A fraud risk assessment is the systematic process of identifying and prioritizing an organization’s inherent risks of fraud and their underlying motivators. This assessment identifies the fraud schemes that can emanate from these fraud risks and connects them to internal controls.
The outcome of a fraud risk assessment is the identification of the residual risk – in other words, the fraud risk that does not appear to be addressed by existing internal controls. This imperative process includes the exhaustive review of relevant materials, ‘brainstorming’ discussions with both employees and process owners, as well as the documentation of the fraud risk assessment.
In 2016, a university football team had the top recruiting class in Canada. Needless to say, the demand for tickets to home games was at an all-time high. Mr. Pete Simpson and Mr. Orenthal Rose were high-ranking employees within the university’s athletic department.
The ticket sale policy for the university clearly states the following:
- Employees within the athletic department may receive two complimentary tickets to every home game; however, the resale of these tickets is not permitted
- Potential donors to the athletic program receive complimentary tickets
- 5% of all tickets are set aside for charitable organizations
Due to the obvious lack of oversight and the absence of internal controls regarding ticket sales to the university football games, Mr. Simpson and Mr. Rose conspired to take full advantage, for their own benefit.
Mr. Simpson and Mr. Rose put their scheme in motion by:
- Receiving numerous complimentary tickets for every home game and ‘flipping’ or reselling them at a substantial markup to unsuspecting buyers
- Obtaining an inordinate and excessive amount of tickets for potential donors, once again reselling them at a higher amount for personal profit
- Reselling tickets that were earmarked for charitable organizations
The two employees were able to conceal their theft by allocating tickets to fictitious charitable organizations that they created, and by funneling complimentary tickets to bogus ‘potential donor’ accounts that they had also fabricated. After each home game, Mr. Simpson and Mr. Rose would cover their tracks by disposing of any materials that could be deemed incriminating, ultimately destroying the paper trail of ticket sales and any record of the complimentary tickets that had been disbursed.
In 2019, a new athletic director was hired and immediately expressed concerns in regard to the lack of policies and procedures in place for ticket sales to home football games. The new athletic director decided to open an investigation into past ticket sales over the previous 5 years. Before long, he had uncovered many irregularities from the 2016 season’s ticket sales.
An independent committee was established in order to maintain the objective oversight that is crucial to maintaining the efficacy of internal controls. New policies were created that required the mandatory disclosure and reporting of all athletic data and finances to the central financial administrators of the university. Furthermore, complimentary tickets for employees, potential donors and charities would become safeguarded by an independent board with responsibilities that included, but were not limited to, issuing quarterly ticket reports to the new athletic director and central financial administrators.