Developing a Fraud Audit Plan. Glenn E. Sumners

Transcription

1 Developing a Fraud Audit Plan Glenn E. Sumners

2 Board Reporting CEO Audit Committee Functional Primary Report Audit Plan Overview of Administrative Executive Summary Charter Internal Audit CAE Charter Proactive Review Administrative Resources Office Space Budget Training Travel Staffing Performance Evaluation Promotions Hiring - Termination

3 Audit Planning Add-Value Corporate Governance Risks Controls Assurance Consulting Plan Triple Bottom Line - Environmental - Social - Economic Organization

4 Corporate Governance, Risk and Controls Organization A Risks R R Controls C C AAA COSO Risk Objectives Strategic Operations Compliance Financial R C COSO Components Control Environment Monitoring Information & Communication Risk Control Activities Question: What is the solution?

5 Fraud Risk - Controls Opportunity Controls Oversight monitoring Expected Value Lower Opportunity Safeguard Assets Segregation of Duties Limit exposure Raise Risk Monitor Audit Internal Controls Fraud specific Design Testing Risk Getting caught Penalty Sarbanes-Oxley Impact

6 Fraud Issues and Risk Beneficial Detrimental In CEO In Out CFO Organization Frequency Materiality Risk Reputation Risk Legal Risk Controls Oversight Petty Cash

7 Fraud Tools Computer Assisted Audit Techniques Generalized Audit Software Query Software Continuous Auditing Benford s Law Discovery Sampling Analytics Vertical Analysis Horizontal Analysis

8 Compliance Perception Model (Crossing the Rubicon) Spirit Law CEO Slope Perception I walk the line. Johnny Cash Internal Audit View Attorney View Grey Area Letter Law I keep my eyes wide open all the time. Never Never Land Wayback Machine Illusion Violate Spirit Time Violate Letter Look not where you fell, but where you slipped. (African Proverb)

9 Mr. Peabody This time Sherman we re going Way Back Note: If there is no way back, we must focus on prevention and early detection. What people don t realize is that fraud is always a means to an end, never an end in itself. There is always a rationalization: I m going to do this now, and it s tough, but next week we re gonna get some big carpet-cleaning jobs, whatever, and we re gonna make it back, pay everyone back, nobody s gonna be hurt and that will be the cure. Barry Minkow

10 Audit Plan Develop the audit plan assuming that the audit committee is the primary customer. Consider input from Senior Management and Operating Management. Reporting relationship is critical (functional and administrative). Final sign-off should be the responsibility of the audit committee. This relationship should be delineated in the Charter.

11 Audits Entity Process Unit Aggregate Questions: Who is the customer? What do they want? Advantages and Disadvantages Reporting Issues Role of Internal Audit Corporate Governance Risks Controls Add Value

12 Audit Approach (Risks, Controls, Governance, Fraud) Audit Approach Entity Audits Aggregate Audits Process Audits Unit Audits Controls Control Environment - Governance Control Criteria - COSO - SOX Management Controls (POSDM) - Processes Controls Activities - Transactions

13 Engagement Planning for Aggregate Reporting Control Activities Control Environment Risk Analysis Specific Audit Issues Monitoring Information and Communication

14 Engagement Planning Control Environment Sarbanes- Oxley Monitoring Specific Audit Issues Risks Fraud Controls Controls Facilitates aggregation process

15 COSO Audits (Entity, Aggregate, Process, Unit) Beneficial Fraud Detrimental Fraud Control Environment Information & Communication Monitoring Risk Assessment Control Activities

16 COSO - Control Components Entity Aggregate Process Unit Control Environment Risk Control Activities Monitoring Information & Communication

17 Corporate Governance Accounting Illusions 1. Big bath charges 2. Creative acquisition accounting 3. Cookie jar reserves 4. Materiality 5. Revenue recognition Arthur Levitt, Chairman, SEC

18 Review Audit Plan Audit Committee Best Practices Mandatory Audits - Entity Employee Survey ERM Conflict of Interest Complaint Process Executive Expense Report Analytical Audit Ethics Audit Accruals Change Reserves Transformation Transactions Top-side Closing Security

19 Mandatory Audits Conflict of Interest Statement Management process Design All-inclusiveness Dissemination Collection Disposition Report to Audit Committee Executive Expense Report Approval process Interface Benefits Reports to Audit Committee

20 Mandatory Audits Communication Process Management Hotline Organized Design Managed internally Outsourced Compliance Disposition Report to Audit Committee Management Risk Process High audit priority Report to Audit Committee

21 Mandatory Audits Annual Employee Survey Managed Issues surveyed Response process Reporting process Other Audits Reserve Audit Revenue Recognition Transformation Transactions IT Security Security

22 Question What are the five primary reasons controls fail?

23 Internal Control - Failures What are the five primary reasons controls fail? 1. Lack of integrity 2. Weak control environment 3. Inconsistent objectives 4. Poor communication 5. Inability to understand and react to changing conditions Internal Control Integrated Framework

24 Enron Corporation VISION Enron will be the first natural gas major; the most innovative and reliable provider of clean energy worldwide for a better environment. VALUES Your Personal Best Makes Enron Best Achieve your personal best. Individuals matter. Enron will help you reach your personal best. Honesty and integrity at all times. Enron rewards individuals and teamwork performances

25

26 Enron Corporation Communicate Facts are Friendly Tell it the way it is. Trust and openness. Ideas are a good thing to share. When in doubt, ask. Better, Faster, Simpler Do we need to do it at all? Do it right, do it now. If you are not sure who is supposed to do it, do it. Innovate. Take risks. Simplify, simplify, simplify Excess paper kills. Don t be satisfied with the way it has always been done.