CRIME & FRAUD EXPOSURE SCORECARD
AUDIT PROCEDURES YES NO UNSURE SCORE
11 . Does your organization have an audit department or a person who is responsible for internal audit procedures ? q q q
12 . If weaknesses are discovered by an internal auditor , are they required to be reported directly to the owners , partners , members or board of directors ? q q q
13 . Does your organization have its financial statements audited by an outside firm on an annual basis ? q q q
14 . Have all recommendations made by outside auditors been adopted ? |
q |
q |
q |
15 . Do internal auditors have the authority to audit any record at any time ? |
q |
q |
q |
16 . Do internal audits include all Internet , IT and fund transfer functions ? |
q |
q |
q |
17 . Does your organization follow an auditing cycle that includes audits on both a regular and surprise basis ? q q q
COMPUTER SYSTEMS CONTROLS YES NO UNSURE SCORE
18 . Does your organization have software in place to detect fraudulent computer usage by employees ? q q q
19 . Does your organization require all passwords and access codes to be changed at regular intervals ? q q q
20 . Does your organization immediately remove system access for inactive and terminated employees ? q q q
21 . Are passwords required in order to access sensitive information ? q q q VENDOR & PURCHASING CONTROLS 22 . Does your organization maintain and utilize a list of approved vendors ? q q q
23 . Does your organization have a system or set of processes for detecting payments to fictitious suppliers ? q q q
24 . Are background checks performed on all vendors to verify ownership and financial capability prior to conducting business with them ? q q q
25 . Is the responsibility for authorizing vendors , approving invoices and processing payments segregated among different employees ? q q q
POLICIES & PROCEDURES
YES NO UNSURE SCORE
YES NO UNSURE SCORE 26 . Does your organization have fraud , code of ethics and conflict of interest policies in place ? q q q
27 . Does your organization have procedures that allow employees to confidentially report suspected fraud or theft ? q q q
28 . Are employees required to complete conflict-of-interest disclosure forms annually ? q q q PHYSICAL SECURITY YES NO UNSURE SCORE
29 . Are former employees denied access to your organization ' s property immediately upon termination ? q q q
30 . Does your organization have physical controls ( e . g ., an alarm or surveillance system ) in place to restrict and monitor unauthorized access to your property ? q q q
TOTAL SCORE :
MODERATE RISK : 0-18 POINTS HIGH RISK : 21-60 POINTS ESCALATED RISK : 63-90 POINTS
SPRING 2017 | 27