Skip to Content

Engagement Planning: Assessing Fraud Risks

Recommended The IIA Nov 15, 2017

Considering the Probability of Fraud

PG-Engagement-Planning-Assessing-Fraud-Risks-Cover.pngThe internal audit activity is responsible for assessing the organization’s risk management processes and their effectiveness, including the evaluation of fraud risks and how they are managed by the organization (2120.A2). However, assessing the potential for the occurrence of fraud when planning each engagement is just as important because new fraud risks can arise at any time. Therefore, internal auditors must consider the probability of fraud when they develop the objectives of each engagement (Standard 2210.A2).

To ensure adequate review of the risks relevant to each engagement, internal auditors should conduct a fraud risk assessment as part of engagement planning (Standard 2210.A1). This practice guide describes the characteristics of fraud and the process of identifying and assessing fraud risks when planning individual audit engagements.

It outlines the process of incorporating a fraud risk assessment into engagement planning, including how to:

  • Gather information.
  • Brainstorm fraud scenarios.
  • Identify fraud risks and rate their significance.
  • Determine which fraud risks should be evaluated further during the engagement.

Engagement Planning: Assessing Fraud Risks is a practical tool to help internal auditors plan an audit engagement in conformance with Standards 2210.A1 and 2210.A2. It provides a brief overview of the characteristics of fraud, followed by a description of how to assess fraud risks and incorporate the information into an engagement. Access the new supplemental guidance now.


The Institute of Internal Auditors