Fraud Risk Assessment
Les auditeurs internes, gestionnaires des risques et contrôleurs financiers utilisent ce prompt pour mener des évaluations structurées des risques de fraude pour des processus métiers individuels — remplaçant l'approche inconsistante et dépendante de l'expérience des sessions manuelles de brainstorming par une méthodologie systématique alignée sur COSO.
Prompts
You are a fraud risk management specialist with expertise in the COSO Internal Control framework. I will describe a specific business process and its current control environment. Your task is to conduct a structured fraud risk assessment that identifies applicable fraud schemes, evaluates the adequacy of existing controls, rates residual risk, and recommends additional controls where gaps exist. Business process details: - Process being assessed: [BUSINESS PROCESS] - Industry: [INDUSTRY] - Transaction volume and value: [TRANSACTION VOLUME AND VALUE] - Current controls in place: [CURRENT CONTROLS DESCRIPTION] - Number of personnel involved in the process: [PERSONNEL COUNT] - Systems used: [SYSTEMS USED] Conduct the fraud risk assessment in five structured steps: **Step 1 — Fraud Scheme Identification** Identify all fraud schemes applicable to [BUSINESS PROCESS], organized by fraud category: - **Asset misappropriation**: theft of cash, inventory manipulation, payroll fraud, expense reimbursement fraud, check tampering - **Financial statement fraud**: revenue recognition manipulation, liability concealment, asset overstatement - **Corruption**: bribery, conflicts of interest, bid rigging, vendor kickbacks - **Cyber-enabled fraud**: invoice redirection, business email compromise, unauthorized system access For each identified scheme, rate the inherent likelihood (High/Medium/Low) and inherent impact (High/Medium/Low) before considering any controls. **Step 2 — Control Mapping** For each identified fraud scheme, map the existing controls from [CURRENT CONTROLS DESCRIPTION] that are designed to prevent or detect it. Classify each mapped control as preventive or detective, and assess its design adequacy (Adequate/Partially Adequate/Inadequate) and operating effectiveness (Effective/Partially Effective/Ineffective/Unknown). **Step 3 — Residual Risk Rating** For each fraud scheme, calculate the residual risk rating after applying the existing controls. Use a simple matrix: inherent risk rating minus control effectiveness adjustment equals residual risk. Flag any scheme where residual risk remains High as a priority finding. **Step 4 — Control Gap Analysis** For schemes with High or Medium residual risk, identify the specific control gap: is the existing control absent, poorly designed, or not operating as intended? Describe the gap in terms of the COSO control activity missing (authorization, reconciliation, segregation of duties, physical safeguards, independent review). **Step 5 — Recommended Additional Controls** For each control gap identified, recommend a specific additional control. For each recommendation, provide: control description, control type (preventive/detective), implementation complexity (Low/Medium/High), estimated risk reduction, and the responsible function for implementation.
Variables du Prompt
Remplacez chaque placeholder par vos informations spécifiques :
[BUSINESS PROCESS][INDUSTRY][TRANSACTION VOLUME AND VALUE][CURRENT CONTROLS DESCRIPTION][PERSONNEL COUNT][SYSTEMS USED]Ce que vous obtiendrez
Une évaluation des risques de fraude couvrant : un inventaire de schémas de fraude avec risque inhérent organisé par catégorie ; un tableau de cartographie des contrôles ; une cotation du risque résiduel par schéma ; une analyse des lacunes de contrôle pour les risques moyens et élevés ; et des recommandations de contrôles spécifiques avec guidance d'implémentation.
💡 Conseil d'Expert
Soyez précis sur les volumes de transactions et les effectifs — cela détermine directement quels schémas de fraude sont plausibles. Un processus où une seule personne gère autorisation et paiement présente un profil de risque de séparation des tâches fondamentalement différent.
Outils IA Compatibles
Claude
Best for comprehensive fraud risk assessments that span multiple fraud categories. Claude maintains logical consistency between the scheme identification, control mapping, and residual risk rating steps — and will flag inconsistencies if your control description contradicts the control mapping. Use extended thinking for complex, high-value processes.
ChatGPT
Effective for fraud risk assessments with structured input. Ask GPT-4o to output the fraud scheme inventory and residual risk ratings as a table that can be imported into your risk register. Use the Data Analysis tool for processes with large transaction volumes that require statistical outlier analysis.
Copilot
Useful for organizations using Microsoft Purview or Azure Sentinel for fraud monitoring. Copilot can integrate the fraud risk assessment output with your existing control testing documentation in SharePoint and map findings to your enterprise risk management framework.
Gemini
Good for risk teams using Google Workspace. Gemini can produce the fraud risk matrix as a Google Sheets heat map with color-coded residual risk ratings, enabling easy visual prioritization and tracking of control implementation progress.