CRIME & FRAUD EXPOSURE SCORECARD
AUDIT PROCEDURES YES NO UNSURE SCORE
11. Does your organization have an audit department or a person who is responsible for internal audit procedures? q q q
12. If weaknesses are discovered by an internal auditor, are they required to be reported directly to the owners, partners, members or board of directors? q q q
13. Does your organization have its financial statements audited by an outside firm on an annual basis? q q q
14. Have all recommendations made by outside auditors been adopted? |
q |
q |
q |
15. Do internal auditors have the authority to audit any record at any time? |
q |
q |
q |
16. Do internal audits include all Internet, IT and fund transfer functions? |
q |
q |
q |
17. Does your organization follow an auditing cycle that includes audits on both a regular and surprise basis? q q q
COMPUTER SYSTEMS CONTROLS YES NO UNSURE SCORE
18. Does your organization have software in place to detect fraudulent computer usage by employees? q q q
19. Does your organization require all passwords and access codes to be changed at regular intervals? q q q
20. Does your organization immediately remove system access for inactive and terminated employees? q q q
21. Are passwords required in order to access sensitive information? q q q VENDOR & PURCHASING CONTROLS 22. Does your organization maintain and utilize a list of approved vendors? q q q
23. Does your organization have a system or set of processes for detecting payments to fictitious suppliers? q q q
24. Are background checks performed on all vendors to verify ownership and financial capability prior to conducting business with them? q q q
25. Is the responsibility for authorizing vendors, approving invoices and processing payments segregated among different employees? q q q
POLICIES & PROCEDURES
YES NO UNSURE SCORE
YES NO UNSURE SCORE 26. Does your organization have fraud, code of ethics and conflict of interest policies in place? q q q
27. Does your organization have procedures that allow employees to confidentially report suspected fraud or theft? q q q
28. Are employees required to complete conflict-of-interest disclosure forms annually? q q q PHYSICAL SECURITY YES NO UNSURE SCORE
29. Are former employees denied access to your organization ' s property immediately upon termination? q q q
30. Does your organization have physical controls( e. g., an alarm or surveillance system) in place to restrict and monitor unauthorized access to your property? q q q
TOTAL SCORE:
MODERATE RISK: 0-18 POINTS HIGH RISK: 21-60 POINTS ESCALATED RISK: 63-90 POINTS
SPRING 2017 | 27