Office of Internal Audit

ACUA 2013 Annual Conference

Fraud Risk Assessment

Presented by:

Lori Tesch CPA, CFE, CFF, CGMA

Director, Forensic Audits

September2013 1

Objectives
Understand what a Forensic/Fraud Risk Assessment is
and its key elements
Discuss the development and design of an effective
assessment
Examine tools for executing the assessment
Report results
Incorporate results into the Audit Plan and sustain the
program

September2013 2

Definitions

Fraud Risk
Organizations vulnerability to
overcoming the three elements of fraud
Internal and external sources

September2013 3

1
 Definitions

Fraud Risk Assessment

Process to identify where fraud may occur
and who may be committing it

September2013 4

Identifying Fraud

September2013 5

Identify the Fraudster

September2013 6

2
 Key Elements

Identify inherent fraud risk

Assess likelihood and significance
Respond to reasonably likely and
significant inherent and residual fraud
risks

September2013 7

What makes a good Fraud Risk Assessment?

Understand where it falls within an Effective Anti-Fraud
Program
Code of Fraud Communication
Ethics Prevention & Training
Policies

Fraud Risk
Assessment
Fraud
Controls
Response
Monitoring
Plan

September2013 8

What makes a good Fraud Risk Assessment?

Necessary Elements
The Right Independence
Collaboration
Sponsor & Objectivity

Working
Access to All
Knowledge of Trust
Business
People

Think the
Sustainability
Unthinkable

September2013 9

3
 Development and Design

Package it right
One size does NOT fit all
Keep it simple

September2013 10

Development and Design

Prepare the Organization
Team
Technique
Agreement
Educate

September2013 11

Team

Accounting & Nonfinancial/

Internal Audit
Finance Operations

Risk External General

Management Consultants Counsel

Ethics or Business
Compliance Leaders

September2013 12

4
 Technique

Survey
Interview
Facilitated Session

September2013 13

Agreement and Education

Obtain sponsors agreement

Educate the employees
Promote the process

September2013 14

Assessing Possible Risks

Likelihood
Significance
People/department

September2013 15

5
 Online Resources
Fraud Prevention Checkup - ACFE
http://www.acfe.com/fraud-prevention-checkup.aspx

Managing the Business Risk of Fraud

http://www.aicpa.org/InterestAreas/ForensicAndValuation/Resources/
FraudPreventionDetectionResponse/Pages/Managing%20the%20Bu
siness%20Risk%20of%20Fraud.aspx

CGMA Fraud Risk Management

http://www.cgma.org/Resources/Reports/Pages/fraud-risk-
management.aspx

September2013 16

Tools

Survey Software
Questionnaire
Self-Assessment

September2013 17

Report Results

Report objective not subjective - results

KISS
Focus on what really matters
Identify clear and measurable actions

September2013 18

6
 Report Results

September2013 19

Reporting

September2013 20

Reporting

September2013 21

7
 Reporting

September2013 22

Reporting

September2013 23

Incorporate with Audit Process

Combine results
Focus on high priority risks
Design test procedures

September2013 24

8
 Sustain the Program

Begin a dialogue across the organization

Continue to look for fraud in high risk areas
Hold responsible parties accountable
Monitor key controls

September2013 25

Final Thoughts

1. There is no standard
2. Just like a fraud investigation, no
two are alike
3. Ongoing, continuous process

September2013 26

Final Thoughts

September2013 27

9
 Final Thoughts

September2013 28

Final Thoughts

September2013 29

Auditor Humor
5 In God we trust, everybody else gets audited
4 What do you call an Auditor without an opinion?
I dont know, Ive never heard of one
3 Were not happy until youre not happy

2 If your mother tells you she loves you check it out

1 There were Thirteen Commandments before the

auditor questioned three of them

September2013 30

10
September2013 31

11
 FRAUD RISK ASSESSMENT FORM

People Existing Anti- Controls

Identified Fraud risks and Residual Fraud Risk
Likelihood2 Significance3 and/or fraud Effectiveness
Schemes1 Risks7 Response8
Department4 Controls5 Assessment6

FINANCIAL REPORTING:

MISAPPROPRIATION OF
ASSETS:

CORRUPTION:

Page 1 of 2
1. Identified Fraud Risks and Schemes: This column should include a full list of the potential fraud risks and schemes that may face the
organization. This list will be different for different organizations and should be formed by discussions with employees and management and
brainstorming sessions.
2. Likelihood of Occurrence: To design an efficient fraud risk management program, it is important to assess the likelihood of the identified fraud
risks so that the organization establishes proper anti-fraud controls for the risks that are deemed most likely. For purposes of the assessment, it
should be adequate to evaluate the likelihood of risks as remote, reasonably possible, and probable.
3. Significance to the Organization: Quantitative and qualitative factors should be considered when assessing the significance of fraud risks to an
organization. For example, certain fraud risks may only pose an immaterial direct financial risk to the organization, but could greatly impact its
reputation, and therefore, would be deemed to be a more significant risk to the organization. For purposes of the assessment, it should be
adequate to evaluate the significance of risks as immaterial, significant, and material.
4. People and/or Department Subject to the Risk: As fraud risks are identified and assessed, it is important to evaluate which people inside and
outside the organization are subject to the risk. This knowledge will assist the organization in tailoring its fraud risk response, including
establishing appropriate segregation of duties, proper review and approval chains of authority, and proactive fraud auditing procedures.
5. Existing Anti-fraud Internal Controls: Map pre-existing controls to the relevant fraud risks identified. Note that this occurs after fraud risks are
identified and assessed for likelihood and significance. By progressing in this order, this framework intends for the organization to assess
identified fraud risks on an inherent basis, without consideration of internal controls.
6. Assessment of Internal Controls Effectiveness: The organization should have a process in place to evaluate whether the identified controls are
operating effectively and mitigating fraud risks as intended. Organizations should consider and review what monitoring procedures would be
appropriate to implement to gain assurance that their internal control structure is operating as intended.
7. Residual Risks: After consideration of the internal control structure, it may be determined that certain fraud risks may not be mitigated
adequately due to several factors, including (a) properly designed controls are not in place to address certain fraud risks or (b) controls
identified are not operating effectively. These residual risks should be evaluated by the organization in the development of the fraud risk
response.
8. Fraud Risk Response: Residual risks should be evaluated by the organization and fraud risk responses should to address such remaining risk.
The fraud risk response could be implementing additional controls and/or designing proactive fraud auditing techniques.

Page 2 of 2
 ACFE Fraud Risk Assessment Instructions
The Fraud Risk Assessment consists of 15 modules, each containing a series of questions designed to help
organizations zoom in on areas of risk. The fraud professional and the client or employer should begin the
risk assessment process by working together to answer the questions in each module. It is important that
the client or employer select people within the organization who have extensive knowledge of company
operations, such as managers and internal auditors, to work with the fraud professional. Upon completion
of all of the questions, the fraud professional should review the results of the assessment with the client or
employer in order to:

Identify the potential inherent fraud risks.

Assess the likelihood and significance of occurrence of the identified fraud risks.
Evaluate which people and departments are most likely to commit fraud and identify the
methods they are likely to use.
Identify and map existing preventive and detective controls to the relevant fraud risks.
Evaluate whether the identified controls are operating effectively and efficiently.
Identify and evaluate residual fraud risks resulting from ineffective or nonexistent controls.
Respond to residual fraud risks.

The Fraud Risk Assessment may reveal certain residual fraud risks that have not been adequately
mitigated due to lack of, or non-compliance with, appropriate preventive and detective controls. The fraud
professional should work with the client to develop mitigation strategies for any residual risks with an
unacceptably high likelihood or significance of occurrence. Responses should be evaluated in terms of
their costs versus benefits and in light of the organization's level of risk tolerance.

Be aware, however, that this assessment only provides a snapshot of a particular point in time. The
dynamic nature of organizations requires routine monitoring and updating of their financial risk
assessment processes in order for them to remain effective.

These questions are provided as a guide only. The user is free to modify the questions as appropriate to
match the size and structure of the organization. Additional information on fraud risk assessment may be
obtained from:

ACFE's Fraud Resources

Fraud Examiners Manual
Corporate Fraud Handbook, Third Edition, by Joseph T. Wells

The ACFE would like to thank Larry Cook, CFE, for his invaluable contribution to the Fraud Risk
Assessment. The Fraud Risk Assessment was originally developed by Mr. Cook, and we thank him for
allowing us to build upon his foundation and share his assessment process with our members.
Copyright Notice: The modules and the questions are the property of the Association of Certified Fraud
Examiners. The ACFE grants its members the right to use these modules and questions for their own use,
or for the use of their clients or employers. Neither, these modules, nor any part thereof, may be sold in
whole or in part unless as part of consulting or fraud examination services to a client or employer.

Modules

1 - Employee Assessment

2 - Management/Key Employee Assessment

3 - Physical Controls

4 - Skimming Schemes

5 - Cash Larceny Scheme

6 - Check Tampering Schemes

7 - Cash Register Schemes

8 - Purchasing and Billing Schemes

9 - Payroll Schemes

10 - Expense Schemes

11 - Theft of Inventory and Equipment

12 - Theft of Proprietary Information

13 - Corruption

14 - Conflicts of Interest

15 - Fraudulent Financial Reports

 2013 Survey Software Review
Rank #1 #2 #3 #4 #5 #6 #7 #8 #9 #10

10-9 Excellent The Survey KeyPoint SurveyGold Survey Crafter StatPac SurveyPro SurveyMonkey iMagic Survey Survey Said Survey Tools
8-6 Good System Professional Designer for Windows
5-4 Average
3-2 Poor
1-0 Bad

Ratings 9.50 9.33 9.13 8.88 8.65 8.38 7.45 6.63 6.15 6.00
Overall Rating 10
Survey Creation 9
Survey Analysis 8
Survey Administration 7
Ease of Use 6
Help & Support 5
4
3
2
1

Product Cost
Pricing $999 $777* $100 $495 $495 $1,995 $780** $149 $199 $695
Survey Creation
Create Custom Questions
Multiple Choice Single
Response
Multiple Choice Multiple
Responses
Question Matrix
Comment
Sample Surveys
Skip Pattern/ Branching
Require Answers
Rating
Restrict Access
Curb Ballot Box Stuffing
Ranking
Save Incomplete Surveys
Stock Questions
Custom Design
Respondents Can Update
Answers
Survey Analysis
Graphs
Bar
Pie
Line
Percentages
Cross Tabulations
Filters
Print Results
Mean
Median
Mode
Maximum Value
Minimum Value
Standard Deviation
Frequency Tables
Banner Tabulations
Correlation Matrices
Survey Administration
Online
Paper
Interview
Email
Import/Export
Export Results
Export Survey
Import Results
Import Survey
Help & Support
Email
User Manual or Guide
Phone
Tutorials
FAQs
Supported Configurations
Windows 8
Windows 7
Windows Vista
Windows XP
Mac OS
SurveyMonkey Plans and Pricing Page 1 of 2

Sign In Help

Home How It Works Examples Survey Services Plans & Pricing

BASIC SELECT GOLD PLATINUM

Free $17 per month* $25 per month* $65 per month*
* Billed $204 annually * Billed $300 annually * Billed $780 annually
See monthly plan

Sign Up Sign Up Sign Up Sign Up

DESIGN FEATURES DESIGN FEATURES DESIGN FEATURES DESIGN FEATURES

10 questions per survey Unlimited questions Unlimited questions Unlimited questions

100 responses per survey Unlimited responses Unlimited responses Unlimited responses

No white-label surveys No white-label surveys No white-label surveys NEW White label surveys

Easy-to-use web-based survey tool Easy-to-use web-based survey tool Easy-to-use web-based survey tool Easy-to-use web-based survey tool

31 survey templates 51 survey templates 51 survey templates 51 survey templates

15 types of questions 15 types of questions 15 types of questions 15 types of questions

All languages supported (Unicode) All languages supported (Unicode) All languages supported (Unicode) All languages supported (Unicode)

No page logic Page logic Page logic Page logic

No question logic Question logic Question logic Question logic

No random assignment No random assignment NEW Random assignment NEW Random assignment

No question & answer piping No question & answer piping NEW Question & answer piping NEW Question & answer piping

No question randomization No question randomization NEW Question randomization NEW Question randomization

No theme customization Customized themes Customized themes Customized themes

No survey branding Brand your survey with a logo Brand your survey with a logo Brand your survey with a logo

Randomize & sort answer choices Randomize & sort answer choices Randomize & sort answer choices Randomize & sort answer choices

15 pre-set visual themes 15 pre-set visual themes 15 pre-set visual themes 15 pre-set visual themes

Survey completion progress bar Survey completion progress bar Survey completion progress bar Survey completion progress bar

Auto-numbering for pages & Auto-numbering for pages & Auto-numbering for pages & Auto-numbering for pages &
questions questions questions questions

Validate/require survey responses Validate/require survey responses Validate/require survey responses Validate/require survey responses

Fully accessible & 508 compliant Fully accessible & 508 compliant Fully accessible & 508 compliant Fully accessible & 508 compliant

No custom redirect upon survey No custom redirect upon survey Custom redirect upon survey Custom redirect upon survey
completion completion completion completion

No custom "thank-you" page Custom "thank-you" page Custom "thank-you" page Custom "thank-you" page

No printable PDF version Printable PDF version Printable PDF version Printable PDF version

COLLECTION FEATURES COLLECTION FEATURES COLLECTION FEATURES COLLECTION FEATURES

Send out your survey via weblink, Send out your survey via weblink, Send out your survey via weblink, Send out your survey via weblink,
email, or Twitter email, or Twitter email, or Twitter email, or Twitter

http://www.surveymonkey.com/pricing/details/?ut_source=header 4/22/2013
SurveyMonkey Plans and Pricing Page 2 of 2

No Custom URL Custom URL Custom URL Custom URL

Share your survey on Facebook Share your survey on Facebook Share your survey on Facebook Share your survey on Facebook

Embed your survey into a page or on Embed your survey into a page or on Embed your survey into a page or on Embed your survey into a page or on
your website your website your website your website

Deploy your survey via a website pop Deploy your survey via a website pop Deploy your survey via a website pop Deploy your survey via a website pop
-up -up -up -up

Send your survey using our email Send your survey using our email Send your survey using our email Send your survey using our email
manager manager manager manager

No enhanced security (SSL) Enhanced security (SSL) Enhanced security (SSL) Enhanced security (SSL)

ANALYSIS FEATURES ANALYSIS FEATURES ANALYSIS FEATURES ANALYSIS FEATURES

Real-time results Real-time results Real-time results Real-time results

No text analysis No text analysis NEW Text analysis NEW Text analysis

No SPSS integration No SPSS integration NEW SPSS integration NEW SPSS integration

No multiple custom reports Multiple custom reports Multiple custom reports Multiple custom reports

No filtering & cross tabulating Filter & cross tabulate responses by Filter & cross tabulate responses by Filter & cross tabulate responses by
responses by custom criteria custom criteria custom criteria custom criteria

No downloading responses Download responses Download responses Download responses

No creating & downloading custom Create & download custom charts Create & download custom charts Create & download custom charts
charts
Share responses Share responses Share responses
No sharing responses

SUPPORT FEATURES SUPPORT FEATURES SUPPORT FEATURES SUPPORT FEATURES

24x7 email support 24x7 email support 24x7 email support 24x7 email support

No expedited email responses Customer support email responses in Customer support email responses in Customer support email responses in
2 hours or less 2 hours or less 2 hours or less
No phone support
No phone support No phone support Expert phone support to answer any
of your questions

BASIC SELECT GOLD PLATINUM

Free $17 per month* $25 per month* $65 per month*
* Billed $204 annually * Billed $300 annually * Billed $780 annually
See monthly plan

Sign Up Sign Up Sign Up Sign Up

Follow Us: Facebook Twitter LinkedIn Our Blog Google+ YouTube

Help: FAQs & Tutorials Contact Support

About Us: Management Team Board of Directors Partners Newsroom Contact Us Jobs Sitemap

Policies: Terms of Use Privacy Policy Anti-Spam Policy Security Statement Email Opt-Out

Dansk Deutsch English Espaol Franais Italiano Nederlands Norsk Portugus Suomi Svenska ()

Copyright 1999-2012 SurveyMonkey

http://www.surveymonkey.com/pricing/details/?ut_source=header 4/22/2013
Sample Fraud Risk Assessment

INTRODUCTION

Inanefforttobetterassesstheorganization'sfraudrisks,wehavedevelopedthisFraudRiskAssessment.Thesurvey
shouldtakenomorethan20minutestocomplete.Pleasenotethatthesurveymustbefullycompletedoncestarted.
Youcannotexitandrestartthesurvey.PleasecompleteallsectionsnolaterthanFriday,August3,2013.

Shouldyouhaveanyquestions,pleasecontactXXXXXXXXX.Thankyouinadvanceforyourcooperation.

Nameandtitleofsupportperson

Page 1
Sample Fraud Risk Assessment

ETHICS

*1. How would you rate the overall ethical behavior of the department in the following
areas:
Excellent AboveAverage Average BelowAverage Poor
Commitmenttoaccurate j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
financialreporting

Disclosingwrongdoing j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Properreviewandapproval j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Complyingwithpolicies j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
andprocedures

Doingwhatisright j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
AdditionalComments:

*2. Are measures taken to reduce the risk of fraud in your area concerning:
StronglyAgree Agree Disagree StronglyDisagree

Reviews j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Reconciliations j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Segregationofduties j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Safeguardingphysical j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
assetsandsensitivedata

AdditionalComments:

*3. Are there instances in your area where employees have close friends or immediate
relatives reporting to them or they are working in the same S/C/D?

j Yes
k
l
m
n j No
k
l
m
n j N/A
k
l
m
n

Ifyes,hasmanagementbeenmadeawareofthesituation?

Page 2
Sample Fraud Risk Assessment

FRAUD AWARENESS

*4. Are employees aware of how to report occurrences of suspected fraud or suspicious
activity?

j Yes
k
l
m
n

j No
k
l
m
n

j Unsure
k
l
m
n

AdditionalComments:

*5. Please identify the top five frauds that could occur in your area.
1.

2.

3.

4.

5.

*6. Of the following types of fraud, which ones could occur in your area (check all that
apply).

c Conflictofinterest
d
e
f
g c Inappropriateorunapprovedtravel
d
e
f
g

c Financialstatementmanipulation
d
e
f
g c Unauthorizeduseorabuseofsignatureauthority
d
e
f
g

c Theftofassets
d
e
f
g c UnauthorizeduseofUniversityassets
d
e
f
g

c Falsificationoralterationofdocuments
d
e
f
g c ManipulationofinformationonUniversitysystems
d
e
f
g

c Timetheft
d
e
f
g c Other
d
e
f
g

c InappropriatePcardtransactions
d
e
f
g

*7. Can you identify potential red flags which are indicators of possible fraud or
fraudulent behavior?

j Yes
k
l
m
n j No
k
l
m
n

Ifyes,pleaselistsomeexamplesbelow:

Page 3
Sample Fraud Risk Assessment

SEGREGATION OF DUTIES

*8. Do you currently have employees in positions that, as the result of budget cuts and/or
other cutbacks, may have an issue with segregation of duties?

j Yes
k
l
m
n

j No
k
l
m
n

AdditionalComments:

*9. How effective are current processes with ensuring segregation of duties in the
following areas:
Excellent AboveAverage Average BelowAverage Poor N/A

CreditCardProcessing j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
CashActivities j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
BankDeposits j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
AccountReconciliations j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
BankReconciliations j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
PostingofCashReceipts j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
CashDisbursements j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
PettyCashAccounts j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
FrequencyofProcess j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Review

AdditionalComments:

Page 4
Sample Fraud Risk Assessment

PROCESS REVIEW

*10. How effective is the process for reviewing and/or approving key documents for
discrepancies, unusual activity or misuse in the areas of:
Excellent AboveAverage Average BelowAverage Poor

Financialtransactions j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Operationalactivities j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Academicactivities j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Grantfundscompliance j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Pleaselistanyissueswithspecificareas/transactionsbelow:

*11. How effective is management with providing feedback related to:

Excellent AboveAverage Average BelowAverage Poor

Employeeperformance j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Departmentalperformance j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Generalfeedback j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
AdditionalComments:

*12. A background check was done on all new employees within the past three years.

j Yes
k
l
m
n j No
k
l
m
n j N/A
k
l
m
n

AdditionalComments:

*13. How important is it to monitor employee leave time to prevent time theft or ensure
employees are reporting time accurately as it relates to:
Critical VeryImportant Important NotImportant

SickLeave j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
SpecialNeedsTime j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Vacation j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Holidays j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
PersonalBusiness/Any j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Purpose

AdditionalComments:

Page 5
2014 Fraud Risk Assessment

FRAUD AWARENESS

*1. Are you aware of any weaknesses in internal controls that would provide an
opportunity for someone to steal or commit fraud?

j Yes
k
l
m
n j No
k
l
m
n j Unsure
k
l
m
n

Ifyes,pleaselistsomeexamplesbelow:

*2. If someone in your department/area decided to steal or commit fraud, how could they
do it and get away with it?
5

*3. Are you aware of any behaviors that may expose your department/area or the
University to regulatory violations, fines or penalties?

c Yes
d
e
f
g

c No
d
e
f
g

c Unsure
d
e
f
g

Ifyes,pleaselistanyconcernsyoumayhave:

*4. Do you have any knowledge of fraud in your department/area or the University?

j Yes
k
l
m
n j No
k
l
m
n

Ifyes,pleaseexplain.

Page 2
2014 Fraud Risk Assessment

ETHICS

*5. Are you aware of any employee that exhibits behavior that is unethical or
inappropriate for the workplace?

c Yes
d
e
f
g

c No
d
e
f
g

c Unsure
d
e
f
g

Ifyesorunsure,pleasedescribethebehavior(s)andwhyyouareconcerned.

*6. Are you aware of any conficts of interest or nepotism in your department/area or the
University?

c Yes
d
e
f
g

c No
d
e
f
g

Ifyes,pleaseexplain.

*7. Are you aware of anyone who does any of the following during work time (check all
that apply):

c Runsapersonalbusiness
d
e
f
g

c Spendsagreatdealoftimesurfingtheinternet
d
e
f
g

c Receivesgiftsfromoutsidebusinessesorindividuals
d
e
f
g

c Disappearsforlargeblocksoftime
d
e
f
g

Additionalcomments:

Page 3
2014 Fraud Risk Assessment
*8. Do you know of anyone who exhibits any of the following behaviors (check all that
apply):

c Easilyannoyedatreasonablequestions
d
e
f
g

c Viewing,transmittingordownloadinginappropriatedata
d
e
f
g

c Never,orrarely,takesvacation
d
e
f
g

c Sexualharrassment,sexualjokesandinnuendo
d
e
f
g

c Excessivegambling
d
e
f
g

c Affairs,insideoroutsidetheoffice
d
e
f
g

c Bullying
d
e
f
g

c Providesunreasonableresponsestoquestions
d
e
f
g

c Intimidation
d
e
f
g

c Appearstobelivingbeyondtheirmeans
d
e
f
g

c Retaliation
d
e
f
g

c Overprotectiveofdataorinformation
d
e
f
g

c Vulgarity,profanity,andabusivelanguagedirectedatpeople
d
e
f
g

c Generalharassment
d
e
f
g

AdditionalComments:

Page 4
2014 Fraud Risk Assessment

REPORTING

*9. If you had knowledge that an unethical/fraudulent activity was occurring within your
department/area or the University, what would you do?
5

*10. What are ways that an individual can report fraud or abuse to the University? (check
all that apply).

c Supervisororotherupperlevelmanagement
d
e
f
g c LaborRelations
d
e
f
g

c Hotline
d
e
f
g c Anonymoustipsform
d
e
f
g

c OfficeofInternalAudit
d
e
f
g c OfficeofEqualOpportunity
d
e
f
g

c HumanResources
d
e
f
g c PublicSafety
d
e
f
g

*11. The reporting of fraud or abuse to the University can truly be completely
anonymous. Do you agree or disagree with this statement?

j Agree
k
l
m
n

j Disagree
k
l
m
n

Ifyoudisagree,why?

Page 5
2014 Fraud Risk Assessment

PROCESS REVIEW

*12. How effective is the process for reviewing and/or approving key documents for
discrepancies, unusual activity or misuse in the areas of:
Excellent Average Poor N/A Unsure

Financialtransactions j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Operationalactivities j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Academicactivities j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Grantfundcompliance j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n j
k
l
m
n
Pleaselistanyissueswithspecificareas/transactionsbelow:

*13. Do you have knowledge of anyone abusing their position to circumvent or bypass
departmental processes or procedures?

j Yes
k
l
m
n

j No
k
l
m
n

j Unsure
k
l
m
n

Ifyesorunsure,pleaseexplain.

Page 6
2014 Fraud Risk Assessment

SEGREGATION OF DUTIES

*14. Do you currently have employees in positions that, as the result of budget cuts
and/or other cutbacks, may have an issue with segregation of duties?

c Yes
d
e
f
g

c No
d
e
f
g

Additionalcomments:

15. Is there anything else you would like us to know?

5

Page 7