A Good Practice guide for:

Assessing Fraud Risks

Contents

Introduction ....................................................................................... 3

Risk assessment practices ............................................................... 5

Expert Advice .................................................................................. 21

Conclusion ...................................................................................... 24

Thank you ....................................................................................... 25

Further reading ................................................................................ 26

Page 2 of 26
Introduction
The Local Government Fraud strategy „Fighting Fraud Locally‟ (FFL) was published in
April 2012, and is a strategic approach developed by local government, for local
government, to address the need for greater fraud prevention and smarter enforcement.

FFL recommends actions that, if adopted across local government, will not only enable
local authorities to become better protected from fraud but also contribute to the
nation‟s ability to detect and punish fraudsters.

The new approach will strengthen the counter fraud response across local government
and will result in more fraudsters being caught, more fraud prevented and more money
returned to authorities.

The creation of this guide is a result of a FFL recommendation, for the National Fraud
Authority (NFA) to collate and disseminate best practice and develop tools to support
Local Authorities in assessing their fraud risks. We define „fraud risk‟ to be a situation
whereby a Local Authority is exposed to the danger of a financial loss through wrongful
or criminal deception.

FFL identifies particular high risk areas, such as Housing Tenancy, Council Tax and
procurement. In conjunction with these high risk areas, local authorities are
recommended to look at their own specific risks in relation to local initiatives and
Council policy.

Different methods are being implemented by local authorities to assess risks, most
commonly with the aid of a risk register, which can be a very valuable tool. FFL
publication The Compendium of Powers and Penalties states, „„the authority’s own risk
register (ideally a dedicated fraud risk one) could be used as a starting point in deciding
which areas [of the organisation] to examine.’’ Some authorities have even created risk
assessment tools, such as the „Wheel of Fraud‟ developed by the Mayor‟s Office of
Policing and Crime, in their bid for better fraud risk management. Some however, are
far from being at an advanced stage in their fraud risk management.

The NFA engaged with Councils to hear about their good practice in this field of work.
What follows are their contributions, in their own words. The Agency also spoke to
experts from other organisations for their advice, and their contributions are within the
blue shaded boxes.

The information contained herein is not intended to direct the procedures of any Local
Authority, but is simply meant as an opportunity to share some of the good practice
performed by Local Authorities across the country.

Page 3 of 26
We would like to thank the NFA all those individuals from various Local Authorities and
other organisations who have given up their time to contribute to this guide.

Page 4 of 26
Risk Assessment Practices

Bristol Council

Bristol‟s strategic approach to managing the risk of fraud is based upon an Audit
Commission Fraud survey in 2010/11, which identified the main risk areas as being
Housing Benefits, Local Taxation (including Single Person Discount, „SPD‟), and
“others” including payroll/pensions/expenses, false insurance claims, procurement,
abuse of position, Blue Badge and Social Care. In addition, the Council will run a
Government funded campaign against Housing Tenancy fraud.

A Fraud Awareness training package (on-line and interactive) was designed in-house
and rolled out to Tier 1- 4
managers. In addition to
general advice, it
contained guidance for
each service area on how
to complete a Fraud Risk
Assessment Workbook; a
few example pages can
be seen on the next page.
A specific Bribery &
Corruption on-line and
interactive training
package was also designed in-house and rolled out to officers specifically identified to
be most at risk to illegal approaches.

At Bristol, frauds which are reported by management to Internal Audit are subject to a
fraud investigation risk assessment to determine whether management or Internal Audit
conduct the investigation. This assessment can be seen on page 8.

Page 5 of 26
Pages from Bristol’s Fraud Risk Assessment Workbook

Page 6 of 26
Page 7 of 26
Bristol’s Fraud investigation risk assessment

When assessing whether a suspected fraud should be investigated by Internal Audit or the
Directorate concerned the following factors will need to be considered:

Factor Details Score:

low
medium
high
Amount involved

Reputational risk
Member / Senior management involvement
Complexity
Other factors (please specify)

Generally if any of the above areas score a high rating or two or more areas score a medium rating then
the investigation should be carried out by Internal Audit. Other relevant factors identified may override
any decision as to whether or not Audit will investigate.

Amount involved

<£1,000 = low
£1,000 to £5,000 = medium
>£5,000 = high

Reputational risk

Generally theft by Council staff would score medium, as the loss of taxpayers money and any lack of
integrity in Council staff would generate at least local publicity. Other factors might move this up to high if
national publicity is likely to be generated. For example if the fraud relates to anything that is currently a
hot topic such as expenses claims or the protection of children or vulnerable adults. If the losses are
significant or the case is novel it could also potentially generate national publicity.

Losses due to external fraud are more likely to score low unless there is blatant negligence on the part of
Council staff, the losses are potentially significant or the fraud occurs frequently and is common
knowledge.

Member / Senior management involvement

A member or senior manager has specifically requested that Internal Audit investigate. A member or
senior manager is suspected of carrying out the fraud. There is a known history of fraud / failure to deal
with fraud within that Directorate.

Complexity

Consider any factors that may make the investigation more complex e.g. where data capture of an
individual's PC is necessary or complex financial transactions have taken place for money laundering
purposes.

Other Factors

This section allows the Audit Manager to override any decision to investigate or not based on any other
information they consider relevant. Other factors to consider could include how good the evidence is or is
likely to be e.g. if the fraud relates to theft from a safe but all members of staff have access to the key

Page 8 of 26
then there would be little value in carrying out a fraud investigation but an audit of control procedures (or
lack of) may be of benefit.

Shropshire Council
In order to assess fraud risks, Shropshire Council regularly completes a needs
assessment on all audit areas, which includes a category for fraud. They use Fraud
Risk Evaluation Diagnostic (FRED) from CIPFA Better Governance, and are currently
developing a fraud risk assessment mapped against their audit plan.

Shropshire is also planning to use a Fraud Resilience tool from National Anti-Fraud
Network (NAFN) as well as Audit Commission checklists at the end of each
fundamental audit, and consider fraud risks for all audits undertaken in terms of
previous history of fraud, nature of service, strength of internal controls and financial
implications.

London Borough of Camden Council

Camden Council uses a case management database, which runs reports on fraud
cases and looks at trend analysis, giving the fraud team an opportunity to assess fraud
risks arising from reactive casework. The system is called „Paws‟ (Pentana Audit Work
System) developed by software company, Pentana. Camden Council has its own
bespoke version.

The Council runs a risk assessment for each case of fraud that arises. Using a 5 by 5
Intelligence module matrix, the fraud is measured as being of low, medium or high
priority and is scored accordingly.

A corporate risk framework is in place at Camden where fraud is a standing item on all
risk registers. The anti-fraud team at Camden forms part of the Internal Audit,
Investigations and Risk Management (IAIRM) Department which maintains its own
register. Risk registers are maintained by Deparments, and feed up to the Corporate
risk register. The fraud risks idenitifed via these risk registers form the basis for
rationale in determining the annual pro-active fraud projects, internal audit plan, and
high risk areas on the corporate risk register. This ensures a robust assessment of
fraud risk across the board:

Page 9 of 26
 1. targeting high risk areas for pro-active work or fraud awareness workshops

2. ensuring fraud risk is shared between the Teams to inform planning and testing
of audits

3. that no details are missed, all information is shared, work is easier to complete,
and risks are not duplicated.

London Borough of Newham

Newham Council are now trying to focus more on assessing fraud risks and the anti-
fraud team have recently drawn it into their objectives and targets.

Newham have a corporate risk register whereby risk owners have to identify fraud risks.

Fraud risk assessments also take place whilst cases are being investigated. If a risk is
identified during an investigation, this is then fed back into the Council‟s Audit Plan, and
where necessary changes to the controls and processes are implemented to stop future
frauds occurring. Risk assessments also occur during data matching to ensure that high
quality matches are investigated first.

Beyond the Council gates

Case Study: Mayor’s Office of Policing and Crime (MOPAC) – the ‘Wheel of
Fraud’

MOPAC is headed by the Mayor of London, making the Mayor directly accountable for policing
performance in London. MOPAC makes this process, and accountability, clearer and gives Londoners
a further voice in how their city is policed. MOPAC have developed the ‘Wheel of Fraud’, a fraud risk
tool.

For many years, MOPAC has been committed to identifying fraud risk, assessing the
likelihood and impact, and working towards minimising the risk to the organisation of
the occurrence of fraud. They understand how taking a strategic approach to
understanding and managing the risk of fraud helps to drive out potential abuse of the
system.

The wheel of fraud first came about when MOPAC wanted to find a different way of
assessing their fraud risks, instead of the typical brainstorms and workshops etc.
They were after a much more accurate and scientific approach of finding out what
their fraud risks were.

Continued...

Page 10 of 26
Audit assessments are conducted by MOPAC‟s auditors on all areas of the office‟s
work, scoring them to determine which audits are due. As well as these assessments,
other factors drive work priorities, such as media stories and public events. All these
results determine the audit plan.

The initial stage of the analysis was to identify the fraud risks within the internal
systems and then establish the likelihood and potential effect should they occur.
Risks were weighted using an existing Audit scoring methodology. Over 200 systems
are scored against the following risk criteria:
Level of expenditure per year
Level of income
Other funds affected
Sensitivity of system or data
Expected quality of control
Impact of system on operational objective
Time elapsed since last audit.

To reflect that this was a fraud risk analysis, the fraud team add two additional criteria
to the scoring system:
Staff accessibility
Reputational damage

An overall fraud risk score for each system is subsequently determined.

Fraud risks are then ranked to give a range and determine if they fall into a high,
medium (split into upper and lower) or low risk level. The results are then plotted onto
a pie chart for ease of visual presentation. The whole process takes a couple of
months.

Results of this tool can be seen on the following page. The first diagram displays the
proportionality of fraud risk within the areas of MOPAC business. The second
diagram displays the potential fraud risks, colour coded by their risk score. The table
places individual fraud risks into business area categories and colour codes each
individual risk according to its score. These results are from 2011, and MOPAC are
due to update it in 2013, having decided to conduct these assessments bi-annually.

MOPAC feel that the wheel of fraud is a very useful tool to accurately look at and
assess fraud risks. They treat it as a living document, as risks are constantly
changing and need to be reviewed regularly.

Page 11 of 26
Page 12 of 26
Beyond the Council gates

Case Study: Transport for London

TFL are always looking at fraud risks and are focused on preventative measures.
The team have a meticulous fraud case building routine, which is always followed
carefully whenever a fraud case arises. TFL‟s focus and priority during case building
is risk management, more so than the investigative process. Therefore, the team
tend to focus on why and how the fraud occurred and how to prevent it from
happening again.

During an investigation cycle, fraud risks relating to the case are looked at closely.
Fraud risks are also reviewed toward the end of the cycle. On top of this, reviews of
reports are ongoing; every four weeks ongoing cases and trends are reviewed.

Page 13 of 26
Stroud District Council
The Head of Finance at Stroud District Council ensures that possible fraud and
corruption risks are identified by ensuring the following:

Unmitigated risks are assessed and scored in terms of probability and severity
Mitigating controls are identified and assessed
Mitigated risks are assessed and scored in terms of probability and severity
Actions necessary to reduce mitigated risk scores are specified
Target scores are established
The above are recorded in the Council‟s risk register

Each year the Head of Finance will also ensure that fraud risks in the risk register are
reviewed by:

Identifying new risks

Deleting risks which no longer exist
Reviewing mitigating controls and scores
Assessing the effectiveness of action taken to reduce scores, and achieve
targets

Review work is also recorded in the fraud risk register, and is reported to the Corporate
Team and to the Audit Committee.

The document on the following page, Document X, shows SDC‟s scoring system for
their fraud risk assessments.

The second document, Document Y, shows SDC‟s Fraud checklist with which they can
assess Stroud‟s fraud risks.

Page 14 of 26
DOCUMENT X- INTERNAL AUDIT RISK ASSESSMENT- Stroud District Council

ASSESSMENT SCORE DESCRIPTION

Monetary Value – 10 >£3M
sum of income and 6 >£1M < £3M
expenditure 4 >£0.5M < £1M
2 >£100K < £0.5M
1 <£100k
Inherent Risk 5 High exposure to public scrutiny, complex legal
framework, high volume of transactions, statutory
4 function, outsourced/partnership arrangement for
service delivery
3 High volume of „cash‟ transactions and/or exposure
2 to public scrutiny, and/or statutory function
1 High volume of „cash‟ transactions, and/or statutory
function.
Low volume of „cash‟ transactions, non-statutory
function.
Low volume of transactions, non-statutory function.
Internal Audit 5 Poor control system, and/or high opportunity for
control perception 4 fraud and corruption
3 Control weaknesses that needed rectification last
2 audit
1 Unable to make clear judgement/new system
Control environment proved adequate last audit
Control environment has proved adequate for a
number of years
Complexity of 5 Very complex systems and processes used in
Systems 4 generating significant service related results
3 Complex data inputs, or strategically/operationally
2 important outputs
1 Moderate systems but accuracy of process has
significant impact, systems stability issues
Complex or moderate systems with stable
performance and processing history
Simple or no ICT system used
Period since last audit 5 5 years
4 4 years
3 3 years
2 2 years
1 Last financial year

Page 15 of 26
DOCUMENT Y- COUNTER FRAUD CHECKLIST- Stroud District Council

Does the Council have a clear policy of reducing losses from fraud
and corruption to an absolute minimum / zero tolerance approach?
Does this have strong and visible support from senior officer
management and Members?
Is there an Audit Committee?
Is this a stand-alone Committee?
Does it have clear terms of reference?
Are Members of the Committee adequately trained for their role?
Is there a Money Laundering Policy?
Are steps taken annually to raise awareness of this?
Is there a Whistleblowing Policy?
Are steps taken annually to raise awareness of this?
Is the Whistleblowing Policy reviewed annually by “those charged
with governance”?
Are responsibilities defined for maintaining the Whistleblowing
Policy?
Are responsibilities defined for recording Whistleblowing cases?
Is there a dedicated fraud and corruption resource?
Is this adequately trained and experienced?
Are fraud and corruption risks formally identified and assessed?
Is there an annual assessment/reassessment of fraud and
corruption risk?
Is there a Fraud and Corruption policy?
Is this agreed by members and senior management?
Is there an annual review of this Policy by Members?
Is there an annual report on counter fraud and corruption activity
and performance?
Does this report show losses sustained through fraud and
corruption?
Does this report go to Members?
Is this report made public?
Is there a clear ethical framework for officers and Members?
Are new employees and Members made aware of fraud and
corruption issues?
Are reports dealing with identified fraud risks acted upon?
Are potential fraud risks identified and minimised at source?
Is clear guidance given during fraud investigations?
Is investigation work monitored to ensure timeliness, adequate
standards etc?
Is publicity given to successful prosecution of fraud and corruption
cases?
Are there clear instructions about who should be informed of fraud
and corruption suspicions, and who will deal with them?
Is there a Fraud Response Plan?

Page 16 of 26
Anonymous Council

In order to assess fraud risks of planned work, Internal Audit at this Council conducted
a Fraud & Corruption audit which considered:

the various guidance and advisory documents the Council had received over the
past couple of years (i.e. Fighting Fraud Locally, Protecting The Public Purse
and documents from other bodies)
the Council's policy for fraud, corruption and bribery
audit investigation procedures
whistleblowing
NFI
Other risk areas

The Council has a standard risk objective in audits to consider fraud risk in the area
being assessed and to ensure that it is recognised in the area's Operational Risk
Register.

The Council‟s policies have been reviewed and, where necessary, updated (e.g. the
Bribery Act). The fraud risk areas facing the Council have been identified and
consideration given to controls in place. Work has already been undertaken to put this
in place. The Council has internally performed data matching in respect of their housing
tenancy data and also used third party sources for Council Tax SPD matching and also
for duplicate invoice checking.

In addition to this, an annual Counter Fraud Report is provided to the Corporate

Management Team and to the Audit & Governance Committee. (In the event of a fraud,
more immediate reports would also be provided).

The template below shows a small section from the Council‟s „Fraud & Corruption -likely
areas‟ document. The full document is extensive and includes other columns such as
„last performed‟, „other checks‟, „recent and future work‟, and „target‟. The excerpt below
gives an indication of the full document‟s content and layout. It is maintained by the
Chief Internal Auditor as a 'living document' and is updated for audit work, new
guidance, and system changes.

Page 17 of 26
Fraud & Corruption - likely areas within the Council
Type Of 'Fraud'
Council Tax - Single Person
Discount
Council Tax - Student Disregard
Council Tax - other discounts /
exemptions
National Non-Domestic Rates -
discounts / exemptions
Elections
Housing - Tenancy (sub-letting)
Housing - Right To Buy
Housing - tenancy succession
Pensions
HR - employment
HR - miscellaneous
Accounts Payable
Concessionary fares
Parking permits
Blue Badge - disabled parking
Benefits
Insurance
Licences
Procurement - contracts
Procurement - use of company
cards
Controls Data Matching
NFI - to Electoral Roll
Form required / evidence;
liaison with local colleges
Policy for award of exemptions / discounts, as per
legislative requirements;
Current form required annually
Policy for award of exemptions / discounts, as per
legislative requirements;
Exemptions / thresholds e.g. SBRE may change
annually and are calculated by the system;
Discounts may be mandatory or discretionary
Electoral registration process controls
Checks on entitlement made at allocation stage NFI
Checks on entitlement;
High-level criteria contained in tenancy agreement,
based on legislation NFI
Checks on entitlement / succession;
High-level criteria contained in tenancy agreement,
based on legislation
NFI - to Council and
Not maintained by Council 3rd party records
NFI - payroll to
entitlement to work
(including UKBA data)
NET2 access recording; Internet use logging
Finance controls over supplier set-up and amendment, NFI - various matching
invoice processing, etc criteria
Photos required with application; NFI - checked to
photo on entitlement card presented for journeys records of deaths
NFI - checked to
Permits are paid for in advance records of deaths
Not maintained by Council
NFI - checked to
various Council and
3rd party records
NFI - checked to
insurer and 3rd party
Claims reviewed by Insurance Officer and insurers records
NFI - checked to Home
Office (and other 3rd
Identity, etc. checks party ) records
Procurement Officers involved in major tender
exercises; tendering process control; Council Standing
Orders, etc.
Control of corporate credit cards - only issued by
Finance and credit limits applied;
Finance review of transactions and reconciliations
before payment of card bills
Page 18 of 26

Corrupt practices - miscellaneous
Bribery Act 2010 notification to all Officers and
Members;
Anti-Fraud, Corruption & Bribery Policy updated in
2011/12;
Officer and Member Codes of Conduct;
Registers of Interests and hospitality;
Members' Related Party Transactions declarations

Published policy;
Money Laundering designated responsible officer (Head of Finance)
Agreed Strategy and Policy; Finance controls;
Treasury Management dual control over investments and funds transfers
Money Transfers IT controls over BACS transmissions

DPA Awareness Training;

Information Security Policy - Requirement For Staff
Understanding;
Email And Internet Acceptable Usage Agreement;
Restricted Use Of Portable Media;
Email Content Checking;
Virus / Malware Checking;
Data loss Home Working Policy

Solihull Council

In order to assess fraud risks, Solihull Council's Internal Audit team maintain a fraud risk
register, assessing and actioning key fraud risks facing the Council. These risks are
taken from both national data, e.g. SPD, Procurement fraud, Blue Badges and also
local fraud risks, where identified.

These risks inform and direct the Council‟s counter fraud work, and also links in with
their internal audit work, where appropriate.

Gravesham Borough Council

The Internal Audit team at Gravesham Borough Council take fraud risk into account
when developing the annual internal audit plan. An audit needs assessment is
conducted to identify the potential areas for audit review; this is supplemented by a
specific assessment of fraud risks to which the council may be exposed. Where the
fraud risk in a particular area is assessed as high, the annual audit plan will include a
targeted audit review of counter fraud arrangements in that area.

The brief for the audit review will be developed by the Internal Auditors, seeking
professional input from Investigative staff, and will take into account known fraud trends
within the borough and counter fraud best practice. The review itself will seek to ensure
that sufficient controls are in place to prevent fraud from entering system gateways
Page 19 of 26
and/or to detect fraud within a system. The findings of the audit will also be shared and
discussed with Investigative staff to ensure that audit recommendations made will be
effective in improving or enhancing counter fraud measures to manage the fraud risks
identified by the audit.

This approach enables Gravesham Borough Council to use its investigative resources
in an effective way to proactively develop its counter fraud arrangements.

Torbay Council

For non-benefit fraud, Torbay Council have an annual risk based approach to planning
audits, starting with an „Audit Universe‟ whereby risk scores are applied to five areas of
audit risk, and a total score provides risk prioritisation index.

Reports are written and provided to the Audit Committee every six months, as well as
an annual report to the Council, informing senior management and members of fraud
risks. Client engagement is conducted, as part of the annual risk planning cycle,
including identification of emerging or changing risks. The Council also completes a
fraud resilience tool as well as the Audit Commission‟s annual Fraud Risk Self
Assessment, Fraud and Corruption Survey, and the Protecting the Public Purse
checklist.

In addition to its risk assessments, Torbay investigates National Fraud Initiative (NFI)
matches, and holds memberships of various groups & organisations including NAFN,
West of England Audit Fraud Group, and Benefit Fraud Investigators Group which
brings with it a sharing of fraud issues and risks.

Page 20 of 26
Expert Advice

David Foley, RSM Tenon

RSM Tenon offer accountancy and business advisory services, including fraud solutions, for
a wide range of clients. David Foley is a director at RSM Tenon and a counter fraud
specialist.

Local authorities could be doing a lot more to assess their fraud risks, and would
benefit from learning more about risk management. Investigators tend to focus more
on the reactive side of anti-fraud work, not the preventative side, but it is felt that
lessons learned from incidents of fraud, would benefit in assisting you directing your
resources to areas which may require additional attention. Intelligence, trends,
patterns and system weaknesses should flow from investigations, enabling you to
identify areas across your organisation, which with added focus should lead to
reductions in the same types of fraud reoccurring.

It is encouraging that the emphasis is now shifting, with greater resources being
diverted to proactive work, such as awareness, prevention and detection work, with a
number of local authorities doing some fantastic work, achieving some great results
and more importantly reductions in levels of fraud and financial recoveries.

However, before designing a proactive plan, a key recommendation would be to

ensure that you understand the nature and scale of fraud risks that your organisation
faces, whereby you will then be able to focus resource on the areas most at risk.

A way of doing this is through a fraud risk assessment, which will assist in gaining a
full understanding of where YOUR organisation‟s fraud risks are, thereby enabling
you to build a bespoke programme of work to take effective action. There are a
number of ways of doing this, but a successful way could be by using the approach
below, although not necessarily in any specific order:

Level 1- Strategic

Make sure the organisation is strategically well placed to identify fraud. The CIPFA
Red Book 2 should be the starting reference point for this. It can be used to assess
fraud risks at a strategic level and assess the answers to some fundamental
questions, such as: Are strategic structures in place? Is the right culture in place? Are
your staff trained in fraud awareness?

Continued...

Page 21 of 26
Answers to these questions will be measured by a traffic light system. A number of
Councils will find that some answers will hit green, but many others won‟t. Using this
document will provide a good dashboard as to where an organisation is at and lets the
organisation know what area of work or risk may require attention as a priority, to
address areas identified requiring improvement.

Level 2- Operational

A fraud risk assessment should be broken down by department. It should be similar to

an audit, but focus solely on fraud risks. It will involve process mapping and speaking
to service leads, and all levels of staff. It is essentially about finding out what different
people are doing in their day to day roles, measuring this against policy and
procedures in place, alongside what it actually happening in reality.

This piece of work should be performed across the whole organisation, so it may be a
comprehensive piece of work; however it enables you to gain a greater understanding
of the functions of the Council, whilst identifying fraud risks which impact on the
organisation operationally.

Level 3 - Departmental

This assessment will be similar to the operational level 2; however it is intended to be

undertaken in areas deemed high risk, such as Accounts Payable, Finance,
Procurement and HR. It involves a detailed process mapping and walkthrough of all
functions within the specified area, to fully gain an understanding, whilst also testing
their compliance with policies and procedures in place. This is in essence a full review
of a department, whereby the outcomes should produce increased fraud prevention
measures in place, or a good level of assurance that the risk of fraud is being
effectively managed.

Risk assessment is ultimately about conversation, with the aim of understanding the
organisation and its departments, and knowing where and how things are going
wrong, accepting that on occasions things do go wrong, then learning and putting
things right.

Hints & Tips

There probably has never been a time previously, where the availability of information,
guidance and support is present to assist investigators, counter fraud specialists and
organisations to effectively prevent and detect fraud. Most of this is publically available
for use.

Continued...

Page 22 of 26
Several recommendations would include taking a look at the Fighting Fraud Locally
Strategy, which provides some very useful guidance and success stories. A simplistic
way of starting out would be to use the checklist, which is provided as part of this
document. It is also recommended that the CIPFA „TISonline‟ webpage is used,
which provides a wealth of information to assist you, whilst also enabling you to
engage with fellow practitioners and share best practice, seek advice and guidance
on the forum available.

In conclusion, the key to risk assessments is to think carefully about what is

happening in your organisation; what cases of fraud there have previously been, and
how were they enabled to occur, what are the current policies and controls are in
place, which staff are doing which roles, etc. It is important to be wary of obvious risks
such as a supplier changing their bank details, etc.

However, when making recommendations for fraud risks, it is important that they are
relevant and that the benefits of implementation are realistic and cost effective. The
overarching outcome, is that you should be striving to have a detailed fraud risk
register, which is the dashboard for driving your fraud work, whilst an assurance tool
that you are taking effective action.

Page 23 of 26
Conclusion
We can see from this guide that many local authorities are successfully assessing their
fraud risks. By doing this, they have better awareness of how fraud impacts on their
organisations, as well as what action to take to reduce these risks, and thus, prevent
fraud from taking place. A successful anti-fraud strategy needs to be informed by a
good awareness of fraud risks, and an understanding of the benefits this can bring.

Different Councils use various methods, such as referring to comprehensive fraud

guides and checklists, creating and using dynamic tools and visual aids, analysing
reported fraud cases, or most commonly using a risk register, whether that is a
dedicated fraud risk register or a corporate risk register.

It is also apparent that many Councils are only just beginning to assess their fraud risks
and with this we can see a strong effort to incorporate measures that will develop their
anti-fraud response, an acknowledgement in itself of the importance of risk assessment
in the fight against fraud.

Much improvement is still needed across the board for good risk management to be
adopted and enforced. Councils are encouraged to look closely at the obvious high risk
areas of their organisation and identify fraud risk management as an entrenched part of
their processes.

Page 24 of 26
Thank you

Alan Day & David Lee, Transport for London

Ceri Pilawski, Shropshire Council
David Foley, RSM Tenon
Dick Lawrence, Bristol Council
Emma Vick, London Borough of Newham Council
Gill Hayman, Mayor‟s Office for Policing and Crime
James Flannery, Gravesham Borough Council
Jeremy Frost, National Anti-Fraud Network
Mark Taylor, Dorset County Council
Michael Nadin, Stroud District Council
Nina Thomas, London Borough of Camden Council
Stephen Pearse, Arun District Council
Vince Langdon, Torbay Council
Zoe Covington, Solihull Council

Page 25 of 26
Further reading...
FFL Checklist

A checklist developed by Grant Thornton in conjunction with Fighting Fraud Locally

for local authorities to use as a standard to measure themselves against when
creating an effective counter fraud culture
http://www.tisonline.net/riskmanagement/default.asp?section=Fraud&secpos=7

The CIPFA Red Book 2 ‘Managing the Risk of Fraud’

A document to help organisations benchmark their counter-fraud capability and

governance arrangements. A third edition is to be published in the near future.
http://www.cipfanetworks.net/governance/documentation/default_view.asp?library=15
7&category=1255&content_ref=7550

Fraud Risk Evaluation Diagnostic (FRED)

An assessment tool to evaluate an organisation‟s counter fraud arrangements and

identify areas of risk.
http://www.cipfanetworks.net/governance/fred/default.asp

CIPFA TISonline- Risk Management

The Risk Management pages on the CIPFA TISonline website provide good practice
and advice on risk management including risk analysis and monitoring; it also
provides examples of risk registers.
http://www.tisonline.net/riskmanagement/default.asp

CIPFA Benchmarking

NFA joined forces with CIPFA to put together a series of questions to help councils
assess themselves on Fighting Fraud Locally. Further details, including access to
example outputs and questionnaires, can be found at www.cipfabenchmarking.net
and www.cipfastats.net. The benchmarking exercises are designed to answer key
questions regarding performance.

Page 26 of 26