specific

contract or contractor?
Comments:

Does an employee accept contracts, products, services that

are not favorable to the organization?
Comments:

Does an employee decline a promotion not involving

procurement?
Comments:

Does an employee insist on specific contractors or

subcontractors?
Comments:

Does a procurement employee rarely or never take a

vacation?
Comments:

Does an employee accept inappropriate gifts from vendors?

Comments:

Does an employee have an undisclosed outside business or

appear to conduct a side business?
Comments:

Does an employee approve an unusually high volume of

purchases?
Comments:

Page 115 of 122

 Fraud Risk Assessment Tool

Module 14- Conflicts of Interest

Not
Yes No Applicable

Does an employee have frequent hospitality and travel

expenses for public officials?
Comments:

Does an employee have a high success rate in markets where

competitors are known to bribe?
Comments:

Does a procurement employee accept late bids?

Comments:

Does a contractor have a close relationship with a

procurement employee who participated in drafting contract
specifications?
Comments:

Does contracting personnel provide information or advice

about contracts to a contractor on a preferential basis?
Comments:

Page 116 of 122

 Fraud Risk Assessment Tool

Module 15- Fraudulent Financial Reports

Not
Yes No Applicable
Are the organization’s accounting records in proper form?
Comments:

Does the organization employ an adequate number of

accounting employees?
Comments:

Does the organization have an effective internal audit staff?

Comments:

Are proper internal controls established and maintained?

Comments:

Does the organization embrace the concept of internal

controls?
Comments:

Are senior managers visible in their support of internal

controls?
Comments:

Are the organization’s financial goals and objectives

realistic?
Comments:

Does the organization consistently achieve its financial goals

and objectives?
Comments:

Page 117 of 122

 Fraud Risk Assessment Tool

Is the organization’s reported financial performance stable or

increasing?
Comments:

Module 15- Fraudulent Financial Reports

Not
Yes No Applicable
Does the company have stable relationships with its banks?
Comments:

Are there unrealistic changes or increases in financial

statement account balances?
Comments:

Are the account balances realistic given the nature, age, and
size of the company?
Comments:

Do actual physical assets exist in the amounts and values

indicated on the financial statements?
Comments:

Have there been significant changes in the nature of the

organization’s revenues or expenses?
Comments:

Do one or a few large transactions account for a significant

portion of any account balance or amount?
Comments:

Are there significant transactions that occur near the end of a

period that positively impact results of operations, especially
transactions that are unusual or highly complex?
Comments:

Page 118 of 122

 Fraud Risk Assessment Tool

Are financial results fairly consistent across periods?

Comments:

Module 15- Fraudulent Financial Reports

Not
Yes No Applicable
Is there an inability to generate cash flows from operations
while experiencing earnings growth?
Comments:

Is there significant pressure to obtain additional capital

necessary to stay competitive?
Comments:

Are reported assets, liabilities, revenues or expenses based

on significant estimates that involve unusually subjective
judgments or uncertainties?
Comments:

Are reported assets, liabilities, revenues, or expenses based

on significant estimates that are subject to potential
significant change in the near term in a manner that may
have a financially disruptive effect on the organization?
Comments:

Is the company experiencing unusually rapid growth or

profitability, especially when compared with that of other
companies in the same industry?
Comments:

Is the organization highly vulnerable to changes in interest

rates?
Comments:

Page 119 of 122

 Fraud Risk Assessment Tool

Are the unrealistically aggressive sales or profitability

incentive programs?
Comments:

Module 15- Fraudulent Financial Reports

Not
Yes No Applicable
Is there a threat of imminent bankruptcy, foreclosure, or
hostile takeover?
Comments:

Is there a high possibility of adverse consequences on

significant pending transactions, such as business
combinations or contract awards, if poor financial results are
reported?
Comments:

Is there a poor deteriorating financial position when

management has personally guaranteed significant debts of
the entity?
Comments:

Does the firm continuously operate on a crisis basis or

without a careful budgeting and planning process?
Comments:

Does the organization have difficulty collecting receivables

or have other cash flow problems?
Comments:

Is the organization dependent on one or two key products or

services, especially products or services that can become
quickly obsolete?
Comments:

Page 120 of 122

 Fraud Risk Assessment Tool

Do the footnotes contain information about complex issues?

Comments:

Are there adequate disclosures in the financial of footnotes?

Comments:

Module 15- Fraudulent Financial Reports

Not
Yes No Applicable

Do external auditors review the financial statements for

significant misstatements or omissions?
Comments:

Is there a reporting mechanism for employees who have

concerns about the financial reporting process?
Comments:

Is management unusually absent from the office?

Comments:

Are financial statements reviewed by management on a

monthly or quarterly basis?
Comments:

Are accounts reconciled each month and approved by

management?
Comments:

Does the organization prepare a cash flow statement for the

organization?
Comments:

Page 121 of 122

 Fraud Risk Assessment Tool

Does the organization have incentive or award programs in

place for employees who report misconduct related to the
financial reporting process?
Comments:

Are revenues and expenses appropriately recorded?

Comments:

Module 15- Fraudulent Financial Reports

Not
Yes No Applicable

Has the organization omitted any liabilities or expenses from

the financial statements?
Comments:

Do the numbers reflected in the financial statements

accurately reflect the financial situation of the organization?
Comments:

Page 122 of 122