INSPECTOR GENERAL
U.S. Department of Defense
PRESENTED BY: LAUREN MCLEAN, INTERNAL AUDIT TECHNICAL SPECIALIST
March 2015
APPROACHES FOR CONDUCTING
FRAUD RISK ASSESSMENTS
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
AUDIT POLICY AND OVERSIGHT
HOW WE CONTRIBUTE TO GOOD GOVERNMENT








Evaluate and provide best practices to the DoD audit community.
Perform peer reviews of DoD audit organizations.
Provide technical support for external quality control reviews.
Ensure that non-Federal auditors understand and comply with appropriate
standards and procedures.
Develop and maintain DoD directives, instructions, and other guidance related to
audits and audit standards.
Comment on and coordinate audit related Cost Accounting Standards, legislation,
policies, procedures and standards.
Provide technical and/or consultative advice on audit standards and practices.
Maintain the DoD OIG Fraud Webpage
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
2
DOD OIG FRAUD WEBPAGE
 Overview of Resources
 What’s New
 The Path Forward
http://www.dodig.mil/Resources/Fraud/index.html
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
3
FRAUD RISK ASSESSMENT TOPICS
•
Overview of Fraud Risk Assessment Project Scope, Methodology, Participating
Organizations, and Report Resources
•
Fraud risk assessments
What they are
Why they are important
Benefits
•
Tips and Tools for Conducting High Quality Brainstorming Sessions
•
Auditor Approaches for Assessing Fraud Risk
•
Entity-wide Fraud Risk Assessments Approaches
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
4
PROJECT OVERVIEW






How We Identified Best Practices for Conducting Fraud Risk Assessments
Interviewed 100 Subject Matter Experts
Attorneys, Auditors, Forensic Auditors, Investigators, Engineers, Academics
45 Participating Organizations – DoD, Nonprofits, Public Accounting Firms, Private
Companies
Subject Matter Experts Represented 16 States and the District of Columbia
Independent Research
Do Not Endorse A Specific Approach
Examples of Report Resources
 Audit fraud risk policy, fraud interview questionnaire, case studies
 Entity-wide fraud risk assessment report examples
 Organization Tool for Evaluating Fraud Control Program
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
5
FRAUD RISK ASSESSMENTS
What are they?
• Auditor
• Entity-wide
• Why are they important?
• Benefits of quality auditor fraud risk assessments
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
6
BENEFITS AND OPPORTUNITIES
Benefits




Prioritize the organization’s most significant fraud risks
Organization commitment and cooperation
Assess the impact and probability of fraud risk in relation to objectives
Targeted fraud risk discussion to include risk appetite, tolerance, and
accountability
Opportunities
 Identify immediate and longer term improvement opportunities
 Drive consistency in approaches to assessing fraud risks
 Identification and evaluation of fraud risks is available for the organization
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
7
BRAINSTORMING
Seven Essential Practices for Auditors







Sessions are led by a partner or forensic specialist.
An IT audit specialist attends the primary brainstorming session.
The engagement’s primary session is held pre-planning or early in planning.
The discussion about how management might perpetrate fraud is robust.
The discussion about audit responses to fraud risk is detailed.
The level of manager contribution to the session is high.
The level of partner contribution to the session is significant.
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
8
DOD FRAUD BRAINSTORMING TIPS
 No thought is considered bad; instead, all thoughts are considered good. Any
ideas put forward by participants are considered. At the end of the sessions, all
the walls in the meeting rooms are papered with ideas. Director, Defense Contract
Management Agency, Contract Integrity Center
 When identifying fraud risks, follow the money; where an organization is
spending money, you will find fraud. Criminal Investigator, Defense Information
Systems, Office of Inspector General, Investigations Division
 Make sure attendees keep on time and keep on task. Deputy Director,
Department of the Navy, Risk Management and Compliance Branch
 Have Fun! Chief Audit Executive, Navy Exchange Service Command
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
9
DOD AUDIT ORGANIZATION APPROACHES
Marine Corps Nonapproriated Funds Audit Service
(MCNAFAS)
 Brainstorming Sessions
 Internal Control Questionnaires
 Strategies for Effective Fraud Interviews
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
10
GENERAL CONTROL QUESTIONNAIRE
1. Can management override a control? If yes, explain.
2. How does senior management communicate its commitment to sound internal
control and their expectation regarding the employees’ role?
3. Does management receive frequent and timely updates from the budget function,
accounting function, internal and external audits, and compliance functions? If yes,
explain.
4. Is the structure appropriate to manage activities and accomplish goals? If no,
explain.
5. Are the reporting relationships appropriately organized and periodically reviewed?
If no, explain.
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
11
STRATEGIES FOR EFFECTIVE FRAUD INTERVIEWS
 Active listening skills are essential for achieving highquality fraud interviews.
 Use care and good judgment in all discussions about
fraud and do not insinuate that fraud is present or an
employee or manager is under suspicion.
 Set the proper tone for the discussion.
 Be sure to ask follow up questions.
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
12
DOD AUDIT ORGANIZATION APPROACHES
Army and Air Force Exchange Service (AAFES),
Audit Division
“When conducting fraud risk assessments, auditors need to
think about internal controls and ask themselves:
What do I need to measure? And what is the potential for
fraud?” Audit Director, AAFES
 Critical thinking skills are emphasized.
 Developed a fraud risk assessment template.
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
13
AAFES METHODS FOR IDENTIFYING FRAUD RISKS
During audit planning, team members review relevant policies and procedures.
Auditors brainstorm and use the risk assessment template tool to:
 Identify relevant risk areas
Examine the process or program flow. Team members stimulate discussion
by considering:
Where along those processes can control breakdowns occur?
 Identify internal controls
Auditors discuss – What may happen if there is a breakdown in internal
controls?
 Identify areas where fraud could occur that are significant to the audit objective.
 Design audit procedures to address those risk areas.
 Document analysis and results in the fraud risk assessment template.
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
14
FRAUD RISK ASSESSMENT TEMPLATE
SUBJECT AREA: SCHOOL MEAL PROGRAM
PROCESS FLOW
Student applies for
free/reduced meals.
PROCESS CONTROL
POINTS
(INTERNAL CONTROLS
OVER PROCESS)
Local installation or
community commander
approves/denies application
based on income guidelines
set by the Secretary of
Agriculture.
RISK DETAILS
(WHAT COULD GO
WRONG?)
Student approved for
incorrect meal plan and/or
student approved even
though they were not eligible.
RISK LEVEL
(HIGH, MODERATE, OR
LOW)
Low - The Exchange would
still be reimbursed for meals
sold regardless of student
eligibility.
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
AUDIT PROCEDURE
FRAUD
TEST
None required. Risk is
None
low. The Exchange is not required.
involved in the approval
process for free/reduced
meals and reimbursement
would not be affected.
15
ENTITY-WIDE FRAUD RISK ASSESSMENT APPROACHES
Getting Started – Recruit Subject Matter Experts
 Organization management to ensure commitment to the
process and understanding of fraud risks within their areas of
responsibility
 Accounting or financial personnel who are familiar with the
financial reporting processes and internal controls
 Non-financial operations personnel to leverage their
knowledge of daily operations and issues within a program or
process
 Attorneys, auditors, and investigators
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
16
ENTITY-WIDE FRAUD RISK ASSESSMENT APPROACHES
DoD Investigative Organizations
 Brainstorming Sessions
 Assign risk rankings - weighted based on specific criteria and high,
medium or low
 Reviews of ongoing and prior fraud cases
 Study of Association of Certified Fraud Examiner reports to pinpoint
emerging fraud trends
 Evaluate expenditures to identify higher risk programs
 Analysis of programs with increased levels of congressional interest
 Request input from field offices
 Installation-level fraud risk reviews target risks within specific geographical
areas
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
17
ENTITY-WIDE FRAUD RISK ASSESSMENT APPROACHES
Association of American Medical Colleges (AAMC)
 Quantifiable Fraud Risk Assessment
 Qualitative Fraud Risk Assessment
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
18
TEXAS TECH
 Perception Based Approach
 Electronic Polling Software
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
19
CLOSING
QUESTIONS?
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
20
THANK YOU
Contact Information
Lauren Mclean, DoD OIG
Lauren.mclean@dodig.mil
Telephone – 703 604 8741
INTEGRITY  EFFICIENCY  ACCOUNTABILITY  EXCELLENCE
21