STUDY UNIT TEN INTERNAL AUDIT RESPONSIBILITIES FOR FRAUD

Similar documents
FRAUD RISK FACTORS CHECKLIST (Source: New AU Section 240, Appendix A)

- Excessive gambling or investment habits - Strong challenge to beat the system - Undue family pressure such as divorce - Overwhelming desire for pers

Fraud Prevention, Detection, and Internal Controls

OUTSMART FRAUD. Strategic Internal Controls to Prevent Business Fraud

ASSOCIATED BANC-CORP CODE OF BUSINESS CONDUCT AND ETHICS

Week 3: Fraud, Procure to Pay Process Controls

AUDIT RISK ASSESSMENT AND RESPONSES TO ASSESSED RISK BY Geoffrey Byamugisha Partner, Ernst & Young. Lessons on Audit Risk. Responding to fraud risk

Using Data Analytics to Detect Fraud

FRAUD IN GOVERNMENT AN OPEN DISCUSSION. Presented By William Blend, CPA, CFE

Knowledge Alert. Emerging Trends in Fraud Risks

Consideration of Fraud in a Financial Statement Audit

Our Code of Conduct also applies to our directors with respect to his or her director-related duties.

AMETEK, Inc. Code of Ethics and Business Conduct

Contract and Procurement Fraud. Fraud in Procurement without Competition

Code of Business Conduct and Ethics

OVERVIEW 4/19/10. Internal Controls and the Audit Process May 4, 2010 OVERVIEW. Definition and historical perspective of internal auditing

TEEKAY TANKERS LTD. STANDARDS OF BUSINESS CONDUCT POLICY

Fraud Risk Management

SOSi SUPPLIER CODE OF CONDUCT

McGraw-Hill/Irwin. Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved.

OVERVIEW. Common Personality Traits of Fraudsters. Common Sources of Pressure. Changes in Behavior

Fraud Risk Management

Company LOGO C B T. An Educational Computer Based Training Program

THE NEW AND REVISED INTERPRETATIONS CONTAINED IN THIS DOCUMENT ARE EFFECTIVE ON AUGUST 31, 2017 UNLESS OTHERWISE NOTED.

RELM WIRELESS CORPORATION (the Company ) CODE OF BUSINESS CONDUCT AND ETHICS

The Governing Body of Blackfen School for Girls adopted this Anti-Fraud policy on. Date: Name Signature

Internal Control Questionnaire and Assessment

BUSINESS ETHICS POLICY and GUIDING PRINCIPLES

CARNIVAL CORPORATION & PLC

2/27/2017. Segregation of Duties/ Internal Controls. Objectives. Agenda

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS

Implementation Tool for Auditors

CODE OF BUSINESS CONDUCT AND ETHICS

Auditing Standards and Practices Council

Computer Programs and Systems, Inc. Code of Business Conduct and Ethics

Effective implementation of COSO s new anti-fraud guidance

Using Data Analytics as a Management Tool to Identify Organizational Risks

Managing Fraud Risks. Procurement & Contacting. John J. Hall, CPA (970)

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

Key Elements of Antifraud Programs and Controls

BIG LOTS, INC. CODE OF BUSINESS CONDUCT AND ETHICS

Chapter 7 Internal Controls

Engagement Planning. Assessing Fraud Risks

Corporate Governor. Providing vision and advice for management, boards of directors and audit committees Winter 2015

CODE OF BUSINESS CONDUCT AND ETHICS. FRONTIER AIRLINES, INC. Adopted May 27, 2004

OTHER PEOPLE S MONEY: THE BASICS OF ASSET MISAPPROPRIATION

PATAGONIA WORKS GLOBAL CODE OF EMPLOYEE CONDUCT

DOUBLE-TAKE SOFTWARE, INC. CODE OF BUSINESS CONDUCT AND ETHICS

Internal Control Fundamentals and Introduction to Fraud - Spring Brenda M. Shannon, CPA, CIA Chief Audit Executive New Mexico State University

Pre-Engagement Activities and Audit Planning By: Tariq Mahmood FCA, ACMA

Internal Controls Integrating COSO

Company owners and managers may hesitate to admit it, but fraud could be taking

Fraud Prevention: How to Identify and Protect Your Higher Ed Institution

Internal Control Questionnaire and Assessment

INTERNAL CONTROLS AND FRAUD DETECTION. Jill Reyes, Director Laura Manlove, Manager

INTERNAL AUDIT Fraud Investigation Process Campus Administrative Training Series April 24, 2017

Office of the Utah Legislative Auditor General. Fraud Prevention. Utah Government Finance Officers Association. Spring 2017 Conference

CODE OF ETHICS FOR CHIEF EXECUTIVE OFFICER AND SENIOR FINANCIAL OFFICERS UGI CORPORATION

Auditing for Fraud. Planning & Approaches

Fraud Detection and Prevention

Guide to Internal Controls

FOUNDATIONS IN ACCOUNTANCY Paper FAU (UK) Foundations in Audit (United Kingdom)

Financial Transactions and Fraud Schemes

DHT HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS

Fraud: What You Need To Know As A Non-Profit Organization. October 28, 2014

Prince William County Public Schools Annual Audit Plan

Arc of Onondaga Corporate Compliance Plan

Diocese of Covington Policies & Procedures Manual Section: Compliance Accounting Policy: Internal Control & Segregation of Duties

The Company seeks to comply with both the letter and spirit of the laws and regulations in all jurisdictions in which it operates.

EPCOR Utilities Inc. Ethics Policy

ABM Industries Incorporated. Code of Business Conduct. September 2015

Fraud and the Small Business Owner

Embezzlement & Fraud How You Can Protect Yourself. Pam Newman, CMA,CFM, MBA

Corporate Code of Business Conduct and Ethics

Anti-bribery corporate policy

Sogefi Group Code of Ethics

ETHICS AND BUSINESS INTEGRITY POLICY

W.W. GRAINGER, INC. Business Conduct Guidelines

MACMILLAN CODE OF CONDUCT

LIVING OUR CORE VALUES. Supplier Code of Conduct

MV Transportation, Inc. Code of Conduct

INTEGRITY AT TURTLE & HUGHES

Supply Chain Fraud & Integrity

Code of Business Conduct

We Maintain Accurate Financial Books and Records. We Strive to Comply with All Laws and Regulations. We Maintain the Confidences Entrusted to Us

TNT POLICY Title TNT Policy on Fraud, Corruption and Bribery

THE YANKEE CANDLE COMPANY, INC. Code Of Business Conduct And Ethics

CODE OF BUSINESS CONDUCT AND ETHICS

Governance Process ENDS. Board- President Relationship. Executive Limitations

Delta Dental of Michigan, Ohio, and Indiana. Compliance Plan

COPART, INC. AMENDED AND RESTATED CODE OF BUSINESS CONDUCT. Amended and Restated October 2012

Fraud Risk Management

CHAPTER 7. Internal Control. Review Questions

Fiduciary Duty of Board of Directors to Oversee Financial Affairs

CODE OF CONDUCT DESCRIPTION PRINCIPLES POLICIES AND DEFINITIONS

Message to All Directors, Officers and Employees of Atmos Energy Corporation

ADOPTED BY THE BOARD OF PUBLIC WORKS ON JUNE 20, 2007 TO ALL EMPLOYEES OF THE DEPARTMENT OF PUBLIC WORKS

S12 - Guidelines for Planning an IS Audit Christopher Chung

Chapter 12: The Revenue Cycle

CODE OF ETHICS AND BUSINESS CONDUCT

Transcription:

STUDY UNIT TEN INTERNAL AUDIT RESPONSIBILITIES FOR FRAUD 1 10.1 Fraud -- Nature, Prevention, and Detection..................................... 1 10.2 Fraud -- Indicators........................................................ 4 10.3 Fraud -- Controls......................................................... 5 The prevention or detection of fraud is one of the most important issues in auditing, both internal and external. Practice Advisory 2120-2, Managing the Risk of the Internal Audit Activity, states, Every organization will experience control breakdowns. Often times when controls fail or frauds occur, someone will ask: Where were the internal auditors? The expectations of stakeholders regarding the ability of internal auditors to detect fraud are emphasized in this study unit. 10.1 FRAUD -- NATURE, PREVENTION, AND DETECTION 1. Impact of Fraud a. Monetary losses from fraud are significant, but its full cost is immeasurable in terms of time, productivity, and reputation, including customer relationships. b. Thus, an organization should have a fraud program that includes awareness, prevention, and detection programs. It also should have a fraud risk assessment process to identify fraud risks. 2. Characteristics of Fraud a. Pressure or incentive is the need the fraudster is trying to satisfy by committing the fraud. b. Opportunity is the fraudster s ability to commit the fraud. 1) This characteristic is the one that the organization can most influence, e.g., by means of controls and procedures. c. Rationalization is the fraudster s ability to justify the fraud in his/her mind. 3. Definition from the Glossary (see Appendix A for the complete IIA Glossary) a. Fraud is any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage. 4. Examples of Fraud a. Asset misappropriation is stealing cash or other assets (supplies, inventory, equipment, and information). The theft may be concealed, e.g., by adjusting records. An example is embezzlement, the intentional appropriation of property entrusted to one s care. b. Skimming is theft of cash before it is recorded, for example, accepting payment from a customer but not recording the sale. c. Disbursement fraud involves payment for fictitious goods or services, overstatement of invoices, or use of invoices for personal reasons. d. Expense reimbursement is payment for fictitious or inflated expenses, for example, an expense report for personal travel, nonexistent meals, or extra mileage. e. Payroll fraud is a false claim for compensation, for example, overtime for hours not worked or payments to fictitious employees.

2 SU 10: Internal Audit Responsibilities for Fraud f. Financial statement misrepresentation often overstates assets or revenue or understates liabilities and expenses. Management may benefit by selling stock, receiving bonuses, or concealing another fraud. g. Information misrepresentation provides false information, usually to outsiders in the form of fraudulent financial statements. h. Corruption is an improper use of power, e.g., bribery. It often leaves little accounting evidence. These crimes usually are uncovered through tips or complaints from third parties. Corruption often involves the purchasing function. i. Bribery is offering, giving, receiving, or soliciting anything of value to influence an outcome. Bribes may be offered to key employees such as purchasing agents. Those paying bribes tend to be intermediaries for outside vendors. j. A conflict of interest is an undisclosed personal economic interest in a transaction that adversely affects the organization or its shareholders. k. A diversion redirects to an employee or outsider a transaction that would normally benefit the organization. l. Wrongful use of confidential or proprietary information is fraudulent. m. A related-party fraud is receipt of a benefit not obtainable in an arm s-length transaction. n. Tax evasion is intentionally falsifying a tax return. 5. Division of Responsibilities a. Control is the principal means of preventing fraud. 1) Management is primarily responsible for establishing and maintaining control. 2) Internal auditors are primarily responsible for preventing fraud by examining and evaluating the adequacy and effectiveness of control. a) They are not responsible for designing and implementing fraud prevention controls. b. Internal auditors are not expected to detect all fraud: Implementation Standard 1210.A2 Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud. 1) According to Implementation Standard 1220.A1, internal auditors must exercise due professional care by, among other things, considering the probability of significant errors, fraud, or noncompliance. 2) Thus, internal auditors must consider the probability of fraud when developing engagement objectives (Implementation Standard 2210.A2). 6. Components of a Fraud Prevention System a. Fraud prevention involves actions to discourage fraud and limit the exposure when it occurs. A strong ethical culture and setting the correct tone at the top are essential to prevention. b. Overlapping control elements of a fraud prevention program are presented below and on the next page. They are based on the COSO control framework. (See Study Unit 6). 1) The control environment includes such elements as a code of conduct, ethics policy, or fraud policy.

SU 10: Internal Audit Responsibilities for Fraud 3 2) A fraud risk assessment generally includes a) Identifying and prioritizing fraud risk factors and fraud schemes b) Mapping existing controls to potential fraud schemes and identifying gaps c) Testing operating effectiveness of fraud prevention and detection controls d) Documenting and reporting the fraud risk assessment 3) Control activities are policies and procedures for business processes that include authority limits and segregation of duties. 4) Fraud-related information and communication practices promote the fraud risk management program and the organization s position on risk. The means used include fraud awareness training and confirming that employees comply with the organization s policies. a) A fraud hotline can open the channel of communication for employees to report suspected improprieties. 5) Monitoring evaluates antifraud controls through independent evaluations of the fraud risk management program and use of it. 7. Responsibility for Detection a. Internal auditors are not responsible for the detection of all fraud, but they always must be alert to the possibility of fraud. Implementation Standard 2120.A2 The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk. b. An internal auditor s responsibilities for detecting fraud include evaluating fraud indicators and deciding whether any additional action is necessary or whether an investigation should be recommended. An internal auditor suspects that a mailroom clerk is embezzling funds. In exercising due professional care, the internal auditor should A. Reassign the clerk to another department. B. Institute stricter controls over mailroom operations. C. Evaluate fraud indicators and decide whether further action is necessary. D. Confront the clerk with the auditor s suspicions. This question reinforces the proper reaction when an auditor suspects fraud. When signs of fraud are detected, internal auditors do not drop what they are doing and plunge in with all resources. Instead, they carefully evaluate the facts as a basis for further action. (If evidence of fraud does exist, the matter ordinarily must be reported to the appropriate level when the auditor has enough information.) (A) is incorrect. Personnel assignments are the responsibility of management. (B) is incorrect. The system of internal controls is management s responsibility. (C) is the correct choice. When fraud is suspected, the internal auditor evaluates the indicators and decides whether any additional action is necessary or whether an investigation should be recommended. (D) is incorrect. An internal auditor should not confront a suspect until the proper authorities have been notified and have determined the appropriate action.

4 SU 10: Internal Audit Responsibilities for Fraud 10.2 FRAUD -- INDICATORS 1. Low-Level Fraud vs. Executive Fraud a. Fraud committed by staff or line employees most often consists of theft of property or embezzlement of cash. The incentive might be relief of economic hardship, the desire for material gain, or a drug or gambling habit. 1) Stealing petty cash or merchandise, lapping accounts receivable, and creating nonexistent vendors are common forms of low-level fraud. b. Fraud at the executive level is very different. The incentive is usually either maintaining or increasing the stock price, receiving a large bonus, or both. 1) This type of fraud consists most often of producing false or misleading financial statements. 2. Terminology of Fraud Indicators a. A document symptom is any kind of tampering with the accounting records to conceal a fraud. Keeping two sets of books or forcing the books to reconcile are examples. b. Situational pressure can be personal (e.g., financial difficulties in an employee s personal life) or organizational (e.g., the desire to release positive news to the financial media). c. Opportunity to commit is especially a factor in low-level employee fraud. Poor controls over cash, merchandise, and other organizational property, as well as lack of compensating accounting controls, are enabling factors. d. A lifestyle symptom is an unexplained rise in an employee s social status or level of material consumption. e. Rationalization occurs when a person attributes his/her actions to rational and creditable motives without analysis of the true and especially unconscious motives. Feeling underpaid is a common rationalization for low-level fraud. f. A behavioral symptom (i.e., a drastic change in an employee s behavior) may indicate the presence of fraud. The guilt and the other forms of stress associated with perpetrating and concealing the fraud may cause noticeable changes in behavior. 3. Procedures for Detection a. The nature and extent of the procedures performed to detect fraud depend on the circumstances of the engagement, including the features of the organization and the internal auditor s risk assessment. 1) Accordingly, no text can feasibly present lists of all procedures relative to fraud. However, analytical procedures are routinely performed in many engagements. They may provide an early indication of fraud. a) Analytical procedures are performed to assess information collected in an engagement. The assessment compares information with expectations identified or developed by the internal auditor. 4. Some Indicators of Possible Fraud a. Frauds and their indicators (often called red flags ) take different forms: 1) Lack of employee rotation in sensitive positions such as cash handling 2) Inappropriate combination of job duties 3) Unclear lines of responsibility and accountability 4) Unrealistic sales or production goals 5) An employee who refuses to take vacations or refuses promotion 6) Established controls not applied consistently 7) High reported profits when competitors are suffering from an economic downturn 8) High turnover among supervisory positions in finance and accounting areas 9) Excessive or unjustifiable use of sole-source procurement 10) An increase in sales far out of proportion to the increase in cost of goods sold

SU 10: Internal Audit Responsibilities for Fraud 5 Which of the following is most likely to be considered an indication of possible fraud? A. The replacement of the management team after a hostile takeover. B. Rapid turnover of the organization s financial executives. C. Rapid expansion into new markets. D. A government audit of the organization s tax returns. A candidate cannot possibly memorize every red flag for fraud. However, the candidate can very often weed out the answer choices that are inconsistent with the core group of red flags that (s)he has committed to memory. (A) is not an indicator. The replacement of the management team after a hostile takeover is not unusual. (B) is an indicator. High turnover among financial executives may suggest a fear of discovery of the inflation of profits or some similar financial misrepresentation. (C) is not an indicator. Rapid expansion into new markets is not unusual. (D) is not an indicator. A government audit of the organization s tax returns is not unusual. 10.3 FRAUD -- CONTROLS No text can feasibly present lists of all possible controls. Study Units 6 and 7 contain extensive guidance on control concepts, terminology, and methods. They apply to the design and implementation of controls that are relevant to, among many other things, the prevention and detection of fraud. During an engagement involving the purchasing department, an internal auditor learned that one vendor rewarded buyers in proportion to the size of orders received. What recommendation should the internal auditor make to reduce the likelihood of future acceptance of such rewards by the buyers? A. Establishing an employee counseling program. B. Periodic review of buyer lifestyles. C. A policy of identifying and reducing buyer situational pressures. D. A strong, written statement of management s commitment to organizational ethics. Sometimes the best control is not programmed into a computer application or a requirement for a certain number of signatures. Sometimes the best control is the organization s ethical climate. (A) is not a useful recommendation. Counseling is unlikely to change the behavior of dishonest employees. (B) is not a useful recommendation. Periodic review is a detective (after the fact) control that would not uncover fraud unless a lifestyle change occurred. (C) is not a useful recommendation. Situational pressures external to the organization may be beyond its control. Pressures within the organization, e.g., to improve performance, would be unlikely to cause a buyer to take bribes from vendors. (D) is correct. One component of internal control is the control environment. Among the factors in that environment (as described in the COSO Framework and defined in The IIA Glossary) are integrity and ethical values and management s philosophy and operating style. A strong commitment by management to ethical conduct reflected in its written policies, personnel practices, interest in effective control, etc., is the most likely of the choices presented to foster the appropriate ethical climate.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback