A fraud risk assessment is an essential element of an organization’s fight against fraud. Leveraging guidelines in the 2013 Framework, development of the fraud risk assessment often begins by identifying business and financial processes to be included in its scope. From there, various ways that fraud and misconduct can occur by and against the organization are identified, including potential schemes to circumvent existing internal controls or for management to override controls. At this point, though, the risks identified are purely heuristic—or based on what an organization’s professionals think could occur, those fraud risks that have occurred, and schemes and risks that may be developed and included based upon industry.