Presented by Ed Williamson and Erica Bailey

Transcription

1 Presented by Ed Williamson and Erica Bailey

2 Internal Controls & Fraud Detection

3 Objectives Background on internal controls Review of organizational and functional level controls Fraud prevention and risk assessment 3

4 What Fraud Is Occupational Fraud defined by the Association of Certified Fraud Examiners: The use of one s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization s resources or assets. Encompasses a wide range of misconduct by employees, managers, and executives. 4

5 What Fraud Is Occupational Fraud Schemes Dissected All occupational fraud schemes have four key elements in common: Is clandestine Violates the perpetrator s fiduciary duties to the victim organization Is committed for the purpose of direct or indirect financial benefit to the perpetrator Costs the employing organization assets, revenue, or reserves 5

6 What Fraud Is Methodologies There are 3 major categories of occupational fraud: Asset misappropriations Corruption Fraudulent statements 6

7 What Fraud Is Asset misappropriations Theft or misuse of an organization s assets. Examples: Skimming revenues Stealing inventory Payroll fraud 7

8 What Fraud Is Corruption Perpetrators wrongful misuse of their influence in a business transaction in order to procure some benefit for themselves or another person, contrary to their duty to their employer or the rights of another Examples: Accepting kickbacks Engaging in conflicts of interest 8

9 What Fraud Is Fraudulent statements Falsification of an organization s financial statements. Examples: Overstating revenues Understating liabilities or expenses 9

10 10

11 11

12 The Fraud Triangle All 3 elements are necessary for fraud to occur. Incentive Opportunity Rationalization 12

13 Breaking the Fraud Triangle There are 3 ways to break the fraud triangle: Create an ethical environment Reduce employees opportunities to commit fraud Monitor pressures on employees to commit fraud, and develop appropriate responses 13

14 Breaking the Fraud Triangle Reducing employees opportunities to commit fraud There are controls that an organization can implement which reduce an employee s ability to commit fraud Require job rotation and mandatory vacations Institute surveillance techniques Prepare monthly financial statements timely Implement an employee hotline STRENGTHEN INTERNAL CONTROLS 14

15 How do weaknesses vary by scheme? 15

16 Why Focus on Internal Controls Safeguarding of assets. Outsiders interest. Independent auditor s audit approach. Required by Regulations and law. 16

17 Proper Segregation of Duties Authorization Custody Recording 17

18 COSO Report Defines internal controls Components of internal controls Evaluate internal controls 18

19 COSO Report Defines internal control as a process, effected by an entity s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives 19

20 Components of Internal Control Control Environment Risk Assessment Control Activities Information and Communication Monitoring Activities 20

21 Control Environment Integrity and ethical values Commitment to competence Attention and direction provided by an audit committee Management s philosophy and operating style Organizational structure Manner of assigning authority and responsibility Human resource policies and procedures 21

22 Creating an Ethical Environment Integrity testing Investigating new hires Performing drug testing Bonding employees Prosecuting perpetrators Implementing a code of conduct Ethics hotlines 22

23 Code of Conduct Conflicts of interest Compliance with laws, rules, and regulations Describe inappropriate behavior Reporting mechanism for violations of the code Responsibility to follow the code and consequences for violations 23

24 Risk Assessment Risk identification Risk analysis Managing Change Link internal controls to risk Testing 24

25 Risk Identification External risk factors Technology Competition Regulatory Internal risk factors Computer system Personnel Change in management 25

26 Control Activities Actions taken by management to prevent or mitigate the misuse of a company s asset Approval Verifications Reconciliations Segregation of duties Reperformance Physical security 26

27 Information and Communication Internal Communications Downstream How the internal controls work Employee s responsibility Upstream Employee may be aware of a misstatement Change in process 27

28 Information and Communication (cont) Internal Communications (cont) Methods Policy manual Memoranda Letters Oral communication Use of technology 28

29 Information and Communication (cont) External communications Suppliers Vendors Independent auditors Regulators Members 29

30 Monitoring Normal management activities Communications from third parties Supervisory activities Reconciliations and comparisons to physical assets Communications from independent auditors 30

31 Developing Internal Controls Wrap Up Strong internal controls are the greatest fraud deterrent Fraud is too costly to ignore An organization must implement or strengthen a fraud prevention and detection program 31

32 Developing Internal Controls 32

33 Fraud Prevention Detecting and Preventing Fraud Areas to examine 1. Fraud risk oversight Do you have a process in place? 2. Fraud risk ownership Who is held responsible? 3. Fraud risk assessment Do you regularly identify areas of risk? 33

34 Fraud Prevention Detecting and Preventing Fraud Areas to examine continued 4. Fraud risk tolerance and risk management policy What is your tolerance for different types of fraud? How do you manage your risk? 5. Process level anti-fraud controls/re-engineering What steps have you taken to reduce your identified risks? 34

35 Fraud Prevention Detecting and Preventing Fraud Areas to examine continued 6. Environment level anti-fraud controls How does your workplace promote ethical behavior? 7. Proactive fraud detection How do you check to see if fraud is taking place? 35

36 Fraud Risk Assessment Risk identification Risk analysis Managing Change Link internal controls to risk Monitoring & Testing 36

37 Risk Identification External risk factors Technology Competition Regulatory Internal risk factors Computer system Personnel Change in management 37

38 Risk Analysis Consider the probability of the risk Remote: the chance of occurring is slight More than remote: the chance of occurring is more than remote but less than likely Probable: the chance of occurring is likely to occur 38

39 Risk Analysis (cont) Estimate the significance of the risk Inconsequential: a misstatement that a reasonable person, after considering the possibility of further undetected misstatements would find to clearly be immaterial to the financial statements. More than inconsequential: if a reasonable person could not reach such a conclusion regarding a particular misstatement Material: if a reasonable person would consider it important 39

40 Risk Analysis (cont) 40

41 Asset misappropriation schemes 41

42 Fraud Prevention Detecting and Preventing Fraud ACFE Check up Fraud is now so common that its occurrence is no longer remarkable, only its scale Any organization that fails to protect itself appropriately from fraud should expect to become a victim of fraud. Or should expect to discover that it is already a victim of fraud The only passing grade on the check up is a 100. Even if an organization scores an 80, it may be exposed to major fraud 42

43 Fraud Prevention Detecting and Preventing Fraud Before you take the Check-up: Don t take the test if you plan to ignore the results Let your organization s legal advisor know that you plan to take the test Don t take it alone! Collaborate with an independent, objective fraud specialist 43

44 Resources PricewaterhouseCoopers white paper Key Elements of Antifraud Programs and Controls PPC Guide to Internal Control and Fraud Prevention The ACFE Report to the Nations 2018 The COSO Report 44

45