Who is Responsible for Fraud Assessments?

In the context of the construction bond program, there are two audit risk assessments.  Both involve identifying and quantifying risks, evaluating the responses to these risks, monitoring and reporting risks, and reporting risks.

Each district should perform its fraud risk assessment internally to look for weaknesses and where improvements are required and results reported.  This should be an ongoing, never-ending process.

Auditors perform their own fraud risk assessments separate from the entity’s internal fraud risk assessment.  Auditors may, where appropriate, incorporate the entity’s internal fraud risk assessment while conducting their own, but are required to perform sufficient work of their own to ensure that the entity’s work can be relied upon.  While part of the work of the auditor is to identify such risks and bring them to the attention of the entity being audited so that these weaknesses can be addressed, the auditors also use their audit risk assessment to indicate which specific areas of the audit require additional attention, such as increasing the number of transactions tested to gain a sufficient level of confidence that the reported outcomes are reasonable.

CBOCs should consider if they want to have an audit risk assessment, together with a review of the school construction program and project control systems and internal control reviews, performed and reported to the CBOC to provide a foundation for the CBOC, and other stakeholders, to be able to rely upon reports rendered to the CBOC by the district and its facilities department.