The organization maintains a highly mature fraud risk control environment. Fraud-prevention and fraud-detection controls are consistently present, enforced, and supported by effective oversight. The environment provides a high level of protection against fraud and supports the timely identification of irregular activity through routine governance and monitoring processes.

Fraud risk vulnerability controls are strongly established across major risk areas. While isolated vulnerabilities may exist, the overall environment remains resistant to fraud and supports timely detection through consistent oversight, review, and accountability practices.

Fraud risk vulnerability controls are present in most key areas, though there are limited vulnerabilities. These conditions can create opportunities for fraud and may delay detection if weaknesses are exploited.

Fraud risk vulnerability controls exist, but may be unevenly applied or inconsistently enforced. Certain gaps or dependencies increase exposure and may allow fraud risks to persist undetected for longer periods.

Fraud exposure is increased across multiple areas. The environment may allow fraud risks to emerge and may not consistently identify those risks through ordinary oversight, monitoring, or review activities.

Fraud exposure exists across several areas. The environment may not reliably prevent inappropriate activity or detect it in a timely manner through routine processes, increasing the likelihood that fraud risks could persist undetected without targeted intervention.

Fraud exposure is widespread, and protection is unreliable. Normal oversight and monitoring processes may be insufficient to identify emerging fraud risks early, increasing the likelihood of prolonged undetected activity and repeat occurrences.

Fraud exposure is pervasive, and internal detection is unlikely through ordinary processes. Fraud risks may persist undetected for extended periods unless immediate corrective actions or external attention occur.

Fraud exposure is exceptionally high, and internal detection is unlikely. The environment is prone to sustained, undetected fraud risks and rapid loss escalation absent immediate stabilization and sustained corrective intervention.

Integrity Protection Classification ratings support governance, risk management, insurance underwriting, and remediation planning. An Integrity Protection Classification rating reflects fraud risk vulnerability at a point in time and does not constitute a determination that fraud has occurred.

​​​​​​

Categories

An Integrity Protection Classification (IPC) rating is based on a proprietary analytical framework that covers fraud risk vulnerabilities across seven key categories, with each category accounting for a percentage of an organization's total possible score. ​​​​

​

• Category 1 – Governance & Oversight: 10%

• Category 2 – Financial Controls: 15%

• Category 3 – Procurement & Inventory Management: 25%

• Category 4 – Payroll & Human Resources: 20%

• Category 5 – Cybersecurity & Data Protection: 15%

• Category 6 – Fraud Detection, Response & Investigations: 7.5%

• Category 7 – Culture, Ethics & Training: 7.5%

                                                  Total: 100%