The Sarbanes-Oxley Act (SOX) of 2002 requires public companies to evaluate the sufficiency of controls in place to prevent and detect fraud within the organization, among other things. Specific to fraud, Section 404 of SOX requires that each company have a documented ongoing process to identify, assess and evaluate fraud risks related to internal control over financial reporting (“fraud risks”).

This sample fraud risk assessment report provides an overview of the process a company undertook to satisfy the requirements of SOX Section 404 related to the consideration and evaluation of fraud risk as it pertains to internal control over financial reporting.