What’s driving higher compliance risk for healthcare organizations right now?

Increased federal efforts to detect fraud, waste, and abuse are amplifying Medicare audits and regulatory demands. rnPYA

What issues did PYA experts address in the Healthcare Risk Management interview?

Goals to reduce waste in Medicare, expected growth in whistleblowing, 340B compliance risk, and third-party vendor cybersecurity.

Are Medicare Advantage plans seeing heightened audit focus?

Yes—auditor hiring is expanding to scrutinize MA plans to ensure appropriate reimbursement. rnPYA

How might increased detection efforts affect whistleblowing?

Emphasis on identifying fraud and abuse is expected to encourage more whistleblowers to come forward.

What is PYA’s recommendation for 340B program oversight?

Implement comprehensive 340B auditing and monitoring programs as audits increase.

Why do third-party vendors increase compliance and cybersecurity risk?

Greater use of telehealth, cloud providers, and device manufacturers introduces additional compliance and security challenges. rnPYA

How does PYA support organizations responding to changing risk?

PYA’s Compliance, Revenue Cycle Advisory, and Technology & Cybersecurity teams help develop strategies to operate in compliance. rnPYA

Fraud Risk Assessments: A Proactive Tool to Build Fraud Resilience

March 26, 2026March 26, 2026

PYA Insights

Executive Contacts

Andrew Sizemore

Jessica Scouten

Mike Shamblin

Why Fraud Risk Assessments are Important for Fraud Prevention

According to insights shared by the Association of Certified Fraud Examiners (ACFE) in December 2025, financial institutions and healthcare ranked as the two industries most impacted by fraud during the year. This trend raises a critical question for organizations: How can you proactively safeguard against fraud?

While forensic investigations help uncover past incidents, a Fraud Risk Assessment (FRA) offers a forward-looking approach—identifying vulnerabilities before they become costly problems.

Enterprise vs. Fraud Risk Assessments: Key Differences in Risk Management

An Enterprise Risk Assessment takes a broad view of organizational risks, spanning operational, strategic, and compliance areas. In contrast, a Fraud Risk Assessment zeroes in on fraud-specific threats and evaluates whether controls effectively reduce these risks to an acceptable level within the organization’s risk tolerance. While they may overlap, each assessment serves a distinct purpose—and both are considered best practices across industries.

Scope of a Fraud Risk Assessment: Common Fraud Schemes and Internal Controls

A comprehensive FRA should address schemes within the three primary categories of occupational fraud: corruption, asset misappropriation, and financial statement fraud. Common FRA focus areas include

Physical controls
Skimming and cash larceny schemes
Check tampering and cash register fraud
Purchasing, billing, payroll, and expense schemes
Theft of inventory, equipment, or proprietary information
Conflicts of interest and corruption
Fraudulent financial reporting

Fraud Risk Assessment Process: Steps to Strengthen Your Organization

Key steps in a Fraud Risk Assessment include

Plan the Assessment – Define scope, assign qualified personnel, and engage key stakeholders to champion the process internally.
Gather Risk Information – Review existing documentation and conduct interviews or surveys with operational staff to identify fraud risks specific to your organization.
Assess Likelihood and Impact – Evaluate each risk for probability and potential impact (financial, reputational, operational). Map existing controls to these risks.
Identify Gaps and Develop Responses – Highlight weaknesses in control coverage and create actionable plans to reduce residual risk to acceptable levels.
Report Findings – Summarize results with clear visuals and insights for leadership, enabling informed decision-making and prioritization.

Building Resilience Against Fraud

Fraud Risk Assessments are not just a compliance exercise—they are a strategic tool for protecting organizational integrity and financial health. By proactively identifying vulnerabilities and strengthening controls, organizations can significantly reduce exposure to fraud and build resilience in an increasingly complex risk environment.

Organizations should consider a Fraud Risk Assessment during times of significant change or heightened risk, such as mergers or acquisitions, rapid growth, leadership transitions, new systems implementation, or recent fraud incidents. Regulatory requirements and industry trends can also signal the need for proactive evaluation.

A Fraud Risk Assessment is especially relevant for organizations with characteristics that amplify fraud risk, including high transaction volumes, decentralized operations, complex vendor or supply chain relationships, or those handling sensitive data and intellectual property. Conducting an assessment in these situations helps identify vulnerabilities and strengthen controls before issues arise, building resilience against fraud.

Contact PYA for Expert Fraud Risk Assessment Services

PYA’s experienced professionals help organizations design and implement effective Fraud Risk Assessments tailored to their unique risks and industry requirements. Our team combines deep expertise in fraud prevention, internal controls, and risk management to deliver actionable insights that protect your organization’s financial health and reputation. Contact us today to learn how PYA can help you proactively mitigate fraud risks and strengthen your control environment.