Knowledge Alert. Emerging Trends in Fraud Risks

Size: px
Start display at page:

Download "Knowledge Alert. Emerging Trends in Fraud Risks"

Transcription

1 Knowledge Alert Emerging Trends in Fraud Risks January 2010 i

2 Disclaimer Copyright 2010 by The Institute of Internal Auditors (IIA) located at 247 Maitland Avenue, Altamonte Springs, FL 32701, U.S.A. All rights reserved. Published in the United States of America. Except for the purposes intended by this publication, readers of this document may not reproduce, redistribute, display, rent, lend, resell, commercially exploit, or adapt the statistical and other data contained herein without the permission of The IIA. The information included in this document is general in nature and is not intended to address any particular individual, internal audit activity, or organization. The objective of this document is to share tools, resources, information, and/or other knowledge that is accurate, unbiased, and timely. However, based on the date of issuance and changing environments, no individual, internal audit activity, or organization should act on the information provided in this document without appropriate consultation or examination. ii

3 Table of Contents Executive Summary... 1 Leading Internal Audit Practices Pertaining to Fraud Management... 2 Fraudulent Activities Have Been on the Rise Since Employee-related Fraud Has Had a Major Impact in Organizations... 6 Assurance and Consulting Activities Are a Source of Added Value... 8 Fraud Risks Management Programs Are Becoming a Higher Priority Leading Practices Appendix A: List of 20 Questions Appendix B: List of Key Fraud Management Oversight Functions iii

4 Executive Summary Fraud negatively impacts organizations in ways that extend far beyond financial losses. According to the latest IIA Practice Guide, Internal Auditing and Fraud, the full cost of fraud is immeasurable in terms of time, productivity, and reputation. Consequently, it is important for organizations to have a strong fraud program that includes awareness, prevention, and detection activities, as well as a fraud risk assessment process to identify fraud risks within the organization. 1 To identify emerging trends in fraud risks, The IIA distributed a survey asking members to describe the state of internal audit efforts pertaining to fraud risk and their opinions on current and emerging fraud trends. 2 As expected, the survey found that the majority of Snapshot of Survey Results This Knowledge Alert discusses the following four key results, as revealed by a recent Flash survey of 293 CAEs and internal audit directors and managers working in different industry groups: 1. There has been a significant increase of fraud occurrences since the onset of the economic crisis in Employee-related fraud has had a major impact in organizations. While theft of company property and resources was the most common fraud noted, employeerelated frauds and fraud related to third parties and vendors were significant. In addition, theft of company information and data may be an area of growing exposure. 3. Internal auditing can add value to the organization s fraud risk management efforts through its assurance and consulting activities. 4. Programs in companies to manage fraud risks are becoming a higher priority. respondents (76 percent) work in organizations where there is a program designed to manage fraud risks. These programs are either formal (34 percent) or informal (42 percent). The top three components included in the program include policies addressing the reporting of suspected frauds, procedures for reporting suspected frauds, and processes designed to detect fraud (refer to Table 1 for a summary of all responses). Additionally, 61 percent of respondents stated that the fraud management programs are integrated with another program, including ethics and compliance, risk management, and governance. 1 Internal Auditing and Fraud (December 2009; PDF, 1.84 MB), pg. 2 2 Emerging Trends in Fraud Risk (December 2009); a total of 3,776 IIA members were invited to participate in the survey of which 293 chief audit executives (CAEs) and internal audit directors and managers responded, representing an 8 percent response rate. Of these respondents, the majority work in organizations with annual revenues of US $500 million or more (64 percent) and internal audit activities consisting of 3 6 internal auditors (40 percent). The top industries represented in the survey are financial services/banking/real estate (51 percent), manufacturing (12 percent), and health services (9 percent). 1

5 Table 1. Fraud Management Program Elements Program Element Percentage Policies addressing the reporting of suspected frauds 89% Procedures for reporting suspected frauds 87% Procedures designed to detect fraud 66% Corporate or board-level policies designed to prevent fraud 63% Business unit procedures designed to prevent fraud 62% Policies addressing responsibilities for fraud investigations 58% Procedures to be followed in fraud investigations 53% Procedures on conducting fraud risk assessments 34% Policies requiring a periodic fraud risk assessment 33% Policies outlining fraud detection activities 27% The survey also highlighted four key findings that describe the overall state of fraud risk activities and emerging trends in the area: 1. There has been a significant increase of fraud occurrences since the onset of the economic crisis in Employee-related fraud has had a major impact in organizations. While theft of company property and resources was the most common fraud noted, embezzlement and expense-account fraud, when combined, point to an even greater prevalence in employee-related fraud. In addition, fraud related to third parties and vendors as well as theft of company information and data may be areas of growing exposure. 3. Internal auditing can add value to the organization s fraud risk management efforts through its assurance and consulting activities. 4. Programs in companies to manage fraud risks are becoming a higher priority. In particular, these programs are receiving more attention and starting to become more effective. Leading Internal Audit Practices Pertaining to Fraud Management An effective internal audit activity can help organizations address fraud. Although management and the board are ultimately responsible for fraud deterrence, internal auditors can assist management by determining whether the organization has adequate internal controls and fosters an adequate control environment. 3 Leading practices identified in the survey pertaining to the role of internal auditors in fraud management are: 3 Internal Auditing and Fraud (December 2009), pg. 2 2

6 Increase fraud awareness, communication, and training throughout the organization. Review systems in place and their corresponding policies, procedures, and controls. Perform regularly scheduled audits that monitor key, high-risk areas. Review/audit specific financial activities. Implement a continuous audit process. Perform risk assessments and risk-based audits. Increase the level of coordination and cooperation with internal and external groups and other programs. Increase fraud awareness, communication, and training with executive, senior and business line managers. Conduct or assist in fraud investigations. Perform data analysis and mining. In addition, the survey unveiled eight leading practices organizations can implement to ensure the effectiveness of their fraud management program or effort: 1. Implement a well-publicized fraud management program that has a dedicated role for monitoring compliance with program policies and procedures and is commensurate with the organization s business model. 2. Ensure the effectiveness of established controls or control processes. 3. Encourage strong tone at the top in support for the organization s fraud management program or effort. 4. Ensure internal audit plans encompass key fraud prevention activities. 5. Engage in effective activities pertaining to management, such as providing management training on internal control procedures, fostering ongoing communication among senior management, and sharing information to educate leadership regarding their role and responsibility to deter and detect fraud. 6. Implement a code of conduct or ethics program for all staff that is part of the organization's corporate governance structure. 7. Perform an annual fraud risk assessment and control self-assessment. 8. Implement or increase ERM efforts. Similarly, to ensure the effectiveness of fraud prevention efforts, CAEs need to recommend the establishment of the following key fraud prevention elements, as described by survey respondents: 1. A strong control environment that includes a code of conduct, ethics policy, or fraud policy to set the appropriate tone at the top; an ethics and compliance hotline or program to report concerns; hiring and promotion guidelines and practices; and oversight by the audit committee, board, or other oversight body. 2. A risk assessment that considers fraud risk factors and fraud schemes. 3

7 3. Control activities (i.e., policies and procedures for business processes) including appropriate authority limits and segregation of duties. 4. Information and communication to promote the importance of the fraud management program and the organization s position on fraud risks. 5. Monitoring that provides a periodic evaluation of anti-fraud controls using independent evaluations of the fraud management program by internal auditing or other groups and by implementing technology to aid in continuous monitoring and detection activities. The rest of this Knowledge Alert provides a more detailed explanation of these and other leading practices and survey findings. 4

8 Fraudulent Activities Have Been on the Rise Since 2008 According to survey results, there has been a significant increase of fraud occurrences since the onset of the economic crisis in The prevalence of fraudulent activity has been quite significant as well. Of the nearly one-third of organizations where fraud has occurred (31 percent), 43 percent stated that fraud occurrences have increased from 1 percent to 10 percent, 28 percent indicated fraud has increased from 11 percent to 20 percent, and 14 percent stated fraud has increased from 21 percent to 30 percent. In terms of the types of fraud that have been on the rise, theft of company property and resources was chosen as the number one fraud, followed by embezzlement and expenseaccount fraud. (Table 2 summarizes of all responses.) Three Common Fraud Characteristics According to new guidance provided by The IIA, the following are three common characteristics of fraud: 1) Pressure or incentive represents a need that an individual attempts to satisfy by committing fraud. Often, pressure comes from a significant financial need or problem, such as the need to keep one s job, earn a bonus, or meet or beat analyst financial estimates. 2) Opportunity is the ability to commit fraud and not be detected. Opportunity is created by weak internal controls, poor management, lack of board oversight, and through the use of one s position and authority to override controls. Failure to establish adequate procedures to detect fraudulent activity also increases the opportunities for fraud to occur. 3) Rationalization is the ability for a person to justify a fraud and is a crucial component in most frauds. Rationalization involves a person reconciling his/her behavior with the commonly accepted notions of decency and trust. The fraudster, for instance, may believe stealing is justified so he/she can pay for high medical bills. Of the three elements, opportunity is the one organizations can influence the most. Therefore, organizations need procedures and internal controls that deter employees from committing fraud and detect fraudulent activities. Source: Internal Auditing and Fraud (December 2009), The IIA, pg. 6 However, although noteworthy, the Table 2. Type of Fraud Seen on the Rise Since 2008 number of fraudulent activities detected Type of Fraud since the onset of the economic recession might be a lagging indicator on the prevalence of fraud as many fraudulent schemes are discovered after they take place. Consequently, it is possible that more fraudulent activities have taken place that will be visible at a later date. Several comments from survey participants justify this trend. According to one respondent, several fraudulent activities were detected in 2009, which started to be perpetrated before the economic downturn took place. Percentage Theft of company property and resources 52% Embezzlement 38% Expense-account fraud 37% Third-party/vendor fraud 33% Theft of company information and data 13% Financial statement or accounting irregularities 7% Foreign corrupt practices 4% 5

9 Employee-related Fraud Has Had a Major Impact in Organizations In organizations where fraud has been on the rise since the onset of the economic recession, theft of company property and resources was identified as the most common type of fraud discovered (refer to Table 2 on page 5). However, when analyzed closely survey results unveil another finding: embezzlement and expense-account fraud, when combined, point to an even greater prevalence in employeerelated fraud. This last finding makes sense as the recession has affected countless employees at a personal financial level, often involving the complete loss of income from one or more household members. In addition, fraud related to third parties and vendors as well as theft of company information and data may be areas of growing exposure. The growing trend toward third-party fraud and data theft could be explained by Typical Profile of a Fraudster Most frauds begin small and continue to grow as the scheme remains undetected. Perpetrators also primarily exploit inadequate internal controls for their own gain, resulting in substantial damage to the organization. The typical fraudster is male of middle age, employed by the organization for a number of years. He often works in the finance department and typically commits the deed driven by a desire for money and opportunity. Many studies indicate that most frauds are committed by members of management as managers generally have access to confidential information, thus enabling them to override internal controls. In addition, fraud perpetrators tend to be in positions of trust, educated, heads of households, and members of community organizations who are motivated by a personal need. Source: Internal Auditing and Fraud (December 2009), The IIA, pg. 5 the increase in outsourcing and offshoring activities as way to reduce operational expenses during the last couple of years. Respondents also were asked to identify if they have experienced a new type of fraud or scenario. Of the 38 responses provided in the open-ended question, 58 percent dealt with a financial fraudulent scheme, including: Inappropriate use of reward points on credit cards. Scams involving counterfeited check images, duplicated checks, or forged signatures. Customers using the company to apply for government guaranteed loans under false pretences. Duplicate billings for services using separate work orders and invoice numbers. Wire transfer fraud and credit card fraud by accessing the merchant s processing network. Use of electronic signatures on documents provided to support travel and entertainment approvals. 6

10 In spite of the rise in finance-related fraudulent activity, most organizations perform a fraud risk assessment as part of their public reporting on financial controls (42 percent). 4 The role of internal auditing in this process is mostly to manage the risk assessment process (42 percent). Other roles identified include to act as a consultant throughout the process (30 percent) or to facilitate it (22 percent). Finally, survey participants were asked to identify the top three risks that are most likely to impact organizations within the next 12 months. Similar to survey results illustrated on Table 3, employee-related frauds, theft of company property and resources, and fraud pertaining to third parties and vendors were the top three risks identified. Thus, organizations are expecting a continuation of the same kinds of fraudulent activities in Table 3. Top 10 Fraud Risks That Are Most Likely to Impact Organizations Within the Next 12 Months Total No. of Description of Fraud Risk Responses Employee-related fraud or risks (e.g., expense account fraud, worker's compensation fraud, personal use of company mobile devices, employees not understanding their job responsibilities, overstatement of 119 hours worked, new employees risks, abuse of employee discounts and other benefits, falsified time reporting, ghost employees, reduced/frozen salaries and bonuses) Theft of company property and resources (e.g., custodial risks, property theft or poor property management, misuse or improper use of company resources/assets, misappropriation of assets, 106 loss/theft of company property or resources) Fraud or risks pertaining to third-parties or vendors (e.g., bid rigging, competitor fraud, vendor curtailment, supplier failures, payments for services not rendered, medical providers committing fraud, managing vendors/contractors, contract compliance, overpaying contractors, fraudulent billings, fake vendors, 63 favoring a particular vendor or supplier for personal benefit, inappropriate vendor relationships or vendor selection process) Data/information risks (e.g., disclosing corporate data to competitors, skimming, release of confidential data, protecting credit card data, data integrity, data or information security breaches, theft of customer 38 information/corporate data, phishing scams, ID theft, stealing credit card data, intellectual property theft) Billing schemes/fraud (e.g., procurement fraud, overbilling contractors, invoice fraud) 26 Corruption (e.g., bribery of foreign officials, bribe/facilitation payments related to imports, side 25 agreements, letters, bribes/kickbacks) Fraud or risks pertaining to high unemployment rate/layoffs/frozen staff positions (e.g., reduction of audit 25 staff/coverage, downsizing without remapping processes or controls) Overall risks due to the impact of the economy (e.g., slow turnaround in the economy, reduced/constraint resources, reduced capital spending, employee stress, increased costs, lower revenues, increased need 21 of cash by employees) Risks due to management issues (e.g., questionable ethics by management, overall decision-making, management's view of internal auditing, lack of management oversight/integrity, insufficient management 17 oversight and monitoring of operating entities, management override, lack of management support at the C-level) IT risks (e.g., use of IT to cover up fraud, systems not capable of detecting fraud, risks associated with 15 new financial systems, IT security risks, access to IT systems, legacy systems requiring security updates) 4 Twenty-five percent of respondents indicated that public reporting on financial controls is not applicable to their organization. 7

11 Assurance and Consulting Activities Are a Source of Added Value Internal auditing was identified as the number one function responsible for the day-to-day management of the organization s fraud program. 5 To help CAEs ensure internal auditors add the most value, the survey asked participants to identify the role that the internal audit activity plays as part of the fraud management program. Overall, the survey found that internal auditors perform a variety of consulting and assurance activities that add value to the organization s fraud management efforts (refer to Table 4 for a summary of all responses). Table 4. Role of Internal Auditing as Part of the Fraud Management Program Response Percentage Conducts tests to determine if fraud is present in areas where potential fraud risks are present 73% Evaluates the design and operation of internal controls related to fraud risk management 71% Takes an active role in support of the organization s ethical culture 66% Performs its own fraud risk assessment 61% Is responsible for reporting cases of fraud to the audit committee 60% Provides assurance to the board and senior management that fraud risks are being identified and appropriately addressed 57% Conducts root-cause analyses of actual frauds to identify control improvement recommendations 51% Performs periodic monitoring of key fraud indicators 50% Provides assurance to the board and senior management that the organization s fraud program is effective 42% Participates, under the direction of another function, in investigation of suspected fraud 42% Has overall responsibility for investigations of suspected fraud 39% Works with external auditors regarding their fraud assessment 37% Participates in the organization s fraud risk assessment 32% Provides fraud or ethics training sessions to business units 30% Is responsible for the organization s fraud reporting mechanism or whistleblower hotline 29% Interviews and communicates regularly with those conducting the risk assessment and others in key positions to help them ensure all fraud risks have been considered appropriately 28% Conducts or participates in fraud-scenario analysis 24% Runs automated software routines specifically designed to identify possible fraudulent activities 21% Performs continuous monitoring of key fraud indicators 17% 5 Thirty-seven percent of respondents identified internal auditing as the number one function responsible for the fraud program. Other functions identified, in order of importance, include: legal or general counsel (11 percent), corporate security (7 percent), and the chief risk officer (or equivalent) or chief financial officer (or equivalent) (5 percent each). 8

12 For instance, in terms of assurance activities, internal auditors provide assurance to the board and senior management that the organization s fraud program is effective and that fraud risks are being identified and addressed appropriately. On the other hand, consulting activities include being an active participant in the organization s fraud risk assessment, evaluating the design and operation of internal controls related to fraud risk management, and providing fraud or ethics training sessions to business units. Additionally, the survey asked participants to identify the top three activities internal auditors can perform that can provide added value to the organization s overall fraud management efforts. Again, respondents identified a number of consulting and assurance efforts. The top three are: Internal Auditing s Role During Fraud Investigations According to the practice guide Internal Auditing and Fraud, the role of internal auditing during fraud investigations needs to be defined in the internal audit charter as well as in the organization s fraud policies and procedures. Acceptable roles for internal auditors include: Having the primary responsibility for fraud investigations. Acting as a resource during investigations. Refraining from involvement in investigations as they are either responsible for assessing the effectiveness of investigations or lack the appropriate resources to be involved in investigations. 1. Increase fraud awareness, communication, and training throughout the organization. 2. Review systems in place and corresponding policies, procedures, and controls. 3. Perform regularly scheduled audits that monitor key, high-risk areas. In organizations where the internal audit activity is responsible for fraud investigations, it may conduct an investigation using in-house staff, a third-party, or a combination of both. Appendix A of this report provides a list of 20 questions taken from the practice guide CAEs can ask about fraud on a regular basis to enhance the organization s fraud management program or efforts. Source: Internal Auditing and Fraud (December 2009), The IIA, pg. 23 Table 5 provides a detailed summary of the top 15 activities internal auditors can perform to add value to the organization s fraud management efforts. 9

13 Table 5. Top 15 Activities Internal Auditors Can Perform to Provide Added Value to Fraud Management Efforts Description of Value-added Activity Increase fraud awareness, communication, and training throughout the organization (e.g., help educate employees on awareness/antifraud efforts, educate process owners/customers, and help to promote companywide policies and procedures). Review systems in place and their corresponding policies, procedures, and controls (e.g., audit financial reporting controls, fraud detection and prevention controls, inventory/shipping/invoicing functions, and risk mitigation plans; verify internal control effectiveness in all financial and other high-risk areas; and review segregation of duties activities). Perform regularly scheduled audits that monitor key, high-risk areas (e.g., perform IT security assessments and other IT-targeted reviews; perform payroll control reviews, operational audits, risk-based audits, and financial control audits; and increase the audit scope on key business areas including HR, general ledger activity, and ethics and compliance). Review/audit specific financial activities (e.g., accounts receivable trends, cash management activities, disbursement cycles, record keeping reports, expense claims, customer accounts, changes in financial statement and balance sheet accounts, commissions paid versus revenues, credit card transactions for emerging trends, high risk/suspicious transactions and accounts, and procurement cards). Implement a continuous audit process to eliminate sample bias; audit credit and accounts payable activity; audit employee expenses; and continuously monitor controls, high-risk areas, financial transactions, IS, and control self-assessments. Perform risk assessments/risk-based audits. Increase level of coordination and cooperation with internal and external groups and other programs already in place. Review/audit key risk activities other than financial areas. Increase fraud awareness/communication/training/discussion with management/leadership. Conduct or assist in fraud investigations. Perform data analysis and mining. Include fraud risk assessment as a part of every audit. Perform regulatory control/compliance testing. Remain/be visible and accessible throughout the organization by conducting site visits and regular audit reviews of each location. Help develop a fraud plan for the organization. Finally, the survey asked a number of questions pertaining to the relationship between internal auditing and the individual department responsible for the organization s fraud program if other than internal auditing. The majority of responses (58 percent) indicate there is a high degree of coordination and information sharing between the two functions (refer to Table 6). (For a description of additional roles read Internal Auditing s Role During Fraud Investigations on page 9.) Also, although the internal audit activity is not primarily responsible for fraud detection activities only 18 percent of participants stated that this is the sole responsibility of internal auditing 61 percent of respondents stated there is an underlying expectation from management and the audit committee that internal auditors must help in this area. As a result, more than half of all the internal audit activities represented in the survey (56 percent) employ internal auditors with forensic or investigative skills including internal auditors with the certified fraud examiner designation, experienced fraud managers, and internal audit staff with investigative and forensic training. 10

14 Table 6. Relationship Between Internal Auditing and the Organization s Fraud Management Function Responses Percentage High-level of coordination and information sharing* 38% Not applicable internal auditing manages the program 36% Performs investigations jointly with fraud staff* 12% Clear responsibilities delineated for each function* 9% Little to no coordination and information sharing 4% Investigations are solely the responsibility of the fraud function 2% Fraud function does separate reporting on fraud to senior management and the audit committee 2% * These responses indicate a high degree of coordination and information sharing between the internal audit activity and fraud management function. 11

15 Fraud Risks Management Programs Are Becoming a Higher Priority Finally, survey results indicate that fraud risk management efforts or programs are becoming a higher priority. First, programs within companies that manage fraud risks are receiving increased attention. As explained earlier, 76 percent of respondents indicated they work in organization where there is either a formal (34 percent) or informal (42 percent) fraud risk management program in place. And 24 percent are planning on implementing a program in the future. Hence, fraud risk management is a topic of discussion in all of the organizations represented in the survey. Figure 1. Overall Effectiveness of Fraud Program Second, of the 76 percent of respondents who stated their organization has a formal or informal program, more than half stated that the fraud risk management program is somewhat effective to highly effective (refer to Figure 1). Furthermore, these respondents were asked to identify the current trend toward overall program effectiveness. According to survey results, 49 percent of respondents who work in an organization with a fraud risk management program stated that the program is starting to become more effective. Hence, even in organizations where fraud management efforts are ineffective, corrective actions are being put in place to increase the likelihood of detecting or preventing future fraud risks (refer to Figure 2). 12

16 Figure 2. Current Trend Toward Overall Fraud Program Effectiveness Third, organizations are starting to commit specific resources toward fraud management, including the creation of a dedicated fraud management unit or function. According to survey results, more than a quarter of all the organizations represented in the study (28 percent) have a dedicated business unit or department to manage or investigate fraud. In terms of staffing, 63 percent of all respondents have full-time staff (33 percent), parttime staff (19 percent), or a combination of both (11 percent) dedicated to the program or unit. Table 7 summarizes the total number of full-time staff equivalents dedicated to the organization s fraud program or unit. Table 7. Full-time Staff Equivalents Dedicated to Fraud Management Program or Unit Total No. of Staff Percentage 1 26% % 6 9 7% % 16+ 5% Not applicable 22% As organizations hire dedicated staff to enhance their fraud risk management efforts, CAEs need to ensure that the appropriate oversight is provided to effectively manage the program. As The IIA s new practice guide Internal Auditing and Fraud explains, oversight can take many forms and can be performed by many within and outside the organization under the overall oversight of the board of directors. 6 6 Internal Auditing and Fraud (December 2009), pg

17 In addition to internal auditors, the following eight functions play a key role in the organization s fraud management program: Board of directors. Audit committee. Management. Legal counsel. External auditors. Loss prevention manager. Fraud investigators. Other employees, from the summer intern to the CEO. (Appendix B describes the main roles of each function.) Finally, another finding that further confirms fraud risk management is becoming a higher priority is the belief among respondents that fraud prevention is more important than fraud detection. For instance, the survey asked participants to identify their level of agreement with three statements pertaining to the value seen in fraud prevention versus fraud detection activities. Nearly all participants agree to highly agree that the organization s board/audit committee, senior management, and internal audit activity perceives more value in preventing fraud rather than detecting fraud (refer to Table 8 for a summary of all responses). This finding is not surprising considering that once fraud is detected, the organization may have incurred a significant financial loss. Hence, preventing fraud from occurring saves the organization more time, money, and other resources in the long run, especially in cases where the fraudulent activity leads to a criminal investigation. As many organizations start to enhance their fraud risk management efforts, this is a good time for CAEs to review their internal audit activities related to fraud risk and ensure they are consistent and aligned with what management is doing. Table 8. Value Given to Fraud Prevention Versus Fraud Detection Activities Our board/audit committee sees more value in preventing fraud rather than detecting fraud. Senior management sees more value in preventing fraud rather than detecting fraud. Internal auditing sees more value in preventing fraud rather than detecting fraud. 1 Highly Disagree Highly Agree 3% 6% 25% 32% 35% 4% 10% 22% 35% 30% 2% 5% 5% 25% 62% 14

18 Leading Practices To obtain leading fraud management practices respondents were asked to describe the most effective strategies an organization can implement to prevent fraud. In order of importance, these strategies are: Implement a well-publicized fraud management program that: o Has a dedicated role for monitoring compliance with program policies and procedures. o Is commensurate with the organization s business model. o Ensures staff are aware of their responsibility to identify fraud. o Provides a tool for confidential reporting of suspected frauds, such as the implementation of an ethics and compliance (i.e., whistleblower) hotline. o Communicates to employees the critical elements contained in the organization s code of conduct. o Enables staff to question activities that are outside the norm. o Requires fraud training. o Outlines the actions to be taken against fraud perpetrators. o Publicizes fraud management efforts. o Celebrates good behavior. Leading Practices in Fraud Prevention Survey results unveiled eight leading practices in the area of fraud prevention. These are: 1. Implement a well-publicized fraud management program that has a dedicated role for monitoring compliance with program policies and procedures and is commensurate with the organization s business model. 2. Ensure the effectiveness of established controls or control processes. 3. Encourage strong tone at the top in support for the organization s fraud management program/efforts. 4. Ensure internal audit plans encompass key fraud prevention activities. 5. Engage in effective activities pertaining to management, such as providing management training on internal control procedures, fostering ongoing communication among senior management, and sharing information to educate leadership regarding their role and responsibility to deter and detect fraud. 6. Implement a code of conduct or ethics program for all staff that is part of the organization's corporate governance structure. 7. Perform an annual fraud risk assessment and control selfassessment. 8. Implement or increase ERM efforts. Ensure the effectiveness of established controls or control processes, including: o Vendor management activities such as vendor qualification and competitive bidding procedures. o Regular updates to master vendor files. o Expenditure reviews. o Inventory accountability, such as consequences for management personnel if 15

19 variances in inventory are detected, and routine/frequent checks and reconciliation of inventory. o Regular updates of security clearances. Encourage strong tone at the top by: o Ensuring senior management sets the proper tone at the top for fraud management. o Demonstrating the organization s commitment to implement effective internal controls in all programs. o Making a commitment to review internal controls and taking strong sanctions against those perpetrating fraud. o Ensuring senior management carries the message to employees about their commitment to prevent fraud and deal directly with fraud when identified. Ensure that audit plans encompass the following key activities: o Surprise audits, in addition to scheduled audits on randomly selected business units. o Regular internal audit presence in all parts of the organization. o Compliance monitoring of fraud policies and procedures. o Fraud audits and internal audit support for the fraud program. o Mechanisms to audit code of conduct compliance. o Hire antifraud professionals as part of the internal audit activity. o Systematically assess key controls and continuously audit fraud risk areas. Fraud Prevention Elements According to the practice guide Internal Auditing and Fraud, fraud prevention involves those actions taken to discourage fraud and limit fraud exposure when it occurs. Instilling a strong ethical culture and setting the correct tone at the top are, thus, essential elements in preventing fraud. To ensure the effectiveness of fraud prevention efforts, CAEs need to recommend the establishment of the following key fraud prevention elements: 1. A control environment that includes a code of conduct or ethics or fraud policy to set the appropriate tone at the top; an ethics and compliance hotline or program to report concerns; hiring and promoting guidelines and practices; and oversight by the audit committee, board, or other oversight body. 2. A risk assessment that considers fraud risk factors and schemes. 3. Control activities, i.e., policies and procedures for business processes, including appropriate authority limits and segregation of duties. 4. Communication to promote the importance of the fraud management program and the organization s position on fraud risks. 5. Periodic monitoring of anti-fraud controls through independent evaluations of the fraud management program by internal auditing or other groups and the implementation of technology to aid in continuous monitoring and detection activities. Source: Internal Auditing and Fraud (December 2009), The IIA, pp o Enable internal auditors to remain/be visible in the company. o IT audit activities pertaining to fraud risk (e.g., use of fraud detection software, automated matching and computer-assisted audit techniques, and data mining). 16

20 Engage in effective activities pertaining to management including: o Training of management on internal control procedures. o Fostering an appropriate leadership/management style to avoid the "rationalization" process that is present in fraud scenarios. o Ensuring ongoing communication among senior management. o Sharing information to educate leadership regarding their role/responsibility to deter and detect fraud. o Ensuring management support when new controls need to be implemented. o Ensuring careful management hiring decisions. o Building awareness of the type of fraud that can occur in a given area and the steps that can and should be taken to prevent fraud. Implement a code of conduct/ethics program for all staff that is part of the organization's corporate governance structure. The code of conduct/ethics must: o Communicate that fraud of any form will not be tolerated. o Establish an adherence to accountability standards. o Communicate to employees what integrity in the workplace means, including penalties for violations and noncompliance with the code of conduct. o Instill an ethical culture among all staff that makes each employee accountable for detecting fraud. Perform an annual fraud risk assessment and control self-assessment that: 7 o Evaluates fraud risks and inventories fraud scenarios. o Includes threat discussions and assessments. Implement or increase ERM efforts. When examined closely, these survey responses unveil a series of leading practices in the area of fraud management program implementation. According to respondents, once an organization establishes a fraud management program, at a minimum, the program must: Establish the proper tone at the top through the implementation of a code of conduct. Establish mechanisms to audit compliance to the code of conduct. Develop and enforce repercussions for noncompliance to the code of conduct. Communicate with all employees on a regular basis the critical elements contained in the code of conduct. Ensure organization leaders lead by example. Have clear and robust policies, procedures, and controls that are well understood by all employees, enforced by management, and closely monitored by internal auditing and senior and line managers. For additional fraud prevention practices from The IIA, read Fraud Prevention Elements on page A sample fraud management assessment can be downloaded from The IIA s Web site, download.cfm?file=75536 (PDF, 536 KB). 17

21 Appendix A: List of 20 Questions The following are a series of 20 questions CAEs can ask about fraud on a regular basis to enhance the organization s fraud management program or efforts: 1. Does the organization have a fraud governance structure in place that assigns responsibilities for fraud investigations? 2. Does the organization have a fraud policy in place? 3. Has the organization identified laws and regulations relating to fraud in jurisdictions where it does business? 4. Does the organization s fraud management program include coordination with internal auditing? 5. Does the organization have a fraud hotline? 6. Does the audit charter describe internal auditing s roles and responsibilities relating to fraud? 7. Has responsibility for fraud detection, prevention, response, and awareness been assigned within the organization? 8. Do management and the CAE update the audit committee on fraud? 9. Does management promote fraud awareness and training within the organization? 10. Does management lead fraud risk assessments and include internal auditing in the assessment process? 11. Are the results of fraud risk assessments considered in the audit planning process? 12. Are periodic fraud awareness and training programs provided to all employees? 13. Are automated tools available to those responsible for preventing, detecting, and investigating fraud? 14. Has management identified the types of potential fraud risks in its areas of responsibility? 15. Do management and the CAE know where to obtain guidance on fraud from professional organizations? 16. Do management and internal auditors know their responsibilities relating to fraud? 17. Has management incorporated appropriate controls to prevent, detect, and investigate fraud? 18. Does management have the appropriate skill sets in place to perform fraud investigations? 19. Do management and the internal audit activity periodically assess the effectiveness and efficiency of fraud controls? 20. Are fraud investigation workpapers and supporting documents appropriately secured and retained? 18

22 Appendix B: List of Key Fraud Management Oversight Functions Function Description of Main Role Oversee and monitor management s actions to manage fraud risks by evaluating management s identification of fraud risks, implementation of anti-fraud measures, and tone at the top. Implement policies that encourage ethical behavior, including processes for Board of Directors employees, customers, and external business relationship partners to report instances where those policies are violated. Monitor the organization s fraud risk management effectiveness by appointing one executive-level member of management to be responsible for coordinating fraud risk management and reporting to the board. Evaluate management s identification of fraud risks and the implementation of antifraud measures. Audit Committee Provide the tone at the top that fraud will not be accepted in any form. Hire external auditors to report on the financial statements of the organization and provide recommendations on internal control. Implement and monitor processes and internal controls to oversee employee activities. Assess the vulnerability of the entity to fraudulent activity. Establish and maintain an effective internal control system at a reasonable cost. Management Hold discussions with investigators and legal counsel over the investigation process, including the development of policies and procedures for effective fraud investigations and for handling the results of investigations, reporting, and communications. The roles and responsibilities of in-house counsel will often be governed by the laws of each jurisdiction. A lawyer generally acts in the best interest of the organization and also is required to preserve client confidences. Legal Counsel The discovery of fraud can bring these two ethical duties into potential conflict. When faced with constituents in organization who intend to engage in fraud, a lawyer can urge reconsideration, advise the constituents to seek a separate legal opinion, or refer the matter to a higher authority within the organization. Plan and perform the audit of the organization s financial statements to obtain reasonable assurance about whether the financial statements are free of material misstatement and whether the misstatements were caused by error or fraud. External Auditors If fraud is discovered, external auditors must bring the matter to the attention of an appropriate level of management. In cases of fraud involving senior management, external auditors must report the matter to those charged with governance. Detect and investigate fraud and the recovery of assets. Often, fraud investigators work closely with legal counsel to bring legal action against a perpetrator. Fraud Investigators Lead investigators usually determine the knowledge, skills, and other competencies needed to carry out the investigation effectively and assign competent and appropriate people to the team. Function as the eyes and ears of the organization. Other Employees Report suspicious behavior through the use of the employee hotline, internal audit department, or a member of management. Source: Internal Auditing and Fraud, pp

23 20

STUDY UNIT TEN INTERNAL AUDIT RESPONSIBILITIES FOR FRAUD

STUDY UNIT TEN INTERNAL AUDIT RESPONSIBILITIES FOR FRAUD STUDY UNIT TEN INTERNAL AUDIT RESPONSIBILITIES FOR FRAUD 1 10.1 Fraud -- Nature, Prevention, and Detection..................................... 1 10.2 Fraud -- Indicators........................................................

More information

Effective implementation of COSO s new anti-fraud guidance

Effective implementation of COSO s new anti-fraud guidance Effective implementation of COSO s new anti-fraud guidance In September 2016, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a new Fraud Risk Management Guide (Anti-fraud

More information

FRAUD RISK FACTORS CHECKLIST (Source: New AU Section 240, Appendix A)

FRAUD RISK FACTORS CHECKLIST (Source: New AU Section 240, Appendix A) Page 136 of 174 FRAUD RISK FACTORS CHECKLIST (Source: New AU Section 240, Appendix A) RECOGNIZING RISK FACTORS THAT SHOULD GET YOUR ATTENTION How to use the checklist: 1. Review this checklist towards

More information

AUDIT RISK ASSESSMENT AND RESPONSES TO ASSESSED RISK BY Geoffrey Byamugisha Partner, Ernst & Young. Lessons on Audit Risk. Responding to fraud risk

AUDIT RISK ASSESSMENT AND RESPONSES TO ASSESSED RISK BY Geoffrey Byamugisha Partner, Ernst & Young. Lessons on Audit Risk. Responding to fraud risk AUDIT RISK ASSESSMENT AND RESPONSES TO ASSESSED RISK BY Geoffrey Byamugisha Partner, Ernst & Young ICPAU Page 1 COURSE CONTENT Lessons on Audit Risk Identification of audit risk and audit risk assessment

More information

Fraud Risk Management

Fraud Risk Management Fraud Risk Management Specific Anti-Fraud Controls (Process or Transaction Level) 2017 Association of Certified Fraud Examiners, Inc. Discussion Questions 1. Does your organization have adequate staffing

More information

Prince William County Public Schools Annual Audit Plan

Prince William County Public Schools Annual Audit Plan Prince William County Public Schools 2011 Annual Audit Plan Office of Internal Audit Vivian Calkins-McGettigan, MBA, CPA, CPFO Chief Internal Auditor Table of Contents Foreword 3 Introduction to the Office

More information

Implementation Guides

Implementation Guides Implementation Guides Implementation Guides assist internal auditors in applying the Definition of Internal Auditing, the Code of Ethics, and the Standards and promoting good practices. Implementation

More information

Fraud Risk Management

Fraud Risk Management Fraud Risk Management Introduction Bethmara Kessler, CFE, CISA Campbell Soup Company 2017 Association of Certified Fraud Examiners, Inc. CPE Information 2017 Association of Certified Fraud Examiners, Inc.

More information

2/27/2017. Segregation of Duties/ Internal Controls. Objectives. Agenda

2/27/2017. Segregation of Duties/ Internal Controls. Objectives. Agenda Segregation of Duties/ Internal Controls 2017 WASBO Accounting Conference David Maccoux, Shareholder Objectives Discuss failures of internal controls to detect or prevent fraud and learn how to implement

More information

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES 1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org PRELIMINARY STAFF VIEWS AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL

More information

OUTSMART FRAUD. Strategic Internal Controls to Prevent Business Fraud

OUTSMART FRAUD. Strategic Internal Controls to Prevent Business Fraud OUTSMART FRAUD Strategic Internal Controls to Prevent Business Fraud GrowthForce LLC 800 Rockmead Drive Suite 200 Phone 281.358.2007 Fax 281.358.4120 OUTSMART BUSINESS FRAUD Using statistical data from

More information

GoldSRD Audit 101 Table of Contents & Resource Listing

GoldSRD Audit 101 Table of Contents & Resource Listing Au GoldSRD Audit 101 Table of Contents & Resource Listing I. IIA Standards II. GTAG I (Example Copy of the Contents of the GTAG Series) III. Example Audit Workprogram IV. Audit Test Workpaper Example V.

More information

Key Elements of Antifraud Programs and Controls

Key Elements of Antifraud Programs and Controls Key Elements of Antifraud Programs and Controls A White Paper This white paper provides general or summary information about aspects of the Sarbanes-Oxley Act of 2002 and current and proposed rules, regulations

More information

PHARMACEUTICALS. Forensic Services. Helping to protect your business from fraud, misconduct and non-compliance ADVISORY

PHARMACEUTICALS. Forensic Services. Helping to protect your business from fraud, misconduct and non-compliance ADVISORY PHARMACEUTICALS Forensic Services Helping to protect your business from fraud, misconduct and non-compliance ADVISORY 1 Helping to protect your business from fraud, misconduct and non-compliance Introduction

More information

Quality Assurance and Improvement Program (QAIP)

Quality Assurance and Improvement Program (QAIP) Quality Assurance and Improvement Program (QAIP) Presenters: Lori Carmichael, CPA Rafael Guijarro, CPA Florida Michigan North Carolina Texas Insight. Oversight. Foresight. Class Overview Overview- QAIP

More information

FCPA COMPLIANCE PROGRAMS

FCPA COMPLIANCE PROGRAMS FCPA COMPLIANCE PROGRAMS JIMMY S. PAPPAS INTERNATIONAL INTERNAL INVESTIGATIONS CONFERENCE FRANKFURT, GERMANY DECEMBER 7, 2012 FCPA COMPLIANCE PROGRAMS - OVERVIEW! An effective compliance program is: A

More information

Internal Control Questionnaire and Assessment

Internal Control Questionnaire and Assessment Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 15, 2016 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org

More information

ACFE FRAUD PREVENTION CHECK-UP ASSOCIATION OF CERTIFIED FRAUD EXAMINERS

ACFE FRAUD PREVENTION CHECK-UP ASSOCIATION OF CERTIFIED FRAUD EXAMINERS ACFE FRAUD PREVENTION ASSOCIATION OF CERTIFIED FRAUD EXAMINERS ACFE FRAUD PREVENTION One of the ACFE s most valuable fraud prevention resources, the ACFE Fraud Prevention Check-Up is a simple yet powerful

More information

The Internal Auditor s Duties Outside of Auditing

The Internal Auditor s Duties Outside of Auditing The Internal Auditor s Duties Outside of Auditing Dean Rohne, CPA, CIA dean.rohne@claconnect.com 1 1 Session Objectives Discuss the internal auditor s interaction with the supervisory committee and management

More information

Fraud Prevention, Detection, and Internal Controls

Fraud Prevention, Detection, and Internal Controls Fraud Prevention, Detection, and Internal Controls Budget, Accounting and Reporting Council May 28, 2015 Sherrie Ard, CPA, CFE Financial Management Specialist Local Government Performance Center Local

More information

Internal Controls Integrating COSO

Internal Controls Integrating COSO Community Action Partnership 2016 Annual Convention August 30 September 2, 2016 Austin, TX J.W. Marriott Austin Internal Controls Integrating COSO Thursday, September 1, 2016 9:15 am 10:45 am Presented

More information

EFFICIENT USE OF AUDIT COMMITTEES

EFFICIENT USE OF AUDIT COMMITTEES AGENDA EFFICIENT USE OF AUDIT COMMITTEES BRENT YOUNG, CPA JERRY GAITHER, CPA Best practices related to: Audit Committee Process Internal Audit Risk Management 2 AUDIT COMMITTEE PROCESS AND PROCEDURES Audit

More information

Using Data Analytics as a Management Tool to Identify Organizational Risks

Using Data Analytics as a Management Tool to Identify Organizational Risks 2013 CliftonLarsonAllen LLP Using Data Analytics as a Management Tool to Identify Organizational Risks Government Finance Officers Association of South Carolina October 13, 2014 cliftonlarsonallen.com

More information

INTEGRATING FORENSIC INVESTIGATION TECHNIQUES INTO INTERNAL AUDITING

INTEGRATING FORENSIC INVESTIGATION TECHNIQUES INTO INTERNAL AUDITING INTEGRATING FORENSIC INVESTIGATION TECHNIQUES INTO INTERNAL AUDITING The internal auditors roles in combating fraud are becoming more profound within an organization. Internal auditors may assume a variety

More information

Contract and Procurement Fraud. Fraud in Procurement without Competition

Contract and Procurement Fraud. Fraud in Procurement without Competition Contract and Procurement Fraud Fraud in Procurement without Competition Sole-Source Awards Noncompetitive procurement process through the solicitation of only one source Procurement through sole-source

More information

Corporate Governor. Providing vision and advice for management, boards of directors and audit committees Winter 2015

Corporate Governor. Providing vision and advice for management, boards of directors and audit committees Winter 2015 Corporate Governor Providing vision and advice for management, boards of directors and audit committees Winter 2015 COSO 2013 framework boosts fraud risk assessment and prevention Fraud is among the most

More information

The Governing Body of Blackfen School for Girls adopted this Anti-Fraud policy on. Date: Name Signature

The Governing Body of Blackfen School for Girls adopted this Anti-Fraud policy on. Date: Name Signature BLACKFEN SCHOOL FOR GIRLS ANTI-FRAUD POLICY Date: June 2017 LT Lead: Head Teacher The Governing Body of Blackfen School for Girls adopted this Anti-Fraud policy on Date: Name Signature Review Date: June

More information

BOM/BSD 2/November 1994 BANK OF MAURITIUS. Guideline on Maintenance of Accounting and other Records and Internal Control Systems

BOM/BSD 2/November 1994 BANK OF MAURITIUS. Guideline on Maintenance of Accounting and other Records and Internal Control Systems BOM/BSD 2/November 1994 BANK OF MAURITIUS Guideline on Maintenance of Accounting and other Records and Internal Control Systems November 1994 Revised November 2013 Revised December 2017 TABLE OF CONTENTS

More information

AMERICAN EXPRESS COMPANY AUDIT AND COMPLIANCE COMMITTEE CHARTER (as amended and restated as of September 26, 2017)

AMERICAN EXPRESS COMPANY AUDIT AND COMPLIANCE COMMITTEE CHARTER (as amended and restated as of September 26, 2017) AMERICAN EXPRESS COMPANY AUDIT AND COMPLIANCE COMMITTEE CHARTER (as amended and restated as of September 26, 2017) Purpose The Committee is responsible for assisting the Board of Directors in its oversight

More information

Fraud Policy. Approved by Board of Governors (via Audit Committee)

Fraud Policy. Approved by Board of Governors (via Audit Committee) Fraud Policy Approved by Board of Governors (via Audit Committee) Date approved 25 June 2015 Status Final Approved Policy owner Director of Finance Impact assessed YES Version 2 Date of next review June

More information

NOVEMBER 2015 IFBEC MODEL SUPPLIER CODE OF CONDUCT

NOVEMBER 2015 IFBEC MODEL SUPPLIER CODE OF CONDUCT NOVEMBER 2015 IFBEC MODEL SUPPLIER CODE OF CONDUCT IFBEC MODEL SUPPLIER CODE OF CONDUCT The relationship between the members of IFBEC and their suppliers is an important component to building business

More information

Seattle Public Schools The Office of Internal Audit

Seattle Public Schools The Office of Internal Audit Seattle Public Schools The Office of Internal Audit Internal Audit Report September 1, 2014 through Current Issue Date: June 21, 2016 Executive Summary Background Information The function is centralized

More information

Internal Controls: Need Them, Have Them, Love Them

Internal Controls: Need Them, Have Them, Love Them Internal Controls: Need Them, Have Them, Love Them Tiffany R. Winters, Esquire twinters@bruman.com Brustein & Manasevit Fall Forum 2010 Why Do We Have Internal Controls? The Federal Managers Financial

More information

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2)) GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2)) Operational Risk Management MARCH 2017 STATUS OF GUIDANCE The Isle of Man Financial Services Authority ( the Authority ) issues guidance for

More information

Internal Audit Appendix: IIA Standards

Internal Audit Appendix: IIA Standards Accountability Modules Internal Audit Appendix: IIA Standards Return to Table of ontents The following section provides additional detailed steps to examine when evaluating an internal audit function.

More information

Internal Audit Mandate

Internal Audit Mandate 1. Constitution 1.1. As a vital component of good Corporate Governance, an in-house and centralised Internal Audit function has been established by the Mr Price Group Board of Directors. 1.2. This function

More information

Fraud, bribery and corruption Protecting reputation and value

Fraud, bribery and corruption Protecting reputation and value Fraud, bribery and corruption Protecting reputation and value An investor s choice Imagine two similar companies that are alleged to have engaged in a significant incident of fraud or corruption. Company

More information

Understanding Internal Controls Office of Internal Audit

Understanding Internal Controls Office of Internal Audit Understanding Internal Controls Office of Internal Audit July 2015 Objectives for this manual Provide guidance to help management understand their responsibility to ensure that internal controls are established,

More information

Internal Control Questionnaire and Assessment

Internal Control Questionnaire and Assessment Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 30, 2017 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org

More information

Audit Committee Member Roles and Responsibilities

Audit Committee Member Roles and Responsibilities PURPOSE OF THIS TOOL: The following information illustrates how the audit committee might be structured and assigns roles and responsibilities between the audit committee and finance committee. Not-for-profits

More information

PostNL group procedure

PostNL group procedure 1 January 2017 PostNL Holding B.V. Audit & Security PostNL group procedure on fraud prevention guidance on bribery and corruption Author Director Audit & Security Title PostNL group procedure on Fraud

More information

Using Transactional Analysis for

Using Transactional Analysis for Using Transactional Analysis for Effective Fraud Detection Date: 15 th January 2009 Nishith Seth Seth Services.P. Ltd. www.sspl.net.in Cost Indirect costs: image, morale Fraud Issues & Impact Direct costs:

More information

Office of the Utah Legislative Auditor General. Fraud Prevention. Utah Government Finance Officers Association. Spring 2017 Conference

Office of the Utah Legislative Auditor General. Fraud Prevention. Utah Government Finance Officers Association. Spring 2017 Conference Office of the Utah Legislative Auditor General Fraud Prevention Utah Government Finance Officers Association Spring 2017 Conference Utah Legislative Auditor General Constitutional Charge and Authority

More information

Week 3: Fraud, Procure to Pay Process Controls

Week 3: Fraud, Procure to Pay Process Controls Edward Beaver Edward.Beaver@temple.edu ff MIS 5121: Business Processes, ERP Systems & Controls Week 3: Fraud, Procure to Pay Process Controls Video: Record the Class Discussion v Something really new,

More information

THE NEW AND REVISED INTERPRETATIONS CONTAINED IN THIS DOCUMENT ARE EFFECTIVE ON AUGUST 31, 2017 UNLESS OTHERWISE NOTED.

THE NEW AND REVISED INTERPRETATIONS CONTAINED IN THIS DOCUMENT ARE EFFECTIVE ON AUGUST 31, 2017 UNLESS OTHERWISE NOTED. THE NEW AND REVISED INTERPRETATIONS CONTAINED IN THIS DOCUMENT ARE EFFECTIVE ON AUGUST 31, 2017 UNLESS OTHERWISE NOTED. Ethics interpretations are promulgated by the executive committee of the Professional

More information

Fiscal Oversight Fundamentals

Fiscal Oversight Fundamentals Fiscal Oversight Fundamentals Module 1: School District Finances: Roles and Responsibilities 2012 New York State School Boards Association, Latham NY The Five-Point Plan 1. Requires training for school

More information

INTERNAL AUDIT OF PROCUREMENT AND CONTRACTING

INTERNAL AUDIT OF PROCUREMENT AND CONTRACTING OFFICE OF THE COMMISSIONNER OF LOBBYING OF CANADA INTERNAL AUDIT OF PROCUREMENT AND CONTRACTING AUDIT REPORT Presented by: Samson & Associates February 20, 2015 TABLE OF CONTENT EXECUTIVE SUMMARY... I

More information

Fraud Prevention: How to Identify and Protect Your Higher Ed Institution

Fraud Prevention: How to Identify and Protect Your Higher Ed Institution Fraud Prevention: How to Identify and Protect Your Higher Ed Institution November 16, 2017 Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment

More information

Henkel s Compliance Management System (CMS)

Henkel s Compliance Management System (CMS) Henkel s Compliance Management System (CMS) As a company that operates in an ethically and legally correct manner, Henkel s image and reputation is inseparable from the appropriate conduct of each of its

More information

Public Company Accounting Oversight Board

Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2008 (Headquartered in New York, New York) Issued by the Public Company Accounting

More information

SOSi SUPPLIER CODE OF CONDUCT

SOSi SUPPLIER CODE OF CONDUCT » SOSi.COM SOSi SUPPLIER CODE OF CONDUCT OVERVIEW SOS International LLC, including each of its whollyowned or controlled subsidiaries (collectively, SOSi), is committed to excellence and to conducting

More information

Auditing Standards and Practices Council

Auditing Standards and Practices Council Auditing Standards and Practices Council PHILIPPINE STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT PHILIPPINE STANDARD ON AUDITING

More information

EPCOR Utilities Inc. Ethics Policy

EPCOR Utilities Inc. Ethics Policy ETHICS POLICY Contents 1. APPLICATION... 2 2. POLICY REQUIREMENTS... 2 Fundamental Principles... 2 Respectful Workplace... 2 Use of EPCOR Property and Resources... 2 Appropriate Use of Technology and Electronic

More information

RELM WIRELESS CORPORATION (the Company ) CODE OF BUSINESS CONDUCT AND ETHICS

RELM WIRELESS CORPORATION (the Company ) CODE OF BUSINESS CONDUCT AND ETHICS RELM WIRELESS CORPORATION (the Company ) CODE OF BUSINESS CONDUCT AND ETHICS Introduction This Code of Business Conduct and Ethics covers a wide range of business practices and procedures. It does not

More information

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program Developing an Integrated Anti-Fraud, Compliance, and Ethics Program Establishing an Effective Anti-Fraud, Compliance, and Ethics Function 2018 Association of Certified Fraud Examiners, Inc. Discussion

More information

AMETEK, Inc. Code of Ethics and Business Conduct

AMETEK, Inc. Code of Ethics and Business Conduct AMETEK, Inc. Code of Ethics and Business Conduct Code of Ethics and Business Conduct A Message from the Chairman of the Board and Chief Executive Officer Dear AMETEK Colleague: AMETEK has been in business

More information

CODE OF BUSINESS CONDUCT AND ETHICS. FRONTIER AIRLINES, INC. Adopted May 27, 2004

CODE OF BUSINESS CONDUCT AND ETHICS. FRONTIER AIRLINES, INC. Adopted May 27, 2004 1. Introduction CODE OF BUSINESS CONDUCT AND ETHICS FRONTIER AIRLINES, INC. Adopted May 27, 2004 The Board of Directors adopted this Code of Business Conduct ( Code ) to establish basic legal and ethical

More information

Code of business conduct

Code of business conduct CODE OF BUSINESS CONDUCT OUR PRINCIPLES OF ACTION OUR PRINCIPLES OF ORGANIZATION OUR POLICIES Code of business conduct Code of business conduct Contents 01 Introduction 02 Compliance with laws and regulations

More information

TNT POLICY Title TNT Policy on Fraud, Corruption and Bribery

TNT POLICY Title TNT Policy on Fraud, Corruption and Bribery TNT POLICY Title Date of effect 25 November, 2015 Version 3.0 Policy Owner Tjeerd Wassenaar, General Counsel Direct telephone no. +31 88 393 9000 Document history Approvals Approved by Date of approval

More information

Chapter 7 Internal Controls

Chapter 7 Internal Controls Chapter 7 Internal Controls Establishment of and adherence to internal controls is a major part of managing an organization. Internal controls serve as the first line of defense in safeguarding assets

More information

Global Supplier Code of Business Conduct & Ethics

Global Supplier Code of Business Conduct & Ethics Global Supplier Code of Business Conduct & Ethics Version 2.0 2/15/2017 Contents Document Statement... 3 Scope... 3 1.0 Related or Referenced Policies... 3 2.0 Compliance with Laws, Regulations and the

More information

Mr. Jim Sylph Technical Director International Auditing and Assurance Standards Board 545 Fifth Avenue, 14th Floor New York, NY 10017

Mr. Jim Sylph Technical Director International Auditing and Assurance Standards Board 545 Fifth Avenue, 14th Floor New York, NY 10017 William G. Bishop III, CIA President Tel: +1 407 937 1200 wbishop@theiia.org November 15, 2003 Mr. Jim Sylph Technical Director International Auditing and Assurance Standards Board 545 Fifth Avenue, 14th

More information

FOUNDATIONS IN ACCOUNTANCY Paper FAU (UK) Foundations in Audit (United Kingdom)

FOUNDATIONS IN ACCOUNTANCY Paper FAU (UK) Foundations in Audit (United Kingdom) Answers FOUNDATIONS IN ACCOUNTANCY Paper FAU (UK) Foundations in Audit (United Kingdom) June 2012 Answers Section A QUESTIONS 1 10 MULTIPLE CHOICE Question Answer See Note Below 1 A 1 2 D 2 3 C 3 4 B 4

More information

Managing Fraud Risks. Procurement & Contacting. John J. Hall, CPA (970)

Managing Fraud Risks. Procurement & Contacting. John J. Hall, CPA (970) Managing Fraud Risks in Procurement & Contacting The IIA Los Angeles Chapter October 2, 2017 John J. Hall, CPA (970) 926-0355 John@JohnHallSpeaker.com 1 Four Categories 1. Theft 2. Results Manipulation

More information

TEEKAY TANKERS LTD. STANDARDS OF BUSINESS CONDUCT POLICY

TEEKAY TANKERS LTD. STANDARDS OF BUSINESS CONDUCT POLICY TEEKAY TANKERS LTD. STANDARDS OF BUSINESS CONDUCT POLICY WHY TEEKAY HAS STANDARDS OF BUSINESS CONDUCT As responsible business leaders, it is not enough to do things right; it is also important to do them

More information

- Excessive gambling or investment habits - Strong challenge to beat the system - Undue family pressure such as divorce - Overwhelming desire for pers

- Excessive gambling or investment habits - Strong challenge to beat the system - Undue family pressure such as divorce - Overwhelming desire for pers RED FLAGS OF INTERNAL FRAUD PROFILE OF THE PERPETRATOR: - Most frequently it is the person you trust the most - Has the technical skills to pull off the theft secretly - The activity is clandestine - The

More information

Benchmarking Report Share, Compare, Validate SAMPLE. Year: 2017 Your Organization Date

Benchmarking Report Share, Compare, Validate SAMPLE. Year: 2017 Your Organization Date Benchmarking Report Share, Compare, Validate Year: 2017 Your Organization Date Benchmarking Tier 1: Your Organization Benchmarking Tier 2: Services Benchmarking Tier 3: Services $1B to $5B Benchmarking

More information

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT (Effective for audits of financial statements for periods beginning

More information

Fraud Risk Management

Fraud Risk Management Fraud Risk Management Developing a Fraud Risk Management Program 2017 Association of Certified Fraud Examiners, Inc. Discussion Questions 1. Which individual or group within your organization oversees

More information

A Discussion About Internal Controls February 2016

A Discussion About Internal Controls February 2016 A Discussion About Internal Controls February 2016 What we will cover today 001 Introductions 002 Defining Internal Controls 003 COSO Internal Controls Integrated Framework 004 Approach to Designing Internal

More information

Corporate Governance Statement. APN Property Group August 2017

Corporate Governance Statement. APN Property Group August 2017 Corporate Governance Statement APN Property Group August 2017 CORPORATE GOVERNANCE STATEMENT This is the corporate governance statement for APN Property Group Limited (APN PG or Company) for the financial

More information

Ethical leadership and corporate citizenship. Applied. Applied. Applied. Company s ethics are managed effectively.

Ethical leadership and corporate citizenship. Applied. Applied. Applied. Company s ethics are managed effectively. CORPORATE GOVERNANCE- KING III COMPLIANCE Analysis of the application as at 24 June 2015 by Master Drilling Group Limited (the Company) of the 75 corporate governance principles as recommended by the King

More information

CITY OF CORPUS CHRISTI

CITY OF CORPUS CHRISTI CITY OF CORPUS CHRISTI CITY AUDITOR S OFFICE Audit of Purchasing Program Project No. AU12-004 September 20, 2012 City Auditor Celia Gaona, CIA CISA CFE Auditor Nora Lozano, CIA CISA Executive Summary In

More information

Engagement Planning. Assessing Fraud Risks

Engagement Planning. Assessing Fraud Risks Engagement Planning Assessing Fraud Risks Table of Contents Executive Summary... 3 Introduction... 4 Understanding Fraud... 5 Gathering Information... 6 Prior Assessments and Investigations... 7 Formal

More information

CGMA Competency Framework

CGMA Competency Framework CGMA Competency Framework Technical skills CGMA Competency Framework 1 Technical skills : This requires a basic understanding of the business structures, operations and financial performance, and includes

More information

Audit Committee Performance Evaluation

Audit Committee Performance Evaluation Audit Committee Performance Evaluation The following Deloitte & Touche LLP ( Deloitte & Touche ) questionnaire can be used to assist in the self-assessment of an audit committees performance. The questionnaire

More information

Butte County Office of Education

Butte County Office of Education Butte County Office of Education Extraordinary Audit of the Blue Oak Charter School November 16, 2017 Michael H. Fine Chief Executive Officer Fiscal Crisis & Management Assistance Team November 16, 2017

More information

POLICY The following are the principles of the Conduent Global Ethics Policy that govern all practices concerning business ethics:

POLICY The following are the principles of the Conduent Global Ethics Policy that govern all practices concerning business ethics: SCOPE Conduent Business Services, LLC and its subsidiaries provide this policy as a guide for employees. This policy applies to all employees of Conduent Business Services, LLC and its subsidiaries and

More information

FRAUD AND PROFESSIONAL ETHICS IN HIGHER EDUCATION

FRAUD AND PROFESSIONAL ETHICS IN HIGHER EDUCATION FRAUD AND PROFESSIONAL ETHICS IN HIGHER EDUCATION Brent Stevens, CPA, CGMA Partner in Charge Higher Education Services Group RubinBrown WHY YOU ARE HERE TODAY? *Image courtesy of Association of Certified

More information

Duplicate Payments: Causes, Implications, and Solutions

Duplicate Payments: Causes, Implications, and Solutions Duplicate Payments: Causes, Implications, and Solutions Overview Duplicate payments are an unnecessary evil affecting government organizations, publicly held companies and privately owned businesses of

More information

CORPORATE GOVERNANCE KING III COMPLIANCE REGISTER 2017

CORPORATE GOVERNANCE KING III COMPLIANCE REGISTER 2017 CORPORATE GOVERNANCE KING III COMPLIANCE REGISTER 2017 This document has been prepared in terms of the JSE Listing Requirements and sets out the application of the 75 corporate governance principles by

More information

Fraud Detection and Prevention

Fraud Detection and Prevention Fraud Detection and Prevention Presented by: Louise Hanson, Moss Adams LLP Emily Ogden, Moss Adams LLP April 24, 2014 1 DISCLOSURE STATEMENT The material appearing in this presentation is for informational

More information

CARNIVAL CORPORATION & PLC

CARNIVAL CORPORATION & PLC CARNIVAL CORPORATION & PLC Business Partner Code of Conduct and Ethics A Letter from our CEO Building and maintaining trust in our business relationships and pursuing the highest standards of ethical behavior

More information

OVERVIEW 4/19/10. Internal Controls and the Audit Process May 4, 2010 OVERVIEW. Definition and historical perspective of internal auditing

OVERVIEW 4/19/10. Internal Controls and the Audit Process May 4, 2010 OVERVIEW. Definition and historical perspective of internal auditing and the Audit Process May 4, 2010 Presented by: Deborah A. Stevens CPA Wichita County Auditor 1 OVERVIEW Definition and historical perspective of internal auditing Role and responsibilities of the internal

More information

CODE OF ETHICS AND BUSINESS CONDUCT

CODE OF ETHICS AND BUSINESS CONDUCT CODE OF ETHICS AND BUSINESS CONDUCT 1.0 SCOPE This Code of Ethics and Business Conduct (the Code of Conduct ) is implemented by the Board of Directors (the Board ) of Dominion Diamond Corporation and applies

More information

Strengthening Control and integrity: A Checklist for government Managers

Strengthening Control and integrity: A Checklist for government Managers Forum: Analytics and Risk Management Tools for Making Better Decisions Strengthening Control and integrity: A Checklist for government Managers By James A. Bailey The next contribution is based on a Center

More information

Internal Oversight Division. Internal Audit Strategy

Internal Oversight Division. Internal Audit Strategy Internal Oversight Division Internal Audit Strategy 2018-2020 Date: January 24, 2018 page 2 TABLE OF CONTENTS LIST OF ACRONYMS 3 1. BACKGROUND 4 2. PURPOSE 4 3. WIPO STRATEGIC REALIGNMENT PROGRAM 5 (A)

More information

Computer Programs and Systems, Inc. Code of Business Conduct and Ethics

Computer Programs and Systems, Inc. Code of Business Conduct and Ethics (as of January 28, 2013) Introduction This sets forth the guiding principles by which we operate Computer Programs and Systems, Inc. (the Company ) and conduct our daily business with our stockholders,

More information

May 3, To the Jail Board Members and Management Western Tidewater Regional Jail Authority 2402 Godwin Blvd Suffolk, Virginia 23434

May 3, To the Jail Board Members and Management Western Tidewater Regional Jail Authority 2402 Godwin Blvd Suffolk, Virginia 23434 A PROFESSIONAL LIMITED LIABILITY COMPANY CERTIFIED PUBLIC ACCOUNTANTS May 3, 2016 To the Jail Board Members and Management Western Tidewater Regional Jail Authority 2402 Godwin Blvd Suffolk, Virginia 23434

More information

Company LOGO C B T. An Educational Computer Based Training Program

Company LOGO C B T. An Educational Computer Based Training Program C B T An Educational Computer Based Training Program The University of Texas at Dallas Compliance Training Effectively Controlling Risks Company Effectively Controlling Risks What is the purpose of this

More information

Several unallowable expenditures and exceptions to policy were noted.

Several unallowable expenditures and exceptions to policy were noted. Several unallowable expenditures and exceptions to policy were noted. In our testing of 16 disbursement/pcard transactions, 12 travel transactions, and 9 gift transactions, we noted 6 transactions contained

More information

Internal Audit Policy and Procedures Internal Audit Charter

Internal Audit Policy and Procedures Internal Audit Charter Mission Statement Internal Audit Policy and Procedures Internal Audit Charter The mission of the Internal Audit Department is to provide independent and objective reviews and assessments of the business

More information

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015 DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015 DIRECTOR TRAINING AND QUALIFICATIONS SAMPLE SELF-ASSESSMENT TOOL INTRODUCTION The purpose of this tool is to help determine

More information

CHAPTER 7. Internal Control. Review Questions

CHAPTER 7. Internal Control. Review Questions CHAPTER 7 Internal Control Review Questions 7 1 Internal control is a process, affected by the entity s board of directors, management and other personnel, designed to provide reasonable assurance regarding

More information

[RELEASE NOS ; ; FR-77; File No. S ]

[RELEASE NOS ; ; FR-77; File No. S ] SECURITIES AND EXCHANGE COMMISSION 17 CFR PART 241 [RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] Commission Guidance Regarding Management s Report on Internal Control Over Financial Reporting

More information

Supplier Code of Conduct

Supplier Code of Conduct Airbus Group Supplier Code of Conduct I 001 Airbus Group Supplier Code of Conduct Klaus Richter Chief Procurement Officer Airbus Group and Airbus Martin Weichhardt Head of Procurement & Supply Chain Airbus

More information

AUDITING. Auditing PAGE 1

AUDITING. Auditing PAGE 1 AUDITING Auditing 1. Professionalism The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal

More information

ETHICS AND BUSINESS INTEGRITY POLICY

ETHICS AND BUSINESS INTEGRITY POLICY ETHICS AND BUSINESS INTEGRITY POLICY 1.0 Chief Executive s Introduction: Behaving ethically is essential to working with Carillion. Our values of We care, We achieve together, We improve and we deliver

More information

Managing Fraud Risk: New Professional Guidance

Managing Fraud Risk: New Professional Guidance Managing Fraud Risk: New Professional Guidance Mohammed Ahmed & Toby J.F. Bishop Deloitte Financial Advisory Services LLP September 10, 2007 Objectives Make you aware of the new guidance Show how you can

More information

The Audit Committee of the Supervisory Board of CB&I

The Audit Committee of the Supervisory Board of CB&I The Audit Committee of the Supervisory Board of CB&I General At the Board meeting held in conjunction with the Company's Annual Meeting of Shareholders, and thereafter as necessary, the Board shall appoint

More information