The objective of the review was to identify approaches for establishing fraud risk assessment programs and conducting fraud risk assessments within the DoD. The review focused on various DoD activities including procurement, retail, and financial operations.
What We Found
We identified numerous innovative approaches for conducting fraud risk assessments. Of the 33 DoD organizations we interviewed,* 13 were conducting entity-wide risk assessments, 26 were conducting fraud risk assessments when performing audit-related work, 23 were providing fraud awareness training, and 3 were concentrating on internal control evaluations.
DoD entities are encouraged to modify any of the described approaches to suit their specific mission, size, and fraud vulnerabilities. The approaches were developed through research and interviews with 100 subject matter experts representing DoD organizations, academic institutions, private companies, and nonprofit organizations.
Fraud risk assessment approaches developed by the Marine Corps Nonappropriated Funds Audit Service; Army and Air Force Exchange Service, Audit Division; and the Army Audit Agency are highlighted within this report. Additionally, entity-wide fraud risk assessment approaches developed by the DoD Investigative Organizations; Naval Exchange Service Command, Office of Internal Audit; and the Naval Sea Systems Command Office of the Inspector General are also discussed in detail. The report also contains information on auditor and entity-wide fraud risk assessment approaches developed by external DoD organizations.
We used documentation obtained from the subject matter experts to develop example documents included in the report Appendixes. Example documents include audit organization fraud risk assessment policies, financial statement audit fraud interview questionnaire, and an entity-wide fraud risk assessment report. The report also provides information on auditor fraud brainstorming and interviewing techniques and DoD fraud case study examples.
Management Comments and Our Response
We have incorporated draft report comments received from the Commander, Naval Sea Systems Command; Naval Audit Service; Defense Health Agency; Defense Information Systems Agency, Office of the Inspector General; Air Force Office of Special Investigations; and Board of Regents of the University System of Georgia. No further comments are required.