Management conducts a comprehensive fraud risk assessment to identify the various ways that fraud and misconduct can occur, considering:

From these considerations, management makes an informed assessment of specific areas where fraud might exist and the likelihood of their occurrence and potential impact.

David Kates, the chief compliance officer at a global retail operation, annually conducts a fraud risk assessment. In doing so, he interviews management at all the international locations about fraud issues. He analyzes:

With this information, Mr. Kates forms a preliminary view of the potential fraud activities, which he discusses with management of each jurisdiction in order to consider implications and what control activities can reduce the risk of fraud. He also has discussions with human resources personnel and reviews information in the staff files. He uses his historical knowledge and staff information to assess the attitude of the local management toward the tolerance of fraud and to determine whether local management may rationalize fraudulent activities, including corruption.

After completing his fraud risk assessment, Mr. Kates submits a report to the audit committee for its consideration in management oversight.

In identifying and evaluating the presence of entity-wide controls that address fraud, management considers how individuals might circumvent or override controls intended to prevent or detect fraud. Entity personnel, including management, may intentionally override in a number of ways, which may include:

The audit committee of Marker's Medical Supply Company takes the issue of management override of controls very seriously. Consequently, every quarter the committee reviews the fraud risk assessment process. In doing so, the members of the audit committee:

In addition, the audit committee asks the chief audit executive about:

With this information in hand, the audit committee discusses with the full board and senior management any concerns that need added management focus.

The chief audit executive incorporates results of the fraud risk assessment into the internal audit plan. He or she reviews and confirms that the internal audit plan addresses relevant risks.

Divisional controllers at Maxwell's, a 24,000-employee consumer products company with locations in several countries, work with business unit leaders to identify and assess potential fraud risks. These risks are prioritized and categorized into various components, including risks of inventory theft, manipulation of data and bias in the development of accounting estimates, and other potential means of overriding controls. Internal audit reviews the resulting fraud risks and provides its point of view. In addition, the company meets with its external auditor to discuss the fraud risks to determine if there are others that should be under consideration. Business unit management plans responses and then selects and develops controls to mitigate these fraud risks. ^{fn 15}

Management considers how personnel may rationalize behavior regarding evaluations, compensation, or employment. The board and management review the entity's compensation programs and performance evaluation process to identify potential incentives and pressures for employees to commit fraud. This review considers how meeting, or not meeting, financial reporting targets potentially impacts an individual's evaluation, compensation, and continued employment.

The compensation committee of the board of directors of Schmidt Auto, a global automotive supplier, annually reviews the executive officer compensation packages with the audit committee, chairperson, and chief auditor. To determine the incentives to management, the following items are discussed:

After these discussions for Schmidt Auto's last fiscal year, the board determined that the CFO's incentive compensation, 80% of which was based on the current year's net revenue, was too high and focused too much on the short term. The compensation committee subsequently reduced the incentive compensation, with 40% derived from current year's net revenue.