Fraud maps provide lay-of-the-land on exposures, controls

Creating and maintaining a tool to monitor fraud vulnerabilities may improve the control environment and help payers address risk proactively, according to a Fraud Intelligence article by Mike Sherrod, CFE, CPA. Like travel, fraud detection and prevention go smoother with a map of the terrain in hand.

A fraud map provides a detailed overview of all potential fraud schemes and risks that may affect an organization. A map also gives management a central clearinghouse for risk assessments while building anti-fraud awareness and commitment, the article noted.

Sherrod offered these pointers for creating a working fraud map:

Format: Maps can sit on an Access or Excel platform, with individual text boxes used for schemes affecting a given line of business.

Scheme descriptions: In clear and simple language, the map should define each fraud scheme and provide an example for users of how the scheme works. Payers can compile a schemes list after brainstorming with staff and management.

Likelihood of occurrence: Rate the assigned probability of each risk happening on a scale of 1 to 5 or high, medium or low.

Impact measurement: Rate the financial and reputational effects of materialized risks on a scale of 1 to 5 or high, medium or low.

People risk: Assess who's exposed by each risk within and outside the company.

Current controls and residual risks: Assess how well existing controls mitigate risks, and identify residual risks inadequately or not touched by current controls.

Once the map is built, staff must maintain it. Then users can rank fraud risks and related analytic techniques for prevention, detection and monitoring, the article noted. Subject experts can consult the database to check for gaps and controls they may have overlooked.

Fraud maps are part of a growing group of risk measurement and management tools focusing on documentation. The U.S. Department of Health and Human Services, for instance, recently released an assessment tool for healthcare providers to document detailed analyses of  information security risks, as FierceHealthIT reported.

For more:
- read the Fraud Intelligence article (after free trial period, subscription required)