Hello,After nearly 8 years of cyclical monitoring, we are thinking about changing the way we are coming at internal controls monitoring. Much of our monitoring was in response to internal control issues at best, or internal fraud at worst, and we are looking at potentially changing this to focus more on the independent team member's risk. Some of the factors would be their position (and potential ability to affect fraud) as well as some high level activity reviews (NSF activity, casino ATM pattern activity, etc) but I'd like to identify some other factors that may help emperically identify these team members without having to crunch huge amounts of data. Does anyone else do this, either for internal controls monitoring or as part of their annual risk assessment? If you do, would you mind sharing some of the factors you use? I realize it's an extremely novel approach, and I have Dana Turner's 'internal Fraudster' training materials as a possible guide, I was just looking for some factors that would be less subjective.Any help would be awesome.
