ID

Number Identified Fraud Risks and Schemes Risk Score

Fraudulent Disbursements - Check Tampering & Expense

AM4 25
Reimbursement Schemes

Conflicts of Interest - Undisclosed relationships or related-

party transactions that negatively impact an organization's
IAC 2 25
reputation and may cause financial harm while benefiting
the person with the relationship
 Cash Theft by Cyberfraud - Professional fraudsters use
AM1 phishing to obtain organization's online banking login 20
credentials and severely deplete the bank accounts

Revenue Recognition - Delivery of product prior to

FR3 customer's requested delivery date or prior to receipt of 20
customer's order

IAC 1 Bribery of governmental officials 20

Fraudulent Disbursements - Billing Schemes - Use of

AM2 15
phony vendors
 Revenue Recognition - Side letters/agreements with
concessions (e.g. extened payment terms, price
FR2 15
reductions, rebates, unusual sales/marketing support
funding for dealers, distributors or retailers)

FR4 Revenue Recognition - Partial shipments 15

Revenue Recognition - Holding books open to record in

FR6 the current period revenue from sales made in the next 15
period

Manipulation of Liabilities/Expenses - Unrecorded vendor

FR7 15
invoices
FR9 Revenue Recognition - Backdating sales agreements 15

Revenue recognition - Recording revenue for items

FR5 shipped after books closed for period end (e.g. late 12
shipments)

NF5 Overstated/false employee qualifications or certifications 12

NF1 Quality - Material testing results altered 10

NF2 Compliance - Environmental, Health, & Safety Reporting 10

NF3 Quality - Employee Certification Test Score Tampering 9

FR1 Inappropriate Journal Entries 8

 Disclosures - Improper or inadequate disclosures of
FR11 8
material facts, circumstances, and events

Revenue Recognition - Manipulation of secondary revenue

FR8 6
streams (e.g. service and support revenue)
Compliance - Falsely reporting compliance information on
NF4 6
contracts

FR10 Revenue Recognition - Channel stuffing 4

AM3 Theft or diversion of inventory 3

IAC3 Commercial Bribery/Illegal Gratuities 3

AM5 Cash Skimming 1

Revenue Recognition - Manipulation of bill and hold

FR12 1
arrangements
FR13 Revenue Recognition - Roundtrip transactions 1
NF6 Altered Productivity Reports 1
 Control Activities Matrix

Preventive [C] or
Existing Control Activities Detective [D]

Physical access controls, dual signatures on checks, support for

expenses, review by supervisor and requirement that any false
statement made on any expense report could be grounds for
dismissal
D
Awareness of pressures/incentives at all levels that might drive
inappropriate financial behavior as well as observation, inquiry, and
other information that focus on lifestyle, family, and personal
financial issues of personnel in these departments.

Policy requires all employees including senior management to

disclose any personal relationships, business transactions and
related parties in a timely manner for approval by the Board or
other governing body

Background checks are performed on all key personnel looking for

undisclosed interests in businesses, real estate, or other D
relationships

IA routinely uses data analysis tools to compare vendor and

customer master files with employee payroll files looking for
matching addresses, names, tax identification or social security
numbers and telephone numbers
Dedicated computer(s) for online banking use only (using other
computers is strictly prohibited as is using this computer for any
other purpose)

IT specialists setup the dedicated banking computer(s) with high

security against both internal and external unauthorized access and
use. Security measures are updated by IT security specialists on an C
ongoing basis

All personnel with access to online banking credentials receive

mandatory training about avoiding fraudster's phishing techniques
using only the permitted computer(s) for online banking and their
responsibility to help ensure their colleagues comply very strictly
with this policy, including the requirement to report any violations

Systematic matching of sales order to shipping documentation;

C
exception reports generated

Strictly-enforced policy against offering, giving, receiving, and

soliciting anything of value to influence an official act by a public
official, agent, or government employee

Strictly-enforced policy prohibiting bribing of foreign officials as well

as making unauthorized facilitation payments to those individuals
involved in customs, permitting the flow of goods and other
activities
C
We examine contracts where U.S.-based government or foreign
officials have had any involvement and determine the historical
relationships between sales agents and sources of revenue to
determine if there was inappropriate influence on the part of the
government official by the sales agent

We examine expense reports of sales representatives and

promotional activities by country (foreign) managers

Purchases can only be made from approved vendors

D
Vendors are approved by the contracting department
Annual training of sales personnel on revenue recognition practices

Quarterly signed attestations of sales personnel concerning extra

contractual agreements

Internal audit confirming with customers that there are no other D

agreements, written or oral, that would modify the terms of the
written agreement

Testing of purchase orders to shipping documents and cash receipts

for transactions entered into at or near the end of the quarter or
year

Systematic shipping documents manually checked against every

shipment

Systematic matching of sales order to shipping documentation; C

exception reports generated

Customer approval of partial shipment required prior to revenue

recognition

Standard monthly close process

Reconciliation of invoice register to GL

D
Established procedures for shipping, invoicing, and revenue
recognition

Established process for consolidation

Vendors are instructed to send invoices only to the centralized

Accounting function where they are logged into the A/P system
upon receipt and held in a suspense account as "Pending approval"
until authorized by the relevant department D

Dept. heads and Accounting review the nature/value of pending

invoices at period end to help ensure proper cut-off
A clear revenue recognition policy & training for all sales persons,
sales management, and Accounting & Finance personnel involved in
accounting for sales

CEO and VP Sales both set a clear and strong tone about making
sure revenue recognition conditions are met before sales are
booked as revenue - violators are disciplined including termination D
for "serious" offenses (e.g. lying to mgmt)

Well-controlled sales contract administration system

Sales management monitors transactions in sales contract system to

help ensure compliance. They provide more scrutiny to significant
sales booked in the last two weeks of each quarter

Integrated shipping system, linked to invoicing and sales register

Daily reconciliation of shipping log to invoice register D

Required management approval of manual invoices

Confirmation of credentials via background checks on a sample of

new hires whose qualifications or credentials are to be relied upon C
for regulatory or contractual compliance or key organizational
performance purposes
Independent sample testing D
No process-specific fraud controls. Rely on entity-level compliance
program, "speak up" policy, and whistleblower program with anti- D
retaliation protection
No process-specific fraud controls. Rely on entity-level compliance
D
and ethics/fraud controls

Established process for consolidation

Review process for standard and non-standard journal entries D

Systematic access controls to the GL

CFO and Controller confer with senior management and legal to
ensure all appropriate disclosures have been made

Periodic reviews by outside counsel, sign off by senior management D

and CFO and Controller

Review by disclosure committee of the Board of Directors

Signed customer contract documentation is required to record D

service/support revenue
No process-specific fraud controls. Rely on entity-level compliance C
and ethics/fraud controls

VP Sales has established a clear policy requiring his written pre-

approval for all sales in excess of 3 month's usage and which
exceeds $1 million

Sales Managers review each salesperson's sales figures by customer

D
Senior sales management reviews sales figures for each
location/business unit

Accounting and Finance function performs analytical review on sales

figures and compares to budget and projections

Physical access controls

D
Comparison of purchase requisitions and receiving reports

Background checks on all purchasing personnel that look for

bankruptcies, divorces, financial problems, criminal history

Insuring that all vendors are logged in, vetted, approved by a D

supervisor, and selected on a competitive bid basis

IA performs routine audits of the purchasing department

Use of minimal cash transactions

Cash reconciliations C

None required due to low inherent risk N/A

None required due to low inherent risk N/A
Analytic comparisons of inventory consumption with labor hours C
 Additional Control Preventive [C] or
Responsible Person(s) Responsible Person(s)
Activities Detective [D]