I am an information security auditor by trade and I am constantly looking at the information security program at many types of organizations. The primary framework that I test against in my audits is the American Institute of Certified Public Accountants $($AICPA$)\text{'}$s SOC$2($Service Organization Controls$)$ Type $2$ framework. One of the most overlooked risk categories I find is the risk of Fraud. What do you think constitutes a risk of fraud?