8/2/2019 Fraud Risk Guideto

1/29

Guide to

G U I D E L I N E S

Fraud Risk Assessment

8/2/2019 Fraud Risk Guideto

2/29

P R O D U C E D B Y

Governance Directorate

NSW Department of Community Services

Head Office

4-6 Cavill Ave

Ashfield NSW 1800

Phone: 9716 2222

J A N U A R Y 2 0 0 5

This document is available on

DoCS Online

8/2/2019 Fraud Risk Guideto

3/29

F R A U D R I S K A S S E S S M E N T

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Purpose of the Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2How to use the Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1 Administration

Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

General Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Motor Vehicles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2 Finance

Accounts Payable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Petty Cash and Cash Receipts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3 Purchase of Services from Service Providers . . . . . . . . . . . . . . . . . . . . .11

4 Human Resource Management

Payroll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Personnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

5 Information Systems

Information Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

6 Procurement

Inventory (Stores) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Professional Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Purchasing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

Overall Fraud Risk Assessment Rating . . . . . . . . . . . . . . . . . . . . . . . . . . .23

Evaluation of Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Contents

G U I D E T O F R A U D R I S K A S S E S S M E N T

8/2/2019 Fraud Risk Guideto

4/291

F R A U D R I S K A S S E S S M E N T

Creating and maintaining high standards

of ethical behaviour is the responsibility

of every employee.

This Guide to Fraud Risk Assessmentis

an essential part of the Department's

Fraud Control Plan, which is designed

to raise awareness of fraud in the

workplace and provide information and

assistance to staff on the prevention,

detection and reporting of fraud.

The purpose of the Guide to Fraud Risk

Assessmentis to help managers and

staff to assess the adequacy of existing

controls and to determine whether

additional fraud counter-measures are

required.

The fraud risk assessment process

outlined in this document does not

replace existing standards or manuals

such as the Financial Procedures Manual.

I N T R O D U C T I O N

8/2/2019 Fraud Risk Guideto

5/29

P U R P O S E O F T H E G U I D E

F R A U D R I S K A S S E S S M E N T

2

The Guide describes a range of:

possible inherent fraud risks thatmight occur in a series of typicaladministrative situations, and

control measures that could be usedto address them

The Recommended Control Measures are

a collection of good ideas that would

apply to most situations most of the

time. But there is no "one size fits all"

solution.

Most fraud categories will apply to all

units. However, the category relating

specifically to Service Providers will be

relevant only to Regional Offices and the

Head Office unit dealing with service

providers.

The Assessment should be revisited

regularly to ensure that the fraud risks

are minimal and under control.

8/2/2019 Fraud Risk Guideto

6/29

F R A U D R I S K A S S E S S M E N T

3

Focus on one Fraud Risk Categoryat a time (e.g.Assets on page 5).Consider all Inherent Risks in thefirst column.Add any others youcan think of

Consider each RecommendedControl Measure separately.Indicate in the third column yes orno as to whether or not that controlis in place in your unit

Indicate in the fourth column yourrating of how well the ControlMeasure is working in relation to thepossible risks. The Risk Assessmentrating can range from 1 to 9, where1 means lowest possible risk and 9means highest risk

(Remember, you are rating eachRecommended Control Measure,NOT the Inherent Risks).

H O W T O U S E T H E G U I D E

Rating Signi f icance Defini t ion Act ion Requi red

1 Very Low Provides no apparent opportunity for fraudulent activity None

3 Low Provides a low level of opportunity for fraudulent activity None but be aware

of any weak spots

5 Moderate Provides a moderate opportunity for fraudulent activity Strategy for

improvement

7 High Provides a high opportunity for fraudulent activity Immediate strategy

for improvement

9 Very High Creates a very high exposure to fraud. Priority strategy

for improvement

(Intermediate ratings eg 2, 4, 6 and 8 may be used for gradation).

This is how we suggest you use the Guide to Risk Assessment:

8/2/2019 Fraud Risk Guideto

7/29

H O W T O U S E T H E G U I D E (Continued)

For example, under Assets, on page 5,

the second Recommended Control

Measure is Maintenance of register of

portable equipment to keep track of

laptops etc. Suppose you indicated that

there was no 'Control Measure in Place'.

Consider how risky this situation is. If

there are no laptops or any equipment of

any significant value that staff take away

from the office, you might rate the risk as

only 1. On the other hand, if there are,

and equipment has gone missing in the

past, you might rate it 7.

Similarly, on another Recommended

Control Measure you may have indicated

that the control measure is in place.

But you still need to determine the level

of risk. For example, consider the first

Recommended Control Measure for

Assets, New equipment valued>$5,000

immediately given an asset number

and placed in assets register etc.

Although an asset register exists, it may

not have been updated for some time,so you might rate it 5.

Add any other useful ControlMeasures that may occur to you andapply the same rating process

Work out and write down a strategyto address all Recommended ControlMeasures that you have rated as 5 ormore out of 9

Add up the Rating of ControlMeasure column for each Fraud RiskCategory and write down against'Sum of risk assessment ratings (a)'.Work out the Average Fraud Risk for

each Fraud Risk Category by dividing(a) by the number of RecommendedControl Measures

Transfer the number ofRecommended Control Measures andthe total at (a) for each Category topage 23. Then determine an overallrisk rating for your unit. This will giveyou a sense of the vulnerability tofraud of your unit as a whole

But most importantly, implementyour strategies

F R A U D R I S K A S S E S S M E N T

4

8/2/2019 Fraud Risk Guideto

8/29

Y N

F R A U D R I S K C A T E G O R Y - A S S E T S

F R A U D R I S K A S S E S S M E N T

5

RecommendedContro l Measures

Sum of Risk Assessment Rat ings

Average Fraud Risk

(a)

(b)

Theft or loss ofassets, particularlyattractive orportable assetssuch as laptopsor other computer

equipment Unapproved

removal or disposalof assets eg.because of allegeddamage

Loss of control overassets becauseasset register notbeing maintained

Inability to explain

and/or itemiseexpenditure onassets

Inherent Risks- what couldgo wrong

Y N

Y N

Y N

Y N

Y N

Y N

Y N

Y N

Additional Control Measures:

Contro lMeasure

in P lace(YES/NO)

1 2 3 4 5 6 7 8 9

RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)

Y N 1 2 3 4 5 6 7 8 9

New equipment valued>$5,000 (or > $500 if portableand attractive) immediately given an asset numberand placed in assets register

Maintenance of a register of portable equipment tokeep track of laptops etc that are used by individualstaff on a temporary basis

Where possible, segregation of duties betweenofficers receipting equipment and placing on register

Regular stocktake of assets performed by officer/sindependent of receiving or recording function

Management approval for all asset disposal

Stocktake and reconciliation performed prior to anytransfer or permanent closures, and assets on handtransferred appropriately

Regular checks that current stock levels reflectpurchases and usage since previous stocktake

Appropriate, complete expenditure classification onvouchers to facilitate expenditure analysis

Secure storage of assets

1 . Admin is t ra t ion

Additional Inherent

Risks:

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

8/2/2019 Fraud Risk Guideto

9/29

1. Admi ni strat ion(Cont inued)

6

F R A U D R I S K A S S E S S M E N T

RecommendedContro l Measures

Contro lMeasurein P lace(YES/NO)

Sum of Risk Assessment Rat ings

Average Fraud Risk

(a )

(b )

Y N Theft of physicalresources such asstationery, tools etc

Unauthorised use ofcab charge vouchers

Inappropriate useof Departmentalphones (includingmobile phones),photocopiers,portable andattractive items

Code of Conduct promoted to all staff

Managers ensure staff know what the rules are,and model appropriate behaviour

Internal policies made available to all staff

Monitoring of usage and expenditure rateson photocopying, taxis, mobile phones etc

Keep copies of invoices for expenditure on assets,and monitor expenditure and usage

Secure storage of resources

Inherent Risks- what couldgo wrong

Additional Inherent

Risks:

Y N

Y N

Y N

Y N

Y N

Additional Control Measures:

1 2 3 4 5 6 7 8 9

RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)

F R A U D R I S K C A T E G O R Y - G E N E R A L R E S O U R C E S

Y N 1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

8/2/2019 Fraud Risk Guideto

10/29

F R A U D R I S K C A T E G O R Y - I N F O R M A T I O N

F R A U D R I S K A S S E S S M E N T

7

RecommendedContro l Measures

Sum of Risk Assessment Rat ings

Average Fraud Risk

(a)

(b)

Y N Unauthoriseddisclosure ofpersonal orconfidentialinformation

Unauthorised accessto client records

Theft of client filesfrom Departmentalvehicles

Managers ensure staff are aware of "need to know"policy

Managers ensure staff are aware of requirements ofprivacy legislation

Managers/supervisors to initiate specific controls or

guidelines in sensitive areas Managers ensure staff are aware of procedures on

passwords etc

Clean desk policy applied for client and personnelfiles

Sound security maintained for sensitive orconfidential information

Appropriate and timely storage or disposal ofsensitive or confidential information

Client and other confidential files locked away when

not in use Random and targeted audits of KiDS access

Inherent Risks- what couldgo wrong

Additional Inherent

Risks:

Y N

Y N

Y N

Y N

Y N

Y N

Y N

Y N

Additional Control Measures:

Contro lMeasure

in P lace(YES/NO)

1 2 3 4 5 6 7 8 9

RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)

Y N 1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1. Admi ni strat ion(Cont inued)

8/2/2019 Fraud Risk Guideto

11/29

1. Administra tion(Cont inued)

8

F R A U D R I S K A S S E S S M E N T

RecommendedContro l Measures

Contro lMeasurein P lace(YES/NO)

Sum of Risk Assessment Rat ings

Average Fraud Risk

(a )

(b )

Y N Unauthorisedprivate use of motorvehicles

Theft of vehiclesfrom parking areasor while garagedat home

Theft or substitutionof accessories ortools

Use of petrol cardfor private vehicleor unauthorisedpurchases

Falsification ofvehicle log

Supervisors to ensure staff understand policy oncareful and authorised use of departmental vehicles

All use of Departmental vehicles to be approved

Clearly understood approval mechanism for useof vehicles

Absences from workplace to be approved bysupervisor

Random reviews conducted of vehicle accessories andrequisitions to ensure they are still in the vehicle

Regular reviews of vehicle log books

Regular reviews of purchases on petrol cards

Inherent Risks- what couldgo wrong

Additional Inherent

Risks:

Y N

Y N

Y N

Y N

Y N

Y N

Additional Control Measures:

1 2 3 4 5 6 7 8 9

RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)

F R A U D R I S K C A T E G O R Y - M O T O R V E H I C L E S

Y N 1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

8/2/2019 Fraud Risk Guideto

12/29

F R A U D R I S K C A T E G O R Y - A C C O U N T S P A Y A B L E

F R A U D R I S K A S S E S S M E N T

9

RecommendedContro l Measures

Sum of Risk Assessment Rat ings

Average Fraud Risk

(a)

(b)

Y N False invoicesaccepted resultingin payment forgoods not received

Collusive practicebetween supplierand purchasingofficer resulting ininvoice price higherthan approved onordering

System ismanipulatedresulting in EFTpayments to non-existent supplier

False travel claims

submitted

Authorised accounting officer complies withdelegation limits

Invoice prices validated by supporting documentationsuch as requisitions and purchase orders

Segregation of duties between purchasing officer

and officer authorising payment All payments authorised and made on the basis of

valid supporting documentation

All travel claims approved by the supervisor

Inherent Risks- what couldgo wrong

Additional Inherent

Risks:

Y N

Y N

Y N

Y N

Additional Control Measures:

Contro lMeasure

in P lace(YES/NO)

1 2 3 4 5 6 7 8 9

RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)

2. F inance

Y N 1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

8/2/2019 Fraud Risk Guideto

13/29

2. F inance(Cont inued)

10

F R A U D R I S K A S S E S S M E N T

RecommendedContro l Measures

Contro lMeasurein P lace(YES/NO)

Sum of Risk Assessment Rat ings

Average Fraud Risk

(a )

(b )

Y N Theft or"borrowing"of petty cash

Submission ofbogus petty cashclaims

Receipts not issuedfor money received

Under-banking orfailure to bank cashreceipts

Theft of cashfollowing permanentclosure or relocationof unit

Using petty cash

inappropriately tosplit orders

The adequacy and validity of claims is checked

Paying officer stamps claims and receipts as "paid"

Claims not paid without authorisation

Petty cash claims contain details of the itempurchased

Adequate physical security over cash holdingseg. access to safe and combination limited, safelocked etc

Procedure in place to enable regular reconciliationbetween documentation, cash receipts, and pettycash claims

Cash count and re-banking of cash on handimmediately prior to permanent closure orrelocation of unit

Inherent Risks- what couldgo wrong

Additional Inherent

Risks:

Y N

Y N

Y N

Y N

Y N

Y N

Additional Control Measures:

1 2 3 4 5 6 7 8 9

RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)

F R A U D R I S K C A T E G O R Y - P E T T Y C A S H A N D C A S H R E C E I P T S

Y N 1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

8/2/2019 Fraud Risk Guideto

14/29

R E G I O N A L O F F I C E S A N D R E L E V A N T H E A D O F F I C E D I R E C T O R A T E S

F R A U D R I S K A S S E S S M E N T

11

RecommendedContro l Measures

Sum of Risk Assessment Rat ings

Average Fraud Risk

(a)

(b)

Y N An incidence offraud has beenidentified, butprocesses have notbeen put in place toreduce the risk of

repetition Fraudulent use of

funds provided

Collusive practicesresulting in thepurchasing processnot being sufficientlycompetitive

Payments forservices continueto organisations

that do not complywith reportingrequirements

Formal process of background checking oforganisations applying to provide service, at thestage of expression of interest

Reporting, monitoring and accountability system inplace to ensure compliance with service agreement

System in place to ensure that non-compliance withreporting requirements are flagged prior topayments being made to contracted organisations

Staff induction programs to include fraud preventionand control

Manage conflicts of interest of relevant staff andensure they understand policy

Personal and/or pecuniary interests of DoCS staff aredeclared and registered, including any interests inany organisation with which DoCS conducts itsbusiness

Inherent Risks- what couldgo wrong

Additional Inherent

Risks:

Y N

Y N

Y N

Y N

Y N

Additional Control Measures:

Contro lMeasure

in P lace(YES/NO)

1 2 3 4 5 6 7 8 9

RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)

3 . P urchase o f Se rv icesfrom Service Providers

Y N 1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

8/2/2019 Fraud Risk Guideto

15/2912

F R A U D R I S K A S S E S S M E N T

3. P urchase o f Se rv icesfrom Service Providers(Cont inued)

RecommendedContro l Measures

Contro lMeasurein P lace(YES/NO)

Sum of Risk Assessment Rat ings

Average Fraud Risk

(a )

(b )

Y N Services arepurchased from anorganisation with aprevious fraudhistory or generalrecord on non-

compliance withreportingrequirement

Staff involved indecision making ormonitoring mayhave a personal orpecuniary interest inthe contract eg.position on themanagement orsteering committee

of an organisation

Regions (Regional Director or Director, Partnershipsand Planning) can suspend payments for onequarter for non-compliance with contract andreporting requirements. The Minister is to beinformed where the suspension may be controversialor it is proposed to continue the suspension for a

second quarter Centrally maintained register of organisations

with a fraud history or with a record of seriousnon-compliance

Assessments of expressions of interest toinclude officers independent of those involvedin administering the program

Service agreements signed by provider prior toany payment

Inherent Risks- what couldgo wrong

Additional Inherent

Risks:

Y N

Y N

Y N

Additional Control Measures:

1 2 3 4 5 6 7 8 9

RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)

R E G I O N A L O F F I C E S A N D R E L E V A N T H E A D O F F I C E D I R E C T O R A T E S

Y N 1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

8/2/2019 Fraud Risk Guideto

16/29

3 . P urchase o f Se rv icesfrom Service Providers(Cont inued)

R E G I O N A L O F F I C E S A N D R E L E V A N T H E A D O F F I C E D I R E C T O R A T E S

F R A U D R I S K A S S E S S M E N T

13

RecommendedContro l Measures

Sum of Risk Assessment Rat ings

Average Fraud Risk

(a)

(b)

Y N Collusive practicesbetween auditorof the financialstatement andthe contractedorganisation

Service coordinatordrives organisationfor his/her benefit

Auditor of the Financial Statements must be aregistered Company Auditor, Chartered Accountant,Certified Practising Accountant or otherwise suitablyqualified to meet the Department's criteria, and notassociated with the contracted organisation

Ethics issues covered in briefing sessions given toservice providers

Management committee signs off on fundsagreement, budget, work plans, job descriptions etc

Inherent Risks- what couldgo wrong

Additional Inherent

Risks:

Y N

Y N

Additional Control Measures:

Contro lMeasure

in P lace(YES/NO)

1 2 3 4 5 6 7 8 9

RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)

Y N 1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

8/2/2019 Fraud Risk Guideto

17/2914

F R A U D R I S K A S S E S S M E N T

4 . Human Resource Management

RecommendedContro l Measures

Contro lMeasurein P lace(YES/NO)

Sum of Risk Assessment Rat ings

Average Fraud Risk

(a )

(b )

Y N Unauthorised staffappointments

Overtime workedwithoutauthorisation

Timesheets alteredto increase hours,allowances etc

Staff orchestratingcall-outs

Payments aboveapprovedentitlements

Overpayment ofemployees

Appropriate delegations and procedures forappointment of staff

Supervisors, not staff, submit staff timesheets orattendance variation forms to payroll

Regular management reports provided to

supervisors Process in place to ensure data entry and data

acceptance done by different staff

Signature of supervisor required before timesheetcan be processed

Inherent Risks- what couldgo wrong

Additional Inherent

Risks:

Y N

Y N

Y N

Y N

Additional Control Measures:

1 2 3 4 5 6 7 8 9

RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)

F R A U D R I S K C A T E G O R Y - P AY R O L L

Y N 1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

8/2/2019 Fraud Risk Guideto

18/29

F R A U D R I S K C A T E G O R Y - P AY R O L L

F R A U D R I S K A S S E S S M E N T

15

RecommendedContro l Measures

Sum of Risk Assessment Rat ings

Average Fraud Risk

(a)

(b)

Y N Fraudulentrecording ofattendance/time

Leave taken exceedsentitlement

Inappropriaterostering, egfavouritism,excessive staffon shifts

Staff claiming forsimultaneous shiftsin differentlocations

Regular management reviews of rosters

Regular management reviews of major costfluctuations

Systemic checks to identify staff workingsimultaneous shifts

Managers/supervisors review management reportsand monitor trends in overtime, allowances etc. toensure false claims are not being paid

Inherent Risks- what couldgo wrong

Additional Inherent

Risks:

Y N

Y N

Y N

Additional Control Measures:

Contro lMeasure

in P lace(YES/NO)

1 2 3 4 5 6 7 8 9

RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)

4 . Human Resource Management(Cont inued)

Y N 1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

8/2/2019 Fraud Risk Guideto

19/29

4 . Human Resource Management(Cont inued)

16

F R A U D R I S K A S S E S S M E N T

RecommendedContro l Measures

Contro lMeasurein P lace(YES/NO)

Sum of Risk Assessment Rat ings

Average Fraud Risk

(a )

(b )

Y N Applications foremployment usingfalse personaldetails

Appointments madeother than on merit

Collusion betweenstaff to coverunauthorisedabsenteeism

Conducting personalbusiness duringworking hours

Fraud committedthrough negligenceas a result ofmanager/supervisor

not checking claimsfor payment

Fraudulent worker'scompensationclaims

Thorough reference checks carried out on recruitsbefore appointment

HR staff follow formally documented procedures

Recruitment panels reminded of need to deal withconflicts of interest

Rotation of staff where practical

Copies of original documentation required to verifypersonal details of new staff

Managers ensure staff are aware of policies on useof departmental resources, including time

Suspected fraudulent worker's compensation claimsreported and investigated

Inherent Risks- what couldgo wrong

Additional Inherent

Risks:

Y N

Y N

Y N

Y N

Y N

Y N

Additional Control Measures:

1 2 3 4 5 6 7 8 9

RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)

F R A U D R I S K C A T E G O R Y - P E R S O N N E L

Y N 1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

8/2/2019 Fraud Risk Guideto

20/29

F R A U D R I S K C A T E G O R Y - I N F O R M A T I O N T E C H N O L O G Y

F R A U D R I S K A S S E S S M E N T

17

RecommendedContro l Measures

Sum of Risk Assessment Rat ings

Average Fraud Risk

(a)

(b)

Y N Loss of datafollowing disaster oraccident resulting inpeople taking unfairadvantage ofsituation (eg.

stealing assets notrecorded,demandinginappropriatepayments etc)

Inadequateapplication(software) controlsresulting inunauthorised staffaccessing systems

Unauthorisedrelease of username and/orpassword

Business Continuity Plan (eg how to operate in theevent of floods, fire etc)

Regular backup and off-site storage of Local AreaNetwork data

Appropriate level of computer access provided

to staff Staff reminded not to share logons and passwords

Staff log out of computers (or lock workstations) atend of day or before extended periods away fromcomputer, to prevent unauthorised use

Access to Departmental systems is deleted as staffleave employment

Staff instructed not to use DoCS credit cards topurchase goods over the internet

Inherent Risks- what couldgo wrong

Additional Inherent

Risks:

Y N

Y N

Y N

Y N

Y N

Y N

Additional Control Measures:

Contro lMeasure

in P lace(YES/NO)

1 2 3 4 5 6 7 8 9

RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)

5 . I nf ormation Sys tems

Y N 1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

8/2/2019 Fraud Risk Guideto

21/2918

F R A U D R I S K A S S E S S M E N T

5. I nf ormation Sys tems(Cont inued)

RecommendedContro l Measures

Contro lMeasurein P lace(YES/NO)

Sum of Risk Assessment Rat ings

Average Fraud Risk

(a )

(b )

Y N Use of DoCS creditcard for purchasesover the internet,resulting in misuseof credit cardnumber by vendor

Excessive internetbrowsing

Misrepresentationof Department byexpressing personalviews onDepartmental e-mail

Installation of illegal(pirate) software onDoCS computers

Downloading ofinappropriatematerial frominternet

Regular reminders to staff on internet use policy

Regular reviews of internet browsing usage todetect potential excessive usage, and whereappropriate, reviews of websites visited

Staff advised/reminded of need for discretion when

using Departmental e-mail to express personalviews to people outside the Department

Staff instructed not to install illegal (pirate) softwareon DoCS computers

Inherent Risks- what couldgo wrong

Additional Inherent

Risks:

Y N

Y N

Y N

Additional Control Measures:

1 2 3 4 5 6 7 8 9

RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)

F R A U D R I S K C A T E G O R Y - I N F O R M A T I O N T E C H N O L O G Y

Y N 1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

8/2/2019 Fraud Risk Guideto

22/29

F R A U D R I S K C A T E G O R Y - I N V E N T O R Y ( S T O R E S )

F R A U D R I S K A S S E S S M E N T

19

RecommendedContro l Measures

Sum of Risk Assessment Rat ings

Average Fraud Risk

(a)

(b)

Y N Theft of goods

Unauthoriseddisposal of goods

Adequate physical security of stores

Regular reviews of the reasonableness of ordersfor stores

Regular stocktakes with results documented andreported to manager

Persons independent of the stores to be involved instocktakes where possible

Manager's approval required for disposal of goods

Inherent Risks- what couldgo wrong

Additional Inherent

Risks:

Y N

Y N

Y N

Y N

Additional Control Measures:

Contro lMeasure

in P lace(YES/NO)

1 2 3 4 5 6 7 8 9

RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)

6. Procurement

Y N 1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

8/2/2019 Fraud Risk Guideto

23/29

6. Procurement(Cont inued)

20

F R A U D R I S K A S S E S S M E N T

RecommendedContro l Measures

Contro lMeasurein P lace(YES/NO)

Sum of Risk Assessment Rat ings

Average Fraud Risk

(a )

(b )

Y N Staff involved indecision making mayhave a personal orpecuniary interestin the contractresulting in biased

tender evaluation Specification briefs

based oninformation suppliedby a contractor

Lack of physicalsecurity over tenderopening procedures

Payment offraudulent claims

Repeated use of

same contractor Collusive practices

which influence thetender and selectionprocess

Personal and/or pecuniary interests are declared andregistered including any interest in any organisationwith which DoCS conducts business

Manager to ensure any conflicts of interest aremanaged appropriately. Staff with conflict shouldnot be involved in decision-making

Selection and monitoring of professional servicescomplies with Premier's Department Circular2000/47 and Premier's Department Circular 2004-17, Engagement and Use of Consultants, whichupdates the financial levels applicable

Research market and obtain a number of quotes oruse government contracts

Consider panel of pre-qualified providers for regularservices eg. psychologists, and allocate work fairly

Check all claims carefully before approval

Use standard contracts where possible

Inherent Risks- what couldgo wrong

Additional Inherent

Risks:

Y N

Y N

Y N

Y N

Y N

Y N

Additional Control Measures:

1 2 3 4 5 6 7 8 9

RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)

F R A U D R I S K C A T E G O R Y - P R O F E S S I O N A L S E R V I C E S (Consultants etc)

Y N 1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

8/2/2019 Fraud Risk Guideto

24/29

8/2/2019 Fraud Risk Guideto

25/29

6. Procurement(Cont inued)

22

F R A U D R I S K A S S E S S M E N T

RecommendedContro l Measures

Contro lMeasurein P lace(YES/NO)

Sum of Risk Assessment Rat ings

Average Fraud Risk

(a )

(b )

Y N Orders fraudulentlychanged

Kickbacks orspotting fees paidto staff forpreferential

selection

Splitting orders toavoid obtainingquotes or to getaround delegationlimits

Use purchasing guidelines based on the PublicSector Management (Goods and Services)Regulation 1995

Segregation of duties between officers orderinggoods and signing for delivery of goods

Inherent Risks- what couldgo wrong

Additional Inherent

Risks:

Y N

Additional Control Measures:

1 2 3 4 5 6 7 8 9

RiskAssessmentRat ing ofContro lMeasures(P lease c irc le-referto table on page 3)

F R A U D R I S K C A T E G O R Y - P U R C H A S I N G

Y N 1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

8/2/2019 Fraud Risk Guideto

26/29

F R A U D R I S K A S S E S S M E N T

23

Column 1

N o. o f Co n tro l

Measuresrated in eachCategory

Overal l Fraud Risk Exposure

Administration:

Assets General Resources Information Motor Vehicles

Finance:

Accounts Payable Petty Cash and Cash Receipts

Service Providers:

Human Resource

Management:

Payroll Personnel

Information Systems:

Information Technology

Procurement:

Inventory Professional Services Purchasing

Fraud Risk Category Column 2

Transfer ( a)

f rom eachFraud RiskCategory

Average Risk

Div ide Column 2

entry by Column 1entry for eachCategory

Overal l Fraud Risk Assessment Rating

Total

Divide Column 2Total by Column 1Total

Column 1 Total: Column 2 Total:

8/2/2019 Fraud Risk Guideto

27/2924

F R A U D R I S K A S S E S S M E N T

Evaluation

Your comments will assist in refining the assessment process.

Using the scale below, please indicate with a cross (x) how useful the fraud riskassessment exercise has been in determining your fraud risk profile.

Please comment on the relevance of the fraud risk categories and their groupingsinto the functional areas. (Please insert response).

Very High High Moderate Low Very Low

8/2/2019 Fraud Risk Guideto

28/29

F R A U D R I S K A S S E S S M E N T

25

Evaluation(Cont inued)

Is there a particular fraud risk category that you believe should be added to thepresent list? (Please insert response).

How could the fraud risk assessment process be improved? (Please insertresponse).

Please forward your Assessment, and any other comments, to the Manager, Business

Assurance, by internal mail or by faxing to (02) 9716 2111.

8/2/2019 Fraud Risk Guideto

29/29

F R A U D R I S K A S S E S S M E N T