Fraud Risk Management Specific Anti-Fraud Controls (Process or Transaction Level) 2017 Association of Certified Fraud Examiners, Inc.
Discussion Questions 1. Does your organization have adequate staffing to enforce separation of duties? Are there departments or functions within your organization where some incompatible duties could be better segregated to decrease the risk of fraud? 2017 Association of Certified Fraud Examiners, Inc. 2 of 27
Discussion Questions 2. Identify one or two of your organization s most significant fraud risks. Look over the controls identified in this section to address those particular risks. a. Are there any controls listed that your organization has not implemented? Are there controls your organization has implemented to address this risk that are not included on the list? 2017 Association of Certified Fraud Examiners, Inc. 3 of 27
Discussion Questions 2. Identify one or two of your organization s most significant fraud risks. Look over the controls identified in this section to address those particular risks. b. Using the table in your workbook, complete a fraud risk assessment for the two risks identified in step 2a. For each risk, identify, classify, and assess the operating effectiveness of four internal controls, then arrive at a residual risk rating and risk response. 2017 Association of Certified Fraud Examiners, Inc. 4 of 27
Identified Fraud Risks and Schemes Personnel/ Departments Involved Likelihood (1, 2, or 3) Impact (1, 2, or 3) Internal Control No. Internal Control Description (P) Preventive or (D) Detective Control Effectiveness (1, 2, or 3) Residual Risk Rating (Low, Moderate, High) Fraud Risk Response 2017 Association of Certified Fraud Examiners, Inc. 5 of 27
Learning Objective Understand how to design and implement internal controls to address the risk of specific fraud schemes. 2017 Association of Certified Fraud Examiners, Inc. 6 of 27
Controls for Financial Statement Fraud Anchor in effective oversight of management. Gain a solid understanding of the business. Maintain an appropriate level of skepticism. Consider incentives, pressures, and rationalizations to commit fraud. Explore fraud risk scenarios. Assess the financial reporting culture. 2017 Association of Certified Fraud Examiners, Inc. 7 of 27
Controls for Financial Statement Fraud Review transactions subsequent to the balance sheet date. Internal audit focus. Review capitalization policies. Analyze compliance with loan covenants. Look for anomalies in inventory documentation. Review procedures for accounting estimates. Review journal entries. Review changes in accounting policies and practices. 2017 Association of Certified Fraud Examiners, Inc. 8 of 27
Controls for Theft of Incoming Cash Separate recordkeeping duties. Post signs offering a discount to customers who do not receive a receipt. Use management oversight or video cameras to safeguard cash-handling areas. Perform surprise cash counts. 2017 Association of Certified Fraud Examiners, Inc. 9 of 27
Controls for Theft of Incoming Cash Use pre-numbered forms for sales receipts and sales returns. Require management approval for voids and refunds. Place a restrictive endorsement on checks upon receipt. Deposit cash daily and itemize deposit slips. 2017 Association of Certified Fraud Examiners, Inc. 10 of 27
Controls for Theft of Incoming Cash Place cash funds in a time-lock safe. Do not keep excessive cash on hand. Use cash registers that have adequate security features. Maintain separate register drawers for each cashier. 2017 Association of Certified Fraud Examiners, Inc. 11 of 27
Controls for Accounts Receivable Fraud Separate recordkeeping duties. Set guidelines and procedures for opening mail. Use multi-part deposit slips. Install video cameras in the mail room and other vulnerable areas. Use a lockbox system for cash receipts. 2017 Association of Certified Fraud Examiners, Inc. 12 of 27
Controls for Accounts Receivable Fraud Require supervisory approval for: Changes to A/R master file Write-offs and discounts All accounts to be sent to a collection agency Scan journal entries for illogical debits to A/R. Monitor A/R for an unusual number of write-offs, debits, or overdue accounts. Monitor employee activities. 2017 Association of Certified Fraud Examiners, Inc. 13 of 27
Controls for Inventory Fraud Maintain effective physical security. Install video cameras in vulnerable areas. Implement access controls over computerized inventory and accounting systems. Perform surprise counts of inventory. Use pre-numbered sales and inventory forms. 2017 Association of Certified Fraud Examiners, Inc. 14 of 27
Controls for Inventory Fraud Require approval for: Adjustments to inventory records Scrap sales Sales returns Test for unusual inventory shrinkage. 2017 Association of Certified Fraud Examiners, Inc. 15 of 27
Controls for Fixed Assets Fraud Create and communicate a policy on personal use of company fixed assets. Attach identification tags to fixed assets and track them in an up-to-date list. Secure the perimeter of the business. Use pre-numbered and multi-part requisitions, purchase orders, and receiving documents. 2017 Association of Certified Fraud Examiners, Inc. 16 of 27
Controls for Fixed Assets Fraud Require authorization for purchases, improvements, and retirements, and for additions to and deletions from fixed asset accounts. Change access codes and locks when employees are terminated. Perform a periodic fixed asset inventory count, and reconcile it to the fixed asset subledger. 2017 Association of Certified Fraud Examiners, Inc. 17 of 27
Controls for Investment Fraud Hold securities in the organization s name. Keep securities in a safe deposit box under dual control. Maintain a current list of all investments held by the organization, including a record of expected income payments. 2017 Association of Certified Fraud Examiners, Inc. 18 of 27
Controls for Investment Fraud Require high-level authorization for investment transactions. Require approval for write-downs. Implement separation of duties. Maintain access controls over investment accounts and related software. 2017 Association of Certified Fraud Examiners, Inc. 19 of 27
Controls for Accounts Payable and Cash Disbursement Fraud Separate duties and functions. Use physical and software controls to restrict access to A/P and disbursements systems. Restrict access to vendor master file and flag any changes made. Maintain an approved vendor list independently of the purchasing department. 2017 Association of Certified Fraud Examiners, Inc. 20 of 27
Controls for Accounts Payable and Cash Disbursement Fraud Check for duplicates or multiple payments to the same vendor in one day. Require proper authorization of all transactions. Pay only from original invoices, not statements. Require matching of invoices to purchase orders and receiving reports prior to payment. Make all disbursements via check or wire. Severely restrict the use of manual checks. 2017 Association of Certified Fraud Examiners, Inc. 21 of 27
Controls for Accounts Payable and Cash Disbursement Fraud Use positive pay or reverse positive pay. Request bank notification if a duplicate debit is pending posting. Require dual approval when a new vendor is set up for electronic payment. Require dual signatures for payment amounts over an established threshold. Never sign blank checks. 2017 Association of Certified Fraud Examiners, Inc. 22 of 27
Controls for Payroll Fraud Separate duties and functions. Use an imprest payroll bank account. Encourage the use of direct deposit. Keep signed paychecks in a secure location. Log and secure unclaimed paychecks. 2017 Association of Certified Fraud Examiners, Inc. 23 of 27
Controls for Payroll Fraud Require employees to provide identification to collect paycheck or stub. Match the payroll against personnel files. Have supervisors verify time worked. Require advanced authorization for overtime and paid time-off. 2017 Association of Certified Fraud Examiners, Inc. 24 of 27
Controls for Expense Reimbursement Fraud Have a clear policy stating: Types of reimbursable expenses Reimbursement limits Required time frame for submitting expense reports Require original receipts for all expense reimbursements. 2017 Association of Certified Fraud Examiners, Inc. 25 of 27
Controls for Expense Reimbursement Fraud Require detailed expense reports: Explanation, including specific business purpose Time and date Location Amount of the expense Supervisor s review and approval 2017 Association of Certified Fraud Examiners, Inc. 26 of 27
Controls for Borrowing Fraud Require that the board of directors approves all debt transactions. Separate duties in financing activities. 2017 Association of Certified Fraud Examiners, Inc. 27 of 27
Controls for Equity Fraud Separate duties in equity transactions. Require that the board of directors approves all dividends and stock sales. Use pre-numbered stock certificates. Announce dividend rates to shareholders before the checks are issued. Safeguard unissued shares of stock. 2017 Association of Certified Fraud Examiners, Inc. 28 of 27
Controls for Corruption The controls that address payables and disbursements fraud can also be effective in preventing and detecting corruption schemes. 2017 Association of Certified Fraud Examiners, Inc. 29 of 27
ISO 37001 Communicate anti-bribery policy and program. Appoint compliance manager. Provide anti-bribery training and guidance. Perform bribery risk assessment, including third parties. Ensure controlled organizations and third parties implement controls. 2017 Association of Certified Fraud Examiners, Inc. 30 of 27
ISO 37001 Verify that personnel will comply with the policy and program. Control benefits provided to individuals and third parties. Implement financial, procurement, and other controls. Implement whistleblower procedures and investigate suspected bribery. 2017 Association of Certified Fraud Examiners, Inc. 31 of 27
Controls for Conflicts of Interest Ensure that a strong ethics policy is in place. Conduct occasional staff interviews, and have a reporting mechanism available. Detection of conflicts of interest is quite difficult; focus should be on prevention through ethical climate. 2017 Association of Certified Fraud Examiners, Inc. 32 of 27
Controls for Fraud by Vendors Enforce an exhaustive process for approving new vendors. Issue internal conflict-of-interest questionnaires, and address any potential conflicts. Count inventory as it is delivered. Perform vendor compliance audits. Carefully review and approve invoices prior to payment. 2017 Association of Certified Fraud Examiners, Inc. 33 of 27
Controls for Data Security Breaches Access restriction and review Firewalls Physical control over equipment Monitoring of access attempts and successes 2017 Association of Certified Fraud Examiners, Inc. 34 of 27