Recording fraud risk in risk registers

Keen to hear how, if at all, other authorities record fraud risk in corporate risk registers?

I''m minded to think a logical way forward is to have a ''catch all'' one-line entry for "Fraud against the Council" which pulls together risks authority-wide and captures as mitigating actions everything being done to manage the risk, e.g. risk assessments, e-learning, NFI, targeted internal audits, zero tolerance, loss recovery strategies etc.

We don''t take this ''catch all'' approach at present, and whilst individual risks in the risk register may have fraud aspects to them, these are seldom recorded as such.
  • I am just starting to implement risk registers within our authority and am trialling having a suite of registers including service risk, information risk, fraud risk and health & safety risks within each service area. Once approved at directorate level, the registers will be reviewed quarterly at the Governance Board and any risks identified that may affect the authority at corporate level are escalated to the management board for inclusion on the corporate risk register.