Risk assessment

Mitigating the risk of being a victim of fraud requires a system of activities and controls that,
as a whole, reduce the probability of fraud and misconduct, but that, at the same time,
maximize the possibility of detecting them, before they mean a significant economic loss.
All companies are susceptible to some type of fraud, since when there is collusion and
intention, it is difficult to detect and stop it. Despite this, it has been seen that this risk is
substantially mitigated when companies have a comprehensive program that allows
combining mechanisms of cultural change with internal controls in business processes.
An adequate risk management system must be based on a solid corporate governance
structure. Everyone in the organization plays an important role in the oversight and
monitoring process, both the Board of Directors and the Audit Committee, management and
internal auditors.
A comprehensive fraud risk management program should begin with assessing what these
risks are in the organization, and rating them by the likelihood of occurrence and magnitude
of impact. The process has to be suitable and designed for each organization, since there is
no common inventory or menu of fraud risks, from which you can choose what applies to
you. Therefore, it is recommended to consider, both the external factors that create fraud
risks: product substitutes, changes in the industry and in the economy, change in legislation,
needs and expectations of customers, etc.; such as internal factors: incentives and pressures
on employees, low morale, new systems, new products, staff turnover
A common example in fraud investigations is the receipt of materials. For example, a
signature on the invoice is sufficient, and it is common to hear the argument that: it is the
signature of the operations manager. But, no one checks whether the operations manager
authorizes the purchase of an African elephant for an operation that manufactures nuts, so
the specific control of the authorization firm has already lost value.
Controls, as an effective anonymous reporting mechanism, reduce the risk of fraud by up to
50%, according to statistics from the Association of Certified Fraud Examiners (ACFE), whose
function is twofold, since on the one hand it helps to detect problems perceived by
employees and, on the other, It deters the potential perpetrator as he can be reported.
Consideration of segregation of duties in the design and implementation of all controls and
mechanisms to prevent, deter and detect fraud will help mitigate risk to a minimum.

The emphasis of effective and responsible management of companies must be placed on the
deterrence of crimes or improper conduct. The investigation of fraud, abuse and error should
not be the primary interest of the top management of companies, as it is a reactive rather than
proactive position. Its main interest should be aimed at strengthening effective corporate
governance, based on a risk control system, which prevents the abuse of trust and decreases
the likelihood of error and deception.

Organizations need to stop seeing internal control as a long list of unrelated "locks" that create
the perception of overregulation or bureaucracy, but as a complement to a cultural change,
that is, a combination of the necessary controls or locks, according to the risks, participation
and tone of management on ethical and value issues.

The permanence of societies and their successful management increasingly depend on the
creative capacity to anticipate threats, face them and adapt as best as possible to a reality that
demands the use of improved decision-making and execution capabilities.

The risk assessment and management process thus becomes a priority point to be addressed
within the agendas of most companies, in order to achieve adequate alignment between the
fulfillment of institutional objectives and the dangers, contingencies and insecurities
prevailing in the environment.

The creation and implementation of comprehensive risk management models is a

fundamental issue for the practice of public accounting and in particular for the tasks of
internal control and internal audit in companies, whether public or private.
Risk assessment is defined as a dynamic and interactive process specifically aimed at
identifying and managing them, with the guiding axis of guaranteeing the achievement of
the objectives defined and agreed for the company within the Board of Directors.
The risk assessment component is composed of four principles and 24 points of interest, the
latter being those that show in detail the main characteristics that distinguish, in practice,
each principle. Within this set of COSO recommendations we cannot fail to mention the
fraud risk assessment that deals in detail with how to protect against fraudulent information,
loss of assets, cases of corruption, as well as incentives and pressures to commit irregular
behavior.
The exposure to risk of Financial Institutions has intensified considerably, as a result of the
significant increase in the volume of operations and the wide variety of services they
provide. Risk is inherent to the financial business, which is why it is essential that Financial
Institutions have adequate internal control systems. A formal internal control system must
be established, whose main concern is oriented to the efficient management of risks
associated with business, in direct accordance with the strategic business objectives. In case
of dispensing with this type of system, it could put at risk not only the continuity of the
organization, but also the balance and development of the sector in which it is inserted.
Risk assessment is a process focused on estimating the impact of those risks that may affect
the normal exercise of an entity, collecting the necessary information so that the
organization can make an adequate decision on the need to adopt preventive measures.
In this regard, it should be noted that the existence of a general risk management policy is
necessary, which must be established and known by all participants in the process, especially
by management levels. The responsibility for risk management lies exclusively with the
senior management of Banking Institutions, so it is necessary to develop adequate systems
that identify, measure, control and monitor the financial and non-financial risks inherent to
their activities, all according to their size and complexity of the activities they carry out.
In recent years, companies have been highly focused on risk management, going so far as to
ensure that there is a need for a stronger framework that identifies, determines and
effectively manages risks. The period of development of this structure was marked by a
series of scandals and high-profile financial failures, where investors, staff of the
organizations and other supporters suffered gigantic losses. After these misfortunes,
important government corporations were summoned in relation to risk management, with
new policies, regulations and standards. The need for an operational risk framework in the
company, which delivered fundamental keys and concepts, a common language, direction
and clear guidance, became increasingly essential.

References
Auditionorl.03 January,2020. Internal Control, importance in fraud prevention.
https://www.auditool.org/blog/fraude/control-interno-impor-tancia-en-la-prevencion-de-fraudes
Auditionorl.05 April,2016. Internal control and risk assessment" Risk assessment is a dynamic and
interactive process aimed at identifying and managing risks to ensure the achievement of objectives"
https://www.auditool.org/blog/control-interno/el-control-interno-y-la-evaluacion-de-riesgos
Thesis .universidad de chile.2005. Seminar on Management Methods and Risk Assessment
https://repositorio.uchile.cl/tesis/uchile/2005/garcia_j2/sources/garcia_j2.pdf