FRAUD PREVENTION PROCESS: DEBIT AND CREDIT
CARD TRANSACTIONS AUDIT WORK PROGRAM
PROJECT TEAM (LIST MEMBERS)
Project Timing Date Comments
Planning
Fieldwork
Report Issuance (Local)
Report Issuance (Worldwide)
AUDIT OBJECTIVE
To identify and evaluate the effectiveness of a debit and credit card service provider’s fraud prevention process as
it relates to the X system.
Time Project Work Step Initial Index
Planning Phase
Planning meeting:
• Conduct a meeting with client to discuss and obtain management approval of
scope, approach and timing of audit area.
• Determine the appropriate auditee contact(s).
Prepare and distribute planning memo.
Obtain an understanding of the audit area:
• Obtain and review policies and procedures for the department.
• Research any known best practices for the audit area and incorporate into the
audit work and audit report, if appropriate.
Prepare a preliminary document request list and distribute to auditee contact(s).
Prepare and discuss expectations with team members.
Fieldwork
Conduct opening meetings with process owner to re-establish scope and timing
of the review. Establish a schedule for status meetings and open-communication
protocol. Determine the frequency of the business manager updates.
Obtain the following:
• Organizational chart for the audited department.
1 Source: www.knowledgeleader.com
� Time Project Work Step Initial Index
• Policies and procedures for the fraud department and any other departments
involved in fraud prevention/detection via the X system.
• A report of standard X system settings, including, if possible, a description of
the setting.
• A list of reports generated via the X system or utilized in the monitoring of
fraudulent activities involving debit and credit cards, including, if applicable,
signature-based transactions.
• A copy of the latest report of the fraud department’s key performance
measures.
Gain an understanding of procedures for identifying and monitoring potentially
fraudulent transactions.
Observe and document (via flowcharts) the process for X and manual monitoring
of fraudulent activity. Consider the following as a guide:
• What are the system settings that identify and flag potentially fraudulent
transactions?
• What is flagged? The transaction, the account, or both?
• What happens after a transaction (account) is flagged? Is the client contacted
via phone or letter?
• What is the process for establishing the system settings? Determine if the
debit and credit card service provider is using X to its fullest potential.
• Are system settings credit-union-specific, or are they uniform regardless of the
member credit unions? Determine if system settings are uniform across the
various member credit unions.
• Are X system settings the same, whether or not the transaction involves a
debit or credit card?
• What about PIN and signature-based transactions? Does X monitor both?
• How often are system settings reviewed? Who reviews them? Is there
evidence of review? Determine if review efforts of X are appropriate.
• Does X produce any management reports? If yes, what is done with these
reports?
• Determine if a report is used to monitor PIN and signature-based transactions.
• What information is reviewed in the department to resolve potentially
fraudulent transactions?
• What happens when a transaction (or account) is identified as an actual
fraud? Is the credit union involved in the transaction contacted and/or is law
enforcement notified?
• What manual monitoring of potential fraudulent transactions activities occur in
the department?
• What KPIs are used to measure performance?
• What happens before, during and after hours when identifying fraudulent
transactions?
If settings vary by credit union, select a sample of (Insert Number) client numbers
and obtain their system settings for identifying potentially fraudulent transactions.
2 Source: www.knowledgeleader.com
� Time Project Work Step Initial Index
• Determine if system settings are consistent or varied.
• Determine if system settings are appropriate for the member credit union.
Complete documentation of work papers.
Validate audit findings with the process owner.
Hold regular team status update meetings to discuss progress of the audit.
Communicate any roadblocks preventing completion of fieldwork.
Reporting
Prepare a draft report.
• Ensure that the appropriate auditee reviews the draft and that any action
items have been discussed with the auditee.
Issue a final report.
• Issue a preliminary report to management. At this point, management/the
auditee should agree on the timing of implementing action items identified and
agreed to in the report. Responsibility for implementation should also be
assigned.
• Validate the completeness and accuracy of all audit report content.
3 Source: www.knowledgeleader.com
