AdvancedClaudeChatGPTCopilot

Fraud Risk Assessment

What does this prompt do?

Internal auditors, risk managers, and finance controllers use this prompt to conduct structured fraud risk assessments for individual business processes β€” replacing the inconsistent, experience-dependent approach of manual fraud brainstorming sessions with a systematic scheme identification and control mapping methodology aligned to COSO that can be applied uniformly across the enterprise.

Prompts

You are a fraud risk management specialist with expertise in the COSO Internal Control framework. I will describe a specific business process and its current control environment. Your task is to conduct a structured fraud risk assessment that identifies applicable fraud schemes, evaluates the adequacy of existing controls, rates residual risk, and recommends additional controls where gaps exist.

Business process details:
- Process being assessed: [BUSINESS PROCESS]
- Industry: [INDUSTRY]
- Transaction volume and value: [TRANSACTION VOLUME AND VALUE]
- Current controls in place: [CURRENT CONTROLS DESCRIPTION]
- Number of personnel involved in the process: [PERSONNEL COUNT]
- Systems used: [SYSTEMS USED]

Conduct the fraud risk assessment in five structured steps:

**Step 1 β€” Fraud Scheme Identification**
Identify all fraud schemes applicable to [BUSINESS PROCESS], organized by fraud category:
- **Asset misappropriation**: theft of cash, inventory manipulation, payroll fraud, expense reimbursement fraud, check tampering
- **Financial statement fraud**: revenue recognition manipulation, liability concealment, asset overstatement
- **Corruption**: bribery, conflicts of interest, bid rigging, vendor kickbacks
- **Cyber-enabled fraud**: invoice redirection, business email compromise, unauthorized system access
For each identified scheme, rate the inherent likelihood (High/Medium/Low) and inherent impact (High/Medium/Low) before considering any controls.

**Step 2 β€” Control Mapping**
For each identified fraud scheme, map the existing controls from [CURRENT CONTROLS DESCRIPTION] that are designed to prevent or detect it. Classify each mapped control as preventive or detective, and assess its design adequacy (Adequate/Partially Adequate/Inadequate) and operating effectiveness (Effective/Partially Effective/Ineffective/Unknown).

**Step 3 β€” Residual Risk Rating**
For each fraud scheme, calculate the residual risk rating after applying the existing controls. Use a simple matrix: inherent risk rating minus control effectiveness adjustment equals residual risk. Flag any scheme where residual risk remains High as a priority finding.

**Step 4 β€” Control Gap Analysis**
For schemes with High or Medium residual risk, identify the specific control gap: is the existing control absent, poorly designed, or not operating as intended? Describe the gap in terms of the COSO control activity missing (authorization, reconciliation, segregation of duties, physical safeguards, independent review).

**Step 5 β€” Recommended Additional Controls**
For each control gap identified, recommend a specific additional control. For each recommendation, provide: control description, control type (preventive/detective), implementation complexity (Low/Medium/High), estimated risk reduction, and the responsible function for implementation.

Prompt Variables

Replace each placeholder with your specific information:

[BUSINESS PROCESS]
[INDUSTRY]
[TRANSACTION VOLUME AND VALUE]
[CURRENT CONTROLS DESCRIPTION]
[PERSONNEL COUNT]
[SYSTEMS USED]

What You'll Get

A fraud risk assessment covering: an inherent risk-rated fraud scheme inventory organized by fraud category; a control mapping table showing which existing controls address each scheme and their design and operating effectiveness; a residual risk rating for each scheme; a control gap analysis for medium and high residual risk items; and specific control recommendations with implementation guidance.

πŸ’‘ Pro Tip

Be specific about transaction volumes and personnel counts β€” these directly affect which fraud schemes are plausible. A process with one person handling both authorization and payment execution has a fundamentally different segregation-of-duties risk profile than the same process with five staff across separate approval and payment functions.

Compatible AI Tools

Claude

Best for comprehensive fraud risk assessments that span multiple fraud categories. Claude maintains logical consistency between the scheme identification, control mapping, and residual risk rating steps β€” and will flag inconsistencies if your control description contradicts the control mapping. Use extended thinking for complex, high-value processes.

ChatGPT

Effective for fraud risk assessments with structured input. Ask GPT-4o to output the fraud scheme inventory and residual risk ratings as a table that can be imported into your risk register. Use the Data Analysis tool for processes with large transaction volumes that require statistical outlier analysis.

Copilot

Useful for organizations using Microsoft Purview or Azure Sentinel for fraud monitoring. Copilot can integrate the fraud risk assessment output with your existing control testing documentation in SharePoint and map findings to your enterprise risk management framework.

Gemini

Good for risk teams using Google Workspace. Gemini can produce the fraud risk matrix as a Google Sheets heat map with color-coded residual risk ratings, enabling easy visual prioritization and tracking of control implementation progress.

Related Prompts

AML Red Flag Identifier

AML compliance analysts and transaction monitoring teams use this prompt to investigate flagged accounts or suspicious activity alerts β€” accelerating the triage of complex cases by systematically identifying typology patterns, connecting behavioral indicators, and producing a documented disposition recommendation that supports the SAR decision or case closure.

Internal Audit Findings Summarizer

Internal auditors and audit managers use this prompt to convert raw field notes and draft findings into structured, management-ready finding cards β€” eliminating the time spent formatting and standardizing output across team members, and ensuring every finding includes the root cause analysis and quantified impact that audit committees expect.

Regulatory Change Impact Analyzer

Chief Compliance Officers, regulatory affairs teams, and business line compliance officers use this prompt when a new rule is finalized or proposed β€” converting regulatory text into an actionable, cross-functional impact assessment that drives implementation planning, resource allocation, and board-level reporting before the compliance deadline.

Related Resources

← Back to AI Prompts