The most commonly applied model for designing and auditing internal

Transcription

1 Fair Value Accounting Fraud: New Global Risks and Detection Techniques By Gerard M. Zack Copyright 2009 by Gerard M. Zack Appendix C Internal Controls over Fair Value Accounting Applications The most commonly applied model for designing and auditing internal controls was developed by the Committee of Sponsoring Organizations (COSO). The COSO model involves five interrelated components of internal control. The components can be considered broadly, such as on an entitywide basis. But they can also be considered in relation to specific aspects of an entity s operations, such as by function (e.g., human resources, information technology, etc.), by location, or by accounting cycle (e.g., payroll, purchasing, cash receipts, inventory, etc.). There are several goals of internal controls. The goal addressed in this book is the reliability of financial reporting, specifically as it relates to the application of fair value accounting concepts. Examples of internal control factors relevant to fair value accounting in each of the five components of the COSO model are presented in this appendix. Control Environment The control environment represents the overall control consciousness of an organization. The expression tone at the top is sometimes used in reference to certain important elements of the control environment. The control environment establishes a structure and theme for other elements of internal control. Specific control environment factors include the following: The philosophy and operating style of management and the board of directors does not involve excessive risk-taking and aggressive financial reporting positions. A code of conduct is established that clearly includes financial statement fraud and accounting improprieties among the acts considered to be violations subject to disciplinary action. 237

2 238 Appendix C A trusted whistleblower system is put in place, whereby employees would feel comfortable in reporting violations of the code of conduct without fear of retaliation. A board of directors, audit committee, and finance committee that is independent from management, are empowered with the tools necessary to discharge their duties, and properly engaged in and committed to fulfilling their oversight roles. Management s commitment to ethics and integrity in the workplace is evidenced by both direct communication with employees, emphasizing the importance of ethics, as well as the setting of an example of ethical behavior. Management s respect for the functions of internal auditors and those charged with the responsibilities of determining fair values is clear. There is a clear assignment of job duties and establishment of organizational structure. Human resources policies and practices include proper background screening of employees involved in all key accounting and financial functions, especially those involving fair value. There is a commitment to ongoing training for all employees involved in fair value accounting applications to ensure a high level of technical competence. Risk Assessment Risk assessment is the process of identifying and assessing relevant risks to the achievement of an entity s objectives. As it relates to fair value, factors involved in risk assessment include the following: Responsibilities are properly assigned for the identification and assessment of risks involving fair value accounting. Applications of fair value accounting in the financial statements are identified and assessed. External factors impacting fair value measurements, such as declines in quoted prices from relevant markets, introduction of new competitors or new products of competitors, and changes in technology, are identified and assessed. Changes in laws, regulations, or accounting standards that could impact fair value accounting or its applications are identified and assessed. Risks associated with the introduction of new personnel, including outside contractors, or information systems that affect fair value accounting applications are identified and assessed.

3 Appendix C 239 Control Activities Control activities are the policies and procedures applied to carry out the specific functions of an organization. This is the element of internal control that most people think of when they are asked about internal controls. Specific factors involving control activities include the following: There is proper segregation of duties such as the separation of functions involving the determination of fair value, the recording of fair value adjustments, and the review of financial statements. Controls are designed to make sure that management cannot override established controls. Procedures are in place to implement new laws, regulations, and accounting standards with fair value accounting implications. Procedures are in place to review significant new transactions (such as business acquisitions and mergers, joint ventures, and so on) for fair value accounting implications. Proper supporting documentation is required for all accounting entries, especially all journal entries involving adjustments to fair value accounts. There is periodic review of nonfinancial assets for signs of impairment. There is review and approval of the selections of methods used in the determination of fair value, as well as the application of those methods. Information technology hardware and software controls are designed to prevent unauthorized access to all systems with fair value accounting implications and leave an appropriate audit trail. There is due diligence in the selection and monitoring of outside consultants and vendors used to determine fair values (e.g., researching credentials, training, and relevant experience of third-party valuation specialists). The independence of third-party valuation specialists used by the entity is verified. Information and Communication Information and communication consist of the processes and records utilized to record and report transactions and to maintain accountability over assets and liabilities of an entity. Examples of elements of information and communication include the following: Proper supporting documentation is retained for all transactions and journal entries involving fair value accounting issues.

4 240 Appendix C Accurate and timely information is available to those who need it in making determinations regarding fair value issues (e.g., information regarding asset impairments, changes in market conditions, etc.). There are appropriate levels of interaction between management, staff, and outside parties in connection with fair value issues and determinations. Fair value accounting issues and treatment are properly disclosed and explained to the finance committee, audit committee, and/or board of directors. Adequate resources are provided for the thorough researching of fair value comparisons and fair value inputs to provide for a sound basis for making fair value measurements. Adequate channels of communication (e.g., hotlines, etc.) are provided for the reporting of allegations of accounting improprieties, such as fair value accounting fraud, by whistleblowers. Employees are properly informed regarding the information they are requested to provide to those in charge of fair value measurements and impairments. Accounting system provides for the proper collection and reporting of information needed to comply with fair value accounting standards, including all information necessary for disclosure in the notes to the financial statements. Proper record retention and destruction policies and practices are in place. Monitoring Monitoring represents the process of assessing the quality of internal controls over time. Monitoring assesses both the design and the operation of internal controls. Elements of monitoring may include the following: There are ongoing account reconciliations and reviews of reconciliations. Financial results are compared with the budget on a regular basis and variances are investigated. Financial performance is benchmarked against entities with similar operations. An internal audit function assesses the performance of internal controls over fair value accounting applications. There is proper ongoing communication with the entity s external auditors.

5 Appendix C 241 Periodic special studies of internal controls are performed in the area of fair value accounting applications. Periodic special audits of procurement involve the selection of vendors used in fair value accounting applications. There are periodic special audits of IT security relevant to fair value accounting applications. Performance of third parties that are relied on for the determination of fair value is monitored.