Post on 06-Apr-2018
transcript
8/2/2019 Fraud Risk Guideto
1/29
Guide to
G U I D E L I N E S
Fraud Risk Assessment
8/2/2019 Fraud Risk Guideto
2/29
P R O D U C E D B Y
Governance Directorate
NSW Department of Community Services
Head Office
4-6 Cavill Ave
Ashfield NSW 1800
Phone: 9716 2222
J A N U A R Y 2 0 0 5
This document is available on
DoCS Online
8/2/2019 Fraud Risk Guideto
3/29
F R A U D R I S K A S S E S S M E N T
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Purpose of the Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2How to use the Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1 Administration
Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
General Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Motor Vehicles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2 Finance
Accounts Payable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Petty Cash and Cash Receipts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3 Purchase of Services from Service Providers . . . . . . . . . . . . . . . . . . . . .11
4 Human Resource Management
Payroll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Personnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
5 Information Systems
Information Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
6 Procurement
Inventory (Stores) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Professional Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Purchasing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Overall Fraud Risk Assessment Rating . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Evaluation of Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Contents
G U I D E T O F R A U D R I S K A S S E S S M E N T
8/2/2019 Fraud Risk Guideto
4/291
F R A U D R I S K A S S E S S M E N T
Creating and maintaining high standards
of ethical behaviour is the responsibility
of every employee.
This Guide to Fraud Risk Assessmentis
an essential part of the Department's
Fraud Control Plan, which is designed
to raise awareness of fraud in the
workplace and provide information and
assistance to staff on the prevention,
detection and reporting of fraud.
The purpose of the Guide to Fraud Risk
Assessmentis to help managers and
staff to assess the adequacy of existing
controls and to determine whether
additional fraud counter-measures are
required.
The fraud risk assessment process
outlined in this document does not
replace existing standards or manuals
such as the Financial Procedures Manual.
I N T R O D U C T I O N
8/2/2019 Fraud Risk Guideto
5/29
P U R P O S E O F T H E G U I D E
F R A U D R I S K A S S E S S M E N T
2
The Guide describes a range of:
possible inherent fraud risks thatmight occur in a series of typicaladministrative situations, and
control measures that could be usedto address them
The Recommended Control Measures are
a collection of good ideas that would
apply to most situations most of the
time. But there is no "one size fits all"
solution.
Most fraud categories will apply to all
units. However, the category relating
specifically to Service Providers will be
relevant only to Regional Offices and the
Head Office unit dealing with service
providers.
The Assessment should be revisited
regularly to ensure that the fraud risks
are minimal and under control.
8/2/2019 Fraud Risk Guideto
6/29
F R A U D R I S K A S S E S S M E N T
3
Focus on one Fraud Risk Categoryat a time (e.g.Assets on page 5).Consider all Inherent Risks in thefirst column.Add any others youcan think of
Consider each RecommendedControl Measure separately.Indicate in the third column yes orno as to whether or not that controlis in place in your unit
Indicate in the fourth column yourrating of how well the ControlMeasure is working in relation to thepossible risks. The Risk Assessmentrating can range from 1 to 9, where1 means lowest possible risk and 9means highest risk
(Remember, you are rating eachRecommended Control Measure,NOT the Inherent Risks).
H O W T O U S E T H E G U I D E
Rating Signi f icance Defini t ion Act ion Requi red
1 Very Low Provides no apparent opportunity for fraudulent activity None
3 Low Provides a low level of opportunity for fraudulent activity None but be aware
of any weak spots
5 Moderate Provides a moderate opportunity for fraudulent activity Strategy for
improvement
7 High Provides a high opportunity for fraudulent activity Immediate strategy
for improvement
9 Very High Creates a very high exposure to fraud. Priority strategy
for improvement
(Intermediate ratings eg 2, 4, 6 and 8 may be used for gradation).
This is how we suggest you use the Guide to Risk Assessment:
8/2/2019 Fraud Risk Guideto
7/29
H O W T O U S E T H E G U I D E (Continued)
For example, under Assets, on page 5,
the second Recommended Control
Measure is Maintenance of register of
portable equipment to keep track of
laptops etc. Suppose you indicated that
there was no 'Control Measure in Place'.
Consider how risky this situation is. If
there are no laptops or any equipment of
any significant value that staff take away
from the office, you might rate the risk as
only 1. On the other hand, if there are,
and equipment has gone missing in the
past, you might rate it 7.
Similarly, on another Recommended
Control Measure you may have indicated
that the control measure is in place.
But you still need to determine the level
of risk. For example, consider the first
Recommended Control Measure for
Assets, New equipment valued>$5,000
immediately given an asset number
and placed in assets register etc.
Although an asset register exists, it may
not have been updated for some time,so you might rate it 5.
Add any other useful ControlMeasures that may occur to you andapply the same rating process
Work out and write down a strategyto address all Recommended ControlMeasures that you have rated as 5 ormore out of 9
Add up the Rating of ControlMeasure column for each Fraud RiskCategory and write down against'Sum of risk assessment ratings (a)'.Work out the Average Fraud Risk for
each Fraud Risk Category by dividing(a) by the number of RecommendedControl Measures
Transfer the number ofRecommended Control Measures andthe total at (a) for each Category topage 23. Then determine an overallrisk rating for your unit. This will giveyou a sense of the vulnerability tofraud of your unit as a whole
But most importantly, implementyour strategies
F R A U D R I S K A S S E S S M E N T
4
8/2/2019 Fraud Risk Guideto
8/29
Y N
F R A U D R I S K C A T E G O R Y - A S S E T S
F R A U D R I S K A S S E S S M E N T
5
RecommendedContro l Measures
Sum of Risk Assessment Rat ings
Average Fraud Risk
(a)
(b)
Theft or loss ofassets, particularlyattractive orportable assetssuch as laptopsor other computer
equipment Unapproved
removal or disposalof assets eg.because of allegeddamage
Loss of control overassets becauseasset register notbeing maintained
Inability to explain
and/or itemiseexpenditure onassets
Inherent Risks- what couldgo wrong
Y N
Y N
Y N
Y N
Y N
Y N
Y N
Y N
Additional Control Measures:
Contro lMeasure
in P lace(YES/NO)
1 2 3 4 5 6 7 8 9
RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)
Y N 1 2 3 4 5 6 7 8 9
New equipment valued>$5,000 (or > $500 if portableand attractive) immediately given an asset numberand placed in assets register
Maintenance of a register of portable equipment tokeep track of laptops etc that are used by individualstaff on a temporary basis
Where possible, segregation of duties betweenofficers receipting equipment and placing on register
Regular stocktake of assets performed by officer/sindependent of receiving or recording function
Management approval for all asset disposal
Stocktake and reconciliation performed prior to anytransfer or permanent closures, and assets on handtransferred appropriately
Regular checks that current stock levels reflectpurchases and usage since previous stocktake
Appropriate, complete expenditure classification onvouchers to facilitate expenditure analysis
Secure storage of assets
1 . Admin is t ra t ion
Additional Inherent
Risks:
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
8/2/2019 Fraud Risk Guideto
9/29
1. Admi ni strat ion(Cont inued)
6
F R A U D R I S K A S S E S S M E N T
RecommendedContro l Measures
Contro lMeasurein P lace(YES/NO)
Sum of Risk Assessment Rat ings
Average Fraud Risk
(a )
(b )
Y N Theft of physicalresources such asstationery, tools etc
Unauthorised use ofcab charge vouchers
Inappropriate useof Departmentalphones (includingmobile phones),photocopiers,portable andattractive items
Code of Conduct promoted to all staff
Managers ensure staff know what the rules are,and model appropriate behaviour
Internal policies made available to all staff
Monitoring of usage and expenditure rateson photocopying, taxis, mobile phones etc
Keep copies of invoices for expenditure on assets,and monitor expenditure and usage
Secure storage of resources
Inherent Risks- what couldgo wrong
Additional Inherent
Risks:
Y N
Y N
Y N
Y N
Y N
Additional Control Measures:
1 2 3 4 5 6 7 8 9
RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)
F R A U D R I S K C A T E G O R Y - G E N E R A L R E S O U R C E S
Y N 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
8/2/2019 Fraud Risk Guideto
10/29
F R A U D R I S K C A T E G O R Y - I N F O R M A T I O N
F R A U D R I S K A S S E S S M E N T
7
RecommendedContro l Measures
Sum of Risk Assessment Rat ings
Average Fraud Risk
(a)
(b)
Y N Unauthoriseddisclosure ofpersonal orconfidentialinformation
Unauthorised accessto client records
Theft of client filesfrom Departmentalvehicles
Managers ensure staff are aware of "need to know"policy
Managers ensure staff are aware of requirements ofprivacy legislation
Managers/supervisors to initiate specific controls or
guidelines in sensitive areas Managers ensure staff are aware of procedures on
passwords etc
Clean desk policy applied for client and personnelfiles
Sound security maintained for sensitive orconfidential information
Appropriate and timely storage or disposal ofsensitive or confidential information
Client and other confidential files locked away when
not in use Random and targeted audits of KiDS access
Inherent Risks- what couldgo wrong
Additional Inherent
Risks:
Y N
Y N
Y N
Y N
Y N
Y N
Y N
Y N
Additional Control Measures:
Contro lMeasure
in P lace(YES/NO)
1 2 3 4 5 6 7 8 9
RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)
Y N 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1. Admi ni strat ion(Cont inued)
8/2/2019 Fraud Risk Guideto
11/29
1. Administra tion(Cont inued)
8
F R A U D R I S K A S S E S S M E N T
RecommendedContro l Measures
Contro lMeasurein P lace(YES/NO)
Sum of Risk Assessment Rat ings
Average Fraud Risk
(a )
(b )
Y N Unauthorisedprivate use of motorvehicles
Theft of vehiclesfrom parking areasor while garagedat home
Theft or substitutionof accessories ortools
Use of petrol cardfor private vehicleor unauthorisedpurchases
Falsification ofvehicle log
Supervisors to ensure staff understand policy oncareful and authorised use of departmental vehicles
All use of Departmental vehicles to be approved
Clearly understood approval mechanism for useof vehicles
Absences from workplace to be approved bysupervisor
Random reviews conducted of vehicle accessories andrequisitions to ensure they are still in the vehicle
Regular reviews of vehicle log books
Regular reviews of purchases on petrol cards
Inherent Risks- what couldgo wrong
Additional Inherent
Risks:
Y N
Y N
Y N
Y N
Y N
Y N
Additional Control Measures:
1 2 3 4 5 6 7 8 9
RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)
F R A U D R I S K C A T E G O R Y - M O T O R V E H I C L E S
Y N 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
8/2/2019 Fraud Risk Guideto
12/29
F R A U D R I S K C A T E G O R Y - A C C O U N T S P A Y A B L E
F R A U D R I S K A S S E S S M E N T
9
RecommendedContro l Measures
Sum of Risk Assessment Rat ings
Average Fraud Risk
(a)
(b)
Y N False invoicesaccepted resultingin payment forgoods not received
Collusive practicebetween supplierand purchasingofficer resulting ininvoice price higherthan approved onordering
System ismanipulatedresulting in EFTpayments to non-existent supplier
False travel claims
submitted
Authorised accounting officer complies withdelegation limits
Invoice prices validated by supporting documentationsuch as requisitions and purchase orders
Segregation of duties between purchasing officer
and officer authorising payment All payments authorised and made on the basis of
valid supporting documentation
All travel claims approved by the supervisor
Inherent Risks- what couldgo wrong
Additional Inherent
Risks:
Y N
Y N
Y N
Y N
Additional Control Measures:
Contro lMeasure
in P lace(YES/NO)
1 2 3 4 5 6 7 8 9
RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)
2. F inance
Y N 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
8/2/2019 Fraud Risk Guideto
13/29
2. F inance(Cont inued)
10
F R A U D R I S K A S S E S S M E N T
RecommendedContro l Measures
Contro lMeasurein P lace(YES/NO)
Sum of Risk Assessment Rat ings
Average Fraud Risk
(a )
(b )
Y N Theft or"borrowing"of petty cash
Submission ofbogus petty cashclaims
Receipts not issuedfor money received
Under-banking orfailure to bank cashreceipts
Theft of cashfollowing permanentclosure or relocationof unit
Using petty cash
inappropriately tosplit orders
The adequacy and validity of claims is checked
Paying officer stamps claims and receipts as "paid"
Claims not paid without authorisation
Petty cash claims contain details of the itempurchased
Adequate physical security over cash holdingseg. access to safe and combination limited, safelocked etc
Procedure in place to enable regular reconciliationbetween documentation, cash receipts, and pettycash claims
Cash count and re-banking of cash on handimmediately prior to permanent closure orrelocation of unit
Inherent Risks- what couldgo wrong
Additional Inherent
Risks:
Y N
Y N
Y N
Y N
Y N
Y N
Additional Control Measures:
1 2 3 4 5 6 7 8 9
RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)
F R A U D R I S K C A T E G O R Y - P E T T Y C A S H A N D C A S H R E C E I P T S
Y N 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
8/2/2019 Fraud Risk Guideto
14/29
R E G I O N A L O F F I C E S A N D R E L E V A N T H E A D O F F I C E D I R E C T O R A T E S
F R A U D R I S K A S S E S S M E N T
11
RecommendedContro l Measures
Sum of Risk Assessment Rat ings
Average Fraud Risk
(a)
(b)
Y N An incidence offraud has beenidentified, butprocesses have notbeen put in place toreduce the risk of
repetition Fraudulent use of
funds provided
Collusive practicesresulting in thepurchasing processnot being sufficientlycompetitive
Payments forservices continueto organisations
that do not complywith reportingrequirements
Formal process of background checking oforganisations applying to provide service, at thestage of expression of interest
Reporting, monitoring and accountability system inplace to ensure compliance with service agreement
System in place to ensure that non-compliance withreporting requirements are flagged prior topayments being made to contracted organisations
Staff induction programs to include fraud preventionand control
Manage conflicts of interest of relevant staff andensure they understand policy
Personal and/or pecuniary interests of DoCS staff aredeclared and registered, including any interests inany organisation with which DoCS conducts itsbusiness
Inherent Risks- what couldgo wrong
Additional Inherent
Risks:
Y N
Y N
Y N
Y N
Y N
Additional Control Measures:
Contro lMeasure
in P lace(YES/NO)
1 2 3 4 5 6 7 8 9
RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)
3 . P urchase o f Se rv icesfrom Service Providers
Y N 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
8/2/2019 Fraud Risk Guideto
15/2912
F R A U D R I S K A S S E S S M E N T
3. P urchase o f Se rv icesfrom Service Providers(Cont inued)
RecommendedContro l Measures
Contro lMeasurein P lace(YES/NO)
Sum of Risk Assessment Rat ings
Average Fraud Risk
(a )
(b )
Y N Services arepurchased from anorganisation with aprevious fraudhistory or generalrecord on non-
compliance withreportingrequirement
Staff involved indecision making ormonitoring mayhave a personal orpecuniary interest inthe contract eg.position on themanagement orsteering committee
of an organisation
Regions (Regional Director or Director, Partnershipsand Planning) can suspend payments for onequarter for non-compliance with contract andreporting requirements. The Minister is to beinformed where the suspension may be controversialor it is proposed to continue the suspension for a
second quarter Centrally maintained register of organisations
with a fraud history or with a record of seriousnon-compliance
Assessments of expressions of interest toinclude officers independent of those involvedin administering the program
Service agreements signed by provider prior toany payment
Inherent Risks- what couldgo wrong
Additional Inherent
Risks:
Y N
Y N
Y N
Additional Control Measures:
1 2 3 4 5 6 7 8 9
RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)
R E G I O N A L O F F I C E S A N D R E L E V A N T H E A D O F F I C E D I R E C T O R A T E S
Y N 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
8/2/2019 Fraud Risk Guideto
16/29
3 . P urchase o f Se rv icesfrom Service Providers(Cont inued)
R E G I O N A L O F F I C E S A N D R E L E V A N T H E A D O F F I C E D I R E C T O R A T E S
F R A U D R I S K A S S E S S M E N T
13
RecommendedContro l Measures
Sum of Risk Assessment Rat ings
Average Fraud Risk
(a)
(b)
Y N Collusive practicesbetween auditorof the financialstatement andthe contractedorganisation
Service coordinatordrives organisationfor his/her benefit
Auditor of the Financial Statements must be aregistered Company Auditor, Chartered Accountant,Certified Practising Accountant or otherwise suitablyqualified to meet the Department's criteria, and notassociated with the contracted organisation
Ethics issues covered in briefing sessions given toservice providers
Management committee signs off on fundsagreement, budget, work plans, job descriptions etc
Inherent Risks- what couldgo wrong
Additional Inherent
Risks:
Y N
Y N
Additional Control Measures:
Contro lMeasure
in P lace(YES/NO)
1 2 3 4 5 6 7 8 9
RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)
Y N 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
8/2/2019 Fraud Risk Guideto
17/2914
F R A U D R I S K A S S E S S M E N T
4 . Human Resource Management
RecommendedContro l Measures
Contro lMeasurein P lace(YES/NO)
Sum of Risk Assessment Rat ings
Average Fraud Risk
(a )
(b )
Y N Unauthorised staffappointments
Overtime workedwithoutauthorisation
Timesheets alteredto increase hours,allowances etc
Staff orchestratingcall-outs
Payments aboveapprovedentitlements
Overpayment ofemployees
Appropriate delegations and procedures forappointment of staff
Supervisors, not staff, submit staff timesheets orattendance variation forms to payroll
Regular management reports provided to
supervisors Process in place to ensure data entry and data
acceptance done by different staff
Signature of supervisor required before timesheetcan be processed
Inherent Risks- what couldgo wrong
Additional Inherent
Risks:
Y N
Y N
Y N
Y N
Additional Control Measures:
1 2 3 4 5 6 7 8 9
RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)
F R A U D R I S K C A T E G O R Y - P AY R O L L
Y N 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
8/2/2019 Fraud Risk Guideto
18/29
F R A U D R I S K C A T E G O R Y - P AY R O L L
F R A U D R I S K A S S E S S M E N T
15
RecommendedContro l Measures
Sum of Risk Assessment Rat ings
Average Fraud Risk
(a)
(b)
Y N Fraudulentrecording ofattendance/time
Leave taken exceedsentitlement
Inappropriaterostering, egfavouritism,excessive staffon shifts
Staff claiming forsimultaneous shiftsin differentlocations
Regular management reviews of rosters
Regular management reviews of major costfluctuations
Systemic checks to identify staff workingsimultaneous shifts
Managers/supervisors review management reportsand monitor trends in overtime, allowances etc. toensure false claims are not being paid
Inherent Risks- what couldgo wrong
Additional Inherent
Risks:
Y N
Y N
Y N
Additional Control Measures:
Contro lMeasure
in P lace(YES/NO)
1 2 3 4 5 6 7 8 9
RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)
4 . Human Resource Management(Cont inued)
Y N 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
8/2/2019 Fraud Risk Guideto
19/29
4 . Human Resource Management(Cont inued)
16
F R A U D R I S K A S S E S S M E N T
RecommendedContro l Measures
Contro lMeasurein P lace(YES/NO)
Sum of Risk Assessment Rat ings
Average Fraud Risk
(a )
(b )
Y N Applications foremployment usingfalse personaldetails
Appointments madeother than on merit
Collusion betweenstaff to coverunauthorisedabsenteeism
Conducting personalbusiness duringworking hours
Fraud committedthrough negligenceas a result ofmanager/supervisor
not checking claimsfor payment
Fraudulent worker'scompensationclaims
Thorough reference checks carried out on recruitsbefore appointment
HR staff follow formally documented procedures
Recruitment panels reminded of need to deal withconflicts of interest
Rotation of staff where practical
Copies of original documentation required to verifypersonal details of new staff
Managers ensure staff are aware of policies on useof departmental resources, including time
Suspected fraudulent worker's compensation claimsreported and investigated
Inherent Risks- what couldgo wrong
Additional Inherent
Risks:
Y N
Y N
Y N
Y N
Y N
Y N
Additional Control Measures:
1 2 3 4 5 6 7 8 9
RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)
F R A U D R I S K C A T E G O R Y - P E R S O N N E L
Y N 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
8/2/2019 Fraud Risk Guideto
20/29
F R A U D R I S K C A T E G O R Y - I N F O R M A T I O N T E C H N O L O G Y
F R A U D R I S K A S S E S S M E N T
17
RecommendedContro l Measures
Sum of Risk Assessment Rat ings
Average Fraud Risk
(a)
(b)
Y N Loss of datafollowing disaster oraccident resulting inpeople taking unfairadvantage ofsituation (eg.
stealing assets notrecorded,demandinginappropriatepayments etc)
Inadequateapplication(software) controlsresulting inunauthorised staffaccessing systems
Unauthorisedrelease of username and/orpassword
Business Continuity Plan (eg how to operate in theevent of floods, fire etc)
Regular backup and off-site storage of Local AreaNetwork data
Appropriate level of computer access provided
to staff Staff reminded not to share logons and passwords
Staff log out of computers (or lock workstations) atend of day or before extended periods away fromcomputer, to prevent unauthorised use
Access to Departmental systems is deleted as staffleave employment
Staff instructed not to use DoCS credit cards topurchase goods over the internet
Inherent Risks- what couldgo wrong
Additional Inherent
Risks:
Y N
Y N
Y N
Y N
Y N
Y N
Additional Control Measures:
Contro lMeasure
in P lace(YES/NO)
1 2 3 4 5 6 7 8 9
RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)
5 . I nf ormation Sys tems
Y N 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
8/2/2019 Fraud Risk Guideto
21/2918
F R A U D R I S K A S S E S S M E N T
5. I nf ormation Sys tems(Cont inued)
RecommendedContro l Measures
Contro lMeasurein P lace(YES/NO)
Sum of Risk Assessment Rat ings
Average Fraud Risk
(a )
(b )
Y N Use of DoCS creditcard for purchasesover the internet,resulting in misuseof credit cardnumber by vendor
Excessive internetbrowsing
Misrepresentationof Department byexpressing personalviews onDepartmental e-mail
Installation of illegal(pirate) software onDoCS computers
Downloading ofinappropriatematerial frominternet
Regular reminders to staff on internet use policy
Regular reviews of internet browsing usage todetect potential excessive usage, and whereappropriate, reviews of websites visited
Staff advised/reminded of need for discretion when
using Departmental e-mail to express personalviews to people outside the Department
Staff instructed not to install illegal (pirate) softwareon DoCS computers
Inherent Risks- what couldgo wrong
Additional Inherent
Risks:
Y N
Y N
Y N
Additional Control Measures:
1 2 3 4 5 6 7 8 9
RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)
F R A U D R I S K C A T E G O R Y - I N F O R M A T I O N T E C H N O L O G Y
Y N 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
8/2/2019 Fraud Risk Guideto
22/29
F R A U D R I S K C A T E G O R Y - I N V E N T O R Y ( S T O R E S )
F R A U D R I S K A S S E S S M E N T
19
RecommendedContro l Measures
Sum of Risk Assessment Rat ings
Average Fraud Risk
(a)
(b)
Y N Theft of goods
Unauthoriseddisposal of goods
Adequate physical security of stores
Regular reviews of the reasonableness of ordersfor stores
Regular stocktakes with results documented andreported to manager
Persons independent of the stores to be involved instocktakes where possible
Manager's approval required for disposal of goods
Inherent Risks- what couldgo wrong
Additional Inherent
Risks:
Y N
Y N
Y N
Y N
Additional Control Measures:
Contro lMeasure
in P lace(YES/NO)
1 2 3 4 5 6 7 8 9
RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)
6. Procurement
Y N 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
8/2/2019 Fraud Risk Guideto
23/29
6. Procurement(Cont inued)
20
F R A U D R I S K A S S E S S M E N T
RecommendedContro l Measures
Contro lMeasurein P lace(YES/NO)
Sum of Risk Assessment Rat ings
Average Fraud Risk
(a )
(b )
Y N Staff involved indecision making mayhave a personal orpecuniary interestin the contractresulting in biased
tender evaluation Specification briefs
based oninformation suppliedby a contractor
Lack of physicalsecurity over tenderopening procedures
Payment offraudulent claims
Repeated use of
same contractor Collusive practices
which influence thetender and selectionprocess
Personal and/or pecuniary interests are declared andregistered including any interest in any organisationwith which DoCS conducts business
Manager to ensure any conflicts of interest aremanaged appropriately. Staff with conflict shouldnot be involved in decision-making
Selection and monitoring of professional servicescomplies with Premier's Department Circular2000/47 and Premier's Department Circular 2004-17, Engagement and Use of Consultants, whichupdates the financial levels applicable
Research market and obtain a number of quotes oruse government contracts
Consider panel of pre-qualified providers for regularservices eg. psychologists, and allocate work fairly
Check all claims carefully before approval
Use standard contracts where possible
Inherent Risks- what couldgo wrong
Additional Inherent
Risks:
Y N
Y N
Y N
Y N
Y N
Y N
Additional Control Measures:
1 2 3 4 5 6 7 8 9
RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)
F R A U D R I S K C A T E G O R Y - P R O F E S S I O N A L S E R V I C E S (Consultants etc)
Y N 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
8/2/2019 Fraud Risk Guideto
24/29
8/2/2019 Fraud Risk Guideto
25/29
6. Procurement(Cont inued)
22
F R A U D R I S K A S S E S S M E N T
RecommendedContro l Measures
Contro lMeasurein P lace(YES/NO)
Sum of Risk Assessment Rat ings
Average Fraud Risk
(a )
(b )
Y N Orders fraudulentlychanged
Kickbacks orspotting fees paidto staff forpreferential
selection
Splitting orders toavoid obtainingquotes or to getaround delegationlimits
Use purchasing guidelines based on the PublicSector Management (Goods and Services)Regulation 1995
Segregation of duties between officers orderinggoods and signing for delivery of goods
Inherent Risks- what couldgo wrong
Additional Inherent
Risks:
Y N
Additional Control Measures:
1 2 3 4 5 6 7 8 9
RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)
F R A U D R I S K C A T E G O R Y - P U R C H A S I N G
Y N 1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7 8 9
8/2/2019 Fraud Risk Guideto
26/29
F R A U D R I S K A S S E S S M E N T
23
Column 1
N o. o f Co n tro l
Measuresrated in eachCategory
Overal l Fraud Risk Exposure
Administration:
Assets General Resources Information Motor Vehicles
Finance:
Accounts Payable Petty Cash and Cash Receipts
Service Providers:
Human Resource
Management:
Payroll Personnel
Information Systems:
Information Technology
Procurement:
Inventory Professional Services Purchasing
Fraud Risk Category Column 2
Transfer ( a)
f rom eachFraud RiskCategory
Average Risk
Div ide Column 2
entry by Column 1entry for eachCategory
Overal l Fraud Risk Assessment Rating
Total
Divide Column 2Total by Column 1Total
Column 1 Total: Column 2 Total:
8/2/2019 Fraud Risk Guideto
27/2924
F R A U D R I S K A S S E S S M E N T
Evaluation
Your comments will assist in refining the assessment process.
Using the scale below, please indicate with a cross (x) how useful the fraud riskassessment exercise has been in determining your fraud risk profile.
Please comment on the relevance of the fraud risk categories and their groupingsinto the functional areas. (Please insert response).
Very High High Moderate Low Very Low
8/2/2019 Fraud Risk Guideto
28/29
F R A U D R I S K A S S E S S M E N T
25
Evaluation(Cont inued)
Is there a particular fraud risk category that you believe should be added to thepresent list? (Please insert response).
How could the fraud risk assessment process be improved? (Please insertresponse).
Please forward your Assessment, and any other comments, to the Manager, Business
Assurance, by internal mail or by faxing to (02) 9716 2111.
8/2/2019 Fraud Risk Guideto
29/29
F R A U D R I S K A S S E S S M E N T