What makes a robust fraud risk assessment

In our previous article we outlined the introduction of the UK Failure to Prevent Fraud (FTPF) Offence as part of the Economic Crime and Corporate Transparency Act (ECCTA) 2023. One of the six principles in the ECCTA guidance is to conduct a fraud risk assessment to understand a company’s “exposure to the risk of employees, agents and other associated persons committing fraud in the scope of the offence”.

The introduction of the FTPF offence provides new impetus to fraud risk assessment efforts. A well-executed fraud risk assessment not only helps companies identify existing vulnerabilities but also strengthens fraud prevention efforts in a cost-effective manner.

Where an organisation’s defence may depend on the effectiveness of such an assessment, it makes sense to go back to basics, and focus on the three elements of the fraud triangle; Opportunity, Motive and Rationalisation.

^{Hear from Deliveroo’s Head of Compliance Daniel Jarman in conversation with FRA fraud risk experts in our live webinar 26 June, where we explore the practicalities of preparing international businesses for the FTPF offence. Register here.}

Making risk assessments easy and cost-effective

While risk assessments are essential, businesses often hesitate to implement them due to concerns about cost and complexity. However, it is important to recognize that a risk assessment need only be proportionate to the size and complexity of the organization. All organisations, whatever their size, can streamline the process and make it more affordable by adopting the following approaches:

1. Implement a risk-based approach

• Focus on high-risk areas such as third-party relationships, procurement, revenue and payments rather than conducting an exhaustive review of all operations.
• Prioritize resources on material processes to maximize efficiency.

2. Incorporate fraud risk into other risk assessments

• Consider fraud alongside other financial crime related risks.
• Align fraud prevention measures with existing compliance and financial controls.

3. Use existing data and technology

• Leverage internal financial data, audit reports, and compliance records to assess and prioritise specific processes and associated fraud risks.
• Use data-driven techniques to identify areas of greatest exposure or eliminate immaterial processes.

4. Employee involvement and training

• Train employees to recognize the signs of fraud and encourage reporting through whistleblower programs.
• An alert workforce can serve as additional protection without the need for investment in new systems or controls.

5. Cross-industry collaboration

• Consider cross-industry collaboration to share fraud prevention best practices and resources.

The benefits of fraud risk assessments

Conducting fraud risk assessments is not just about compliance. It offers several strategic advantages that contribute to long-term business health:

1. Regulatory Compliance

• Conducting risk assessments demonstrates that an organisation has taken proactive steps to identify and prevent fraud, a defence against potential liability under the FTPF offence.

2. Strengthening Internal Controls

• Assessing risks allows businesses to implement targeted fraud prevention controls such as improved financial oversight, segregation of duties, and enhanced transaction monitoring.
• Strengthened controls lead to a more transparent and accountable corporate environment.

3. Early Fraud Detection

• Risk assessments help identify fraud risks before they crystallise as major incidents.
• By understanding the vulnerabilities an organization can proactively reduce the chances of fraud severely impacting its finances.

4. Financial Protection

• Through early identification of fraud risks, companies can minimise financial losses from fraudulent activities such as embezzlement, asset misappropriation, or financial statement fraud.
• Avoiding regulatory fines and legal fees saves significant costs.

5. Operational Efficiency and Transparency

• Strengthened internal controls lead to better financial management and decision-making.
• Clear fraud prevention policies reduce operational inefficiencies and foster accountability within the organization.

6. Enhanced Reputation and Stakeholder Confidence

• A proactive approach to fraud prevention builds trust among investors, customers, and suppliers.
• A company known for ethical practices can be more attractive to its stakeholders.

7. Competitive Advantage

• Businesses with strong fraud prevention measures are more resilient in volatile markets.
• Compliance with regulations positions the company as a reliable and trustworthy entity in its industry.

Alignment with existing frameworks

The principles stated in the Bribery Act 2010 and the Economic Crime and Corporate Transparency Act 2023 share significant commonalities with both advocating for the use of a risk assessment as a core element of effective compliance and any required defence.  

Next step: ensuring the effectiveness of internal controls

Conducting a fraud risk assessment is a critical step in preparing for the upcoming Failure to Prevent Fraud (FTPF) offence and in safeguarding companies against financial and reputational damage.

It underpins the effectiveness of internal controls by enabling companies to identify and prioritise potential fraud risks before they occur. With a clear understanding of these risks, companies can implement targeted, proportionate controls to prevent or detect fraud. Without such an assessment, internal controls may be poorly aligned, incomplete, or ineffective, leaving the company vulnerable. In the event of an investigation, authorities are also likely to expect evidence not only of internal controls, but of their effectiveness in mitigating any risks that have materialised.

The effectiveness of internal controls is the topic of our next article “How to demonstrate the effectiveness of your internal controls for fraud prevention”.