Trainer’s Guide 1

TG 02: Introduction to Risk Assessment

Lesson Facilitation

Brief
Slide 1 – 2 Definition of Fraud Risk Assessment

Read and explain the definition of FRA. Discuss with the participants that in
order for the COA auditor identifying relevant fraud risk of the agency, a detail
FRA must be conducted in order to get the bigger picture and document all the
possible Fraud Risk that might affect the mandate of a particular agency.

Explain that the FRA is conducted after we have gathered sufficient

documentary evidence in the planning phases of IRRBAM. In short it is
conducted in coordination with the planning phase of IRRBA at the
Understanding the Agency phase.

Slide 3 Overview of FRA

Show the diagram of the FRA and explain each item in the Diagram.
The Fraud Risk Universe is the same as the Government Risk Universe but the
main difference is that this focuses on the fraud risk and is compose of the
Fraud Triangle, Fraud Risk Category and the Fraud Database (fraud knowledge
of COA Auditors with the particular Agency).

Slide 4 Benefits of FRA

Explain the benefits of the conducting the FRA and emphasize that this is the
main opportunity of COA auditors in proactively preventing fraud in happening
within their Agency.

Slides 5 FRA General Steps

Explain each steps of the FRA which is:

 Identify Potential Fraud Risks – document and discuss all possible fraud
risk that may affect the agency.
 Assess the likelihood and impact of the identified Fraud Risks – This is
the subjective portion of the FRA wherein we have to evaluate each
Fraud Risk and assess as to the riskiness of the Fraud Risk. Remember
that in conducting this portion of the FRA, we have to document the
rationale behind our assessment.
 Prioritize Fraud Risks Identified – This portion of the FRA is wherein we
rank the Fraud Risk Identified and filter out the Key Fraud Risks (KFR).
The KFR are Fraud Risk that has high degree of impact and high
probability of occurring as compared to other Fraud Risk identified.
 Document audit response to the KFR – this portion is where we
document our initial audit response to the KFR identified. Examples of
audit responses are test of internal controls (if assessment is low) or Full
detection procedures (if assessment is high).
 Trainer’s Guide 2
TG 02: Introduction to Risk Assessment

Slide 6 Team composition

Discuss that ideally the team composition in conducting FRA should include the
Team Supervisor (TS)/Supervising Auditor (SA), Team Leader (TL)/Audit Team
Leader (ATL), and Team Members. The role of the Directors (Cluster for HO and
Regional for RO) is to review the results of the FRA and consult with them if
there are instances that there is disagreement on the assessment of a particular
Fraud Risk. The FAIO on the other hand will be consulted if there is complexity
in the Fraud Risk identified and it cannot be disposed by the Director.

Slide 7 - 8 Planning of FRA and Responsibilities of COA Auditor

Enumerate the main procedures in planning of the FRA by the team members.
This are the following:
 Identify COA audit team’s responsibilities
 Conduct planning meeting
 Document review
 Document understanding of the Agency’s KFR
These procedures are further discussed in the FoAM and we could use it as
reference to the details of the procedures in planning the FRA.

In Slide 8, we enumerate and would also like to emphasize the responsibility of

the audit team prior to conducting the FRA.

Slides 9 – 12 Fraud Brainstorming

In Slide 9 it summarizes the activities during the Fraud Brainstorming, which are
the following:
 Preparing the agenda of the brainstorming
 This is a Team Supervisor/Leader initiatives
 It is needed that all fraud risks and schemes should be discuss
 It is needed that brainstorming activities are documented
 And finally all fraud risks and schemes documentation should be
reviewed by the TS/TL
In Slide 10, we provide some examples on what is being discussed in the Fraud
Brainstorming. You could also provide your own examples of possible
Brainstorming discussion.

In Slide 11, we discuss to the participants the step by step procedures on how to
conduct the fraud brainstorming.

In Slide 12, we provide a sample of fraud brainstorming document wherein we

document our fraud brain storming activities.
 Trainer’s Guide 3
TG 02: Introduction to Risk Assessment

Slide 13 - 14 Identifying Potential Fraud Risk

In this slide, we refer ISSAI 1240 which requires the auditor to conduct Fraud
Risk Assessment to discuss the probability that the entire condition fraud
triangle (Incentive/pressure, rationalization, and opportunity) is present in the
agency being audited.

Slide 14 Shows the graphical presentation of the Fraud Triangle

Slide 15 – 17 The risk model

Slide 15, we discuss in details examples of Opportunity. There are two types of
possible opportunities to commit fraud, which is Direct and Indirect. Also we
would like to highlight that individuals who commit fraud may have different
types of opportunities. For example, if management is to commit the fraud,
then he has a much higher opportunity to commit it due to wide influence,
while for employee related fraud, there might be limitation for opportunity in
committing fraud, but it will be a bit difficult for them to commit.

Slide 16, we provide examples on regarding the pressures that may lead a
person in committing fraud. Discuss that in these area of the fraud triangle, we
must get information from the co-workers of the person-of-interest if the
indicators of pressure to commit fraud, such as those enumerated in the slide, is
existing.

Slide 17, here we provide examples of rationalization. It should be noted that

among the three conditions, rationalization is the most difficult to be identified
because these is usually driven by the person who commits the fraud. This is a
more personal in nature and it is the easiest condition to be created by the
person who commits fraud.

Slide 18 – 19 Fraud Tree

Discuss the different type of fraud schemes that are enumerated in the fraud
tree. Explain to the participants that all of these are possible schemes that may
be committed against the agency they audit. Please note that in each category
of the fraud tree, there are certain individual who may commit them. E.g. for
Corruption, these are usually committed by people who are seated in power or
who has the ability to influence certain decision making; for Fraudulent
statements, this is usually committed by management or personnel who
prepares reports being use by the agency; Asset misappropriation may be done
both by Management and Employees.
 Trainer’s Guide 4
TG 02: Introduction to Risk Assessment

Slide 20 – 23 Identify different resources of information that may used in assessing the
fraud risk

Slides 20 - 23 we discuss the different sources of internal documents where we

could get possible information that may assist us assessing the fraud risk of the
agency. We should highlight to the participants that prior conducting the FRA,
they should have at least completed some forms/templates in the IRRBA in
order to assist them in conducting the FRA. The slide 21-23 provides portions of
IRRBA forms/templates that are usually used during the FRA.

Slide 24 The Fraud Universe

In this Slide, we show to the participants the elements of our fraud universe,
remember that the fraud universe is the laundry list or guide in identifying all
possible Key Fraud Risk within the agency. The Elements of the Fraud Universe
is the discussion of the Fraud Triangle, the identification of the Fraud Schemes
base on the Fraud Tree Category, the Agency Knowledge base (compose of the
brainstorming and the documentation in the IRRBA).

Slide 25 – 26 Assessment of likelihood and impact of identified Fraud Risks

Discuss that there should be a criteria in measuring impact and likelihood.

Presented in the succeeding slide is a description on how to prepare the criteria
in assessing the fraud risk.

A matrix should be developed to facilitate risk assessment. For planning

purposes, COA Audit team should create the criteria.

Slide 27 – 30 Prioritization of Key Fraud Risks (KFRs)

Discuss that after assessing the KFRs, resulting KFRs should be rank in order to
identify which KFRs will be tested during the audit. Slide 28-29 provides
examples on how to prioritize KFRs base on likelihood and impact.

Slide 30 provides sample of the matrix on how to document the assessment of

the KFRs.

Slide 31-33 Documentation of Responses to the KFRs

Discuss how to document the responses to the KFRs after conducting the risk
assessment.
 Trainer’s Guide 5
TG 02: Introduction to Risk Assessment

Slide 35 Case Study

In here, we provide the instructions on how we will execute the case. Get the
CS
CS Doc_01 which is a pre-populated sample of FoAM Form-01. Ask the participants
to populate the form of the possible Fraud Risk within their respective agency
assigned. Ask the participants to use the Fraud Category in looking for possible
fraud schemes that may be committed against the agency.