Anti-Fraud Programs and Control Policy

Similar documents
AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

COSO Updates and Expectations. IIA San Diego Chapter January 8, 2014

Effective implementation of COSO s new anti-fraud guidance

AUDIT RISK ASSESSMENT AND RESPONSES TO ASSESSED RISK BY Geoffrey Byamugisha Partner, Ernst & Young. Lessons on Audit Risk. Responding to fraud risk

AUDIT COMMITTEE CHARTER

ENGHOUSE SYSTEMS LIMITED AUDIT COMMITTEE CHARTER

AUDIT COMMITTEE CHARTER

Key Elements of Antifraud Programs and Controls

9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in

Agenda 11/26/13. Updated COSO Framework

IPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by:

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF DROPBOX, INC.

STANDING ADVISORY GROUP MEETING

NORFOLK SOUTHERN CORPORATION. Committee s Role and Purpose

CABOT OIL & GAS CORPORATION AUDIT COMMITTEE CHARTER

AEGON N.V. AUDIT COMMITTEE CHARTER

APPENDIX A. Audit Findings Report. For the Year ended March 31, 2017

CLIENT ALERT: INTERNAL CONTROL OVER FINANCIAL REPORTING

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC

Present and functioning: Fine-tuning your ICFR using the COSO update

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

BIO-RAD LABORATORIES, INC. (the Company ) Audit Committee Charter

Who Owns Fraud Uniting Corporate Executives to Manage Your Anti-Fraud Program

AUDIT COMMITTEE CHARTER

The Audit Committee of the Supervisory Board of CB&I

STUDY UNIT TEN INTERNAL AUDIT RESPONSIBILITIES FOR FRAUD

Navigating the PCAOB s and SEC s internal control expectations A discussion. June 2015

Presented by Ed Williamson and Erica Bailey

WELLS FARGO & COMPANY AUDIT AND EXAMINATION COMMITTEE CHARTER

GRANITE CONSTRUCTION INCORPORATED AUDIT/COMPLIANCE COMMITTEE CHARTER

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

13-A. Fraud Phase II Issues Paper

F5 NETWORKS, INC. AUDIT COMMITTEE CHARTER AS AMENDED AND RESTATED BY THE BOARD OF DIRECTORS OF F5 NETWORKS, INC. APRIL 21, 2017

Bearing the Bad News Reporting to the Board on Internal Corruption. Peter Dent, National Leader Deloitte Forensics September 11, 2013

TEVA PHARMACEUTICAL INDUSTRIES LIMITED AUDIT COMMITTEE CHARTER

NATIONAL CINEMEDIA, INC. AUDIT COMMITTEE CHARTER

POLARIS INDUSTRIES INC. BOARD OF DIRECTORS AUDIT COMMITTEE CHARTER Revised January 26, 2017

CHARTER OF THE AUDIT, FINANCE AND RISK COMMITTEE OF THE BOARD OF DIRECTORS OF ACE AVIATION HOLDINGS INC.

RISK AND AUDIT COMMITTEE TERMS OF REFERENCE

2/20/15. Trevor Stewart, CPA Director of Business Services Source documentation includes CCIA and FCMAT

CHARTER AUDIT COMMITTEE

EY Center for Board Matters. Leading practices for audit committees

[RELEASE NOS ; ; FR-77; File No. S ]

OSHKOSH CORPORATION BOARD OF DIRECTORS AUDIT COMMITTEE CHARTER. As Amended as of May 9, 2016

STARWOOD HOTELS & RESORTS WORLDWIDE, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

McGraw-Hill/Irwin. Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved.

FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

AUDIT COMMITTEE CHARTER

GROUP 1 AUTOMOTIVE, INC. AUDIT COMMITTEE CHARTER

APPENDIX A. Audit Findings Report. For the Year ended March 31, 2016

Audit and Risk Management Committee Charter

FRAUD AWARENESS UPDATE

Audit Committee Charter for XL Group Ltd

Conducting a Fraud Risk Assessment

Audit Training-of-Trainers Workshop, November 2014, Vienna Components of internal control within organization

Audit & Risk Committee Charter

FARMER BROS. CO. CORPORATE GOVERNANCE GUIDELINES (Adopted February 1, 2017)

Alyssa G. Martin, CPA Brandon Tanous, CIA, Using the COSO CFE, CGAP, CRMA Framework to Develop a Strong and Preventive Control Environment

Corporate Governor. Providing vision and advice for management, boards of directors and audit committees Winter 2015

BIOSCRIP, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

After completing this Session, you should be able to answer the following questions:

FRD510. Principles of Fraud Examination - 20 hours. Objectives

IAASB Main Agenda (December 2008) Page Agenda Item

IAASB Main Agenda (December 2004) Page Agenda Item

An Overview of the 2013 COSO Framework. August 2013

Audit Committee Member Roles and Responsibilities

ABCANN GLOBAL CORPORATION CORPORATE GOVERNANCE POLICIES AND PROCEDURES

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013

MINDEN BANCORP, INC. AUDIT COMMITTEE CHARTER

FRAUD SCHEMES. South Carolina HFMA Finance & Reimbursement Forum. November 13, 2012 WITH RELATED INTERNAL CONTROLS

Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)

6 Assessment of risk Introduction General risk assessment Specific risk assessment Reliability factors 50 6.

AUDIT COMMITTEE CHARTER

Audit Committee Performance Evaluation Form

DATATRAK INTERNATIONAL, INC. AUDIT COMMITTEE CHARTER. (As Adopted on April 20, 2004)

IAASB Main Agenda (March 2005) Page Agenda Item 12-C

Audit Committee of the Board of Directors Charter CNL HEALTHCARE PROPERTIES II, INC.

GOODWILL INDUSTRIES OF COLORADO SPRINGS

Fraud Risk Management Review March 18, 2010

GTT COMMUNICATIONS, INC. AUDIT COMMITTEE CHARTER

Audit-Risk Committee. Board Approval: August 2018

Audit Committee Charter

Auditing Standards and Practices Council

REPORT 2016/033 INTERNAL AUDIT DIVISION

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

Eric Kinsherf, CPA MMAAA Conference June 12, 2018

AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF THE TORONTO-DOMINION BANK CHARTER

Fraud Risk Management

NEW YORK LIFE INSURANCE COMPANY AUDIT COMMITTEE MISSION STATEMENT

EFFICIENT USE OF AUDIT COMMITTEES

Internal Audit Policy and Procedures Internal Audit Charter

SMITH & NEPHEW PLC TERMS OF REFERENCE OF THE AUDIT COMMITTEE

CDK GLOBAL, INC. AUDIT COMMITTEE CHARTER Effective January 20, 2016

Audit Committee Charter

Entity level controls Design/implementation 530 Page 1 of 9

Your committee: Evaluates the "tone at the top" and the company's culture, understanding their relevance to financial reporting and compliance

Diving into the 2013 COSO Framework. Presented by: Ronald A. Conrad

REGISTERED CANDIDATE AUDITOR (RCA) TECHNICAL COMPETENCE REQUIREMENTS

Audit Committee Charter

Transcription:

Anti-Fraud Programs and Control Policy OVERVIEW This document provides an overview of the programs and controls Tahoe Resources Inc. ( Tahoe ) follows in order to evaluate fraud risk as it pertains to Internal Control over Financial Reporting ( ICFR ). The programs and controls satisfy Section 404 of the Sarbanes-Oxley Act of 2002 Management Assessment of Internal Controls. For reference to Tahoe s programs and controls related to international and domestic anti-corruption laws, including the U.S. Foreign Corrupt Practices Act ( FCPA ), the Canadian Corruption of Foreign Public Officials Act ( CFPOA ), and other applicable laws, please see Tahoe s Anti-Corruption Policy. PROCESS At least annually, Tahoe s Management conducts a fraud risk assessment and provides a written summary of the results that can be communicated to and discussed with Tahoe s Board of Directors and related subcommittees. The results of the annual assessment provide a point-intime snapshot of fraud risks and their potential impact to Tahoe. Management understands that this process is not a one-time event and that it must routinely update its assessment of such fraud risks facing the Tahoe. A component of Tahoe s internal controls framework is the Entity-Level Controls ( ELC ) process. Within the ELC process is a sub-process pertaining to the assessment of risks facing Tahoe. This sub-process includes the assessment of potential fraud risks facing Tahoe. Potential fraud risks are to be identified and analyzed by Management and then communicated to and discussed with those charged with Tahoe s corporate governance (e.g., the Disclosure and Audit Committees). The specific fraud-related ELC process objectives and activities are as follows: ELC Objective: Tahoe has developed and implemented an anti-fraud program and related controls. Investigative protocols are in place regarding following up on fraud and related issues. ELC Activity: There is a systematic, documented approach to assessing the risk of fraud and related risks (fraud risk factors). The fraud risk assessment includes consideration of risks of Management override, manipulation of estimates, accuracy and completeness of financial statement disclosures and Management Discussion and Analysis ( MD&A ). The risk analysis process, including assessing significance and likelihood and determining actions, is thorough and relevant. ELC Activity: The Audit Committee is active in inquiring about fraud and other related issues. Tahoe has designated its Chief Financial Officer ( CFO ) to report fraud and related issues to the Audit Committee. There is formal documentation through meeting agendas, minutes, presentations, etc. documenting fraud related issues covered, including questions asked.

Anti Fraud Programs and Control Policy Page 2 RISK ASSESSMENT SCOPE In order to clearly define the scope of the annual risk assessment, the definitions of key terms utilized throughout the course of this exercise are provided below: Tahoe defines fraud as any intentional act that is committed to secure an unfair or unlawful gain. The categories of fraud related to ICFR considered by Management in this assessment are (see Appendix B for a diagram): Fraudulent Financial (Statements) Reporting Most fraudulent financial reporting schemes involve earnings Management, arising from improper revenue recognition, and overstatement of assets or understatement of liabilities. Misappropriation of Assets This category involves external and internal schemes, such as embezzlement, fraudulent disbursements, payroll fraud and theft. Corruption o o Expenditures and liabilities for improper purposes This category refers to commercial and public bribery, as well as other improper payment schemes. Fraudulently obtained revenue and assets, costs and expense avoided This category refers to schemes where an entity commits a fraud against its employees or third parties, or when an entity improperly avoids an expense, such as tax fraud. Please refer to Tahoe s Anti-Corruption policy for additional guidance on how to manage corruption risk faced by Tahoe. Additionally, it is important to note that various fraud schemes/scenarios can be perpetuated at many different locations or levels within an organization. For the purpose of this assessment, Tahoe considers fraud that can occur at three levels: Account-level Process-level Entity-level Account-level and process-level fraud risks are defined as risks that are contained to a specific account or process. As such, these risks will be identified and evaluated as part of the process documentation created for each relevant business area. Within the control documentation for each business process, specific, relevant fraud risks are identified, and corresponding controls are linked to these risks and tested based upon their significance. Management defines entity-level fraud risks as those schemes and scenarios that may be undertaken by employees, contractors, agents, vendors or other parties that could have a material impact to the organization, either directly through financial statement impact or through other indirect means (e.g., stock price decline, reputation deterioration, etc.). Entitylevel fraud risks are considered separately. Management prepares a risk and control matrix of entity-level fraud risks and associated controls for Tahoe. The presentation of these risks and controls are similar to the account- and process-level control documentation prepared for individual business processes. The remainder of this document details the process by which fraud risks are identified and assessed throughout the organization.

Anti Fraud Programs and Control Policy Page 3 FRAUD RISK IDENTIFICATION In order to establish and implement an effective anti-fraud program, an organization must determine what potential vulnerabilities exist with regard to fraud perpetrated within Tahoe and against Tahoe. The Ontario Security Commission ( OSC ) Instrument ( the Instrument ) provides guidance that each public company should consider potential fraud schemes and scenarios that could be perpetuated by a company and against a company. The Instrument also advises companies to pay special attention to the risk of Management override of controls that could result in fraudulent activity. The Internal Controls Compliance Team (the ICC Team ), which is comprised of the CFO, select members of the Internal Audit team, and internal control specialists and advisors, will develop the initial population of potential fraud schemes/scenarios using a number of documents and tools to assist in this process. Those tools include: Account- and process-level risk assessments conducted as part of the ICFR Reporting compliance process; Management fraud risk assessment and analysis meetings held between the CFO, CEO, the Internal Audit team, and external advisors such as control specialists and external auditors; Fraud questionnaires and/or interviews held with selected employees, contractors and members of Management in order to determine if any additional risks or known/suspected incidents of fraud could be identified (see Appendices D and E); and External literature on the topic of fraud (such as the Annual Reports to the Nation on Occupational Fraud and Abuse published by the Association of Certified Fraud Examiners). Based on the process described above, the ICC Team will prepare a comprehensive population of potential fraud schemes/scenarios relevant to Tahoe. The ICC Team will formally define each fraud scenario that is relevant to Tahoe to ensure a common understanding of each risk by all relevant Company personnel. RISK RATING Once the population of fraud schemes and scenarios are compiled, the ICC Team preliminarily ranks the fraud exposure of each functional area of Tahoe. A rating of High, Moderate or Low is assigned to each of two criteria: (1) likelihood of occurrence of the schemes/scenarios and (2) potential magnitude resultant from each scheme/scenario. These ratings represent the overall likelihood and potential magnitude of all potential fraud schemes/scenarios that are identified for each fraud scheme/scenario. This is done in order to focus Tahoe s analysis and evaluation of anti-fraud controls in response to the magnitude of the identified risk. As a result of this rating exercise, the ICC Team evaluates the sufficiency of controls in place to prevent and/or detect fraudulent activity from occurring for each of the fraud schemes/scenarios. After completing a first draft of the population of potential fraud schemes/scenarios, the results will be presented to the Audit Committee for review.

Anti Fraud Programs and Control Policy Page 4 ANTI-FRAUD CONTROLS DESIGN AND EFFECTIVENESS ANALYSIS The process for the evaluation of anti-fraud controls closely follows the approach for the evaluation of financial reporting controls within Tahoe. This evaluation process is two-part: (1) evaluating the design of controls and (2) subsequently evaluating each control s operating effectiveness. DESIGN EVALUATION The Internal Audit Team works with process owners to identify controls that were designed to prevent potential fraud schemes/scenarios from occurring and/or detect the occurrence of such activities. Each scheme/scenario identified by the Internal Audit Team is assessed individually. The Internal Audit Team assists Management in the evaluation and determination of whether an appropriate mix of preventive and detective controls are in place, based upon the nature, likelihood of occurrence and potential magnitude of each individual scheme/scenario. After creating an inventory of all controls in place, the Internal Audit Team presents the control gap analysis to the relevant process owners for review and approval. The Internal Audit Team and the process owner s work together to develop and implement remediation plans for any control design gaps identified. EFFECTIVENESS EVALUATION The Internal Audit Team is also responsible for evaluating whether anti-fraud controls are operating as designed. Following the same procedures utilized for assessing the operating effectiveness of other Company controls within the scope of the OSC Instrument, the Internal Audit Team develops and executes test plans to ascertain whether controls designed to prevent or detect fraud operate as intended. As with tests of other controls, the Internal Audit Team determines the appropriate mix of test procedures (i.e., inspection, observation or inquiry) to provide sufficient evidence regarding whether each control is operating as intended. Similar to the risk and control analysis performed for each relevant business process, the risk and controls relating to entity-level fraud schemes and scenarios is documented and retained within the ICFR file. Henceforth, the specific test plans, test procedures and results of these tests can be obtained from the ICFR file. PRESENTATION OF COMPLETED ANTI-FRAUD PROGRAM ANALYSIS In conjunction with provisions set forth in the Instrument, the results of the fraud risk assessment are presented to Tahoe s Board of Directors (the Board ). The Board is ultimately responsible to perform adequate oversight over the conclusions Management derives from its evaluation of its anti-fraud program. For each fiscal year, the results of the fraud risk assessment along with the anti-fraud programs and controls in place will be presented to the Audit Committee and Board members. Minutes from this meeting will be prepared and filed by the Corporate Secretary and provide additional details of the presentation and discussion of the anti-fraud program within Tahoe s Directors. A high level summary of Tahoe s approach to implementing anti-fraud programs and controls can be found in Appendix A.

Anti Fraud Programs and Control Policy Appendix A Page 5 APPENDIX A Overview of Tahoe Resources Inc. s approach to implementing Anti-Fraud Programs and Controls Setting the Tone at the Top: Differentiating the Role of Management and the Audit Committee Step Maintain tone at the top. Evaluate the evidence of tone at the top, including the policies and processes prohibiting Management override of established controls. For example, does senior Management actively support the anti-fraud program efforts? Is there consistency in the way the code of conduct is enforced across all locations and units? Are there controls over non-routine transactions? Are company-level controls adequately documented? Do company-level controls include codes of conduct and fraud prevention that apply to all locations and units? Assess fraud risk. Determine the specific industry, geographic and other relevant fraud risks and ensure the anti-fraud program addresses these risks appropriately. What are the specific industry fraud risks? What are the geography-specific fraud risks (e.g., risks pursuant to the Canadian Corruption of Foreign Public Officials Act)? Fraud risks may be assessed using a scenario approach, by evaluating risks with specific processes and by considering applicability of relevant fraud risk indicators. Identify mitigating controls. Does the anti-fraud program consider the identified fraud risks? For example, controls should be linked to specific fraud risks identified at both the entity and process levels. With regard to the design of controls, a company s documentation should encompass the design of controls to prevent or detect fraud, including who performs the controls and the related segregation of duties. Reference / Comments Entity-level Process Appendices B and Annual Fraud Risk Assessment Fraud Risk Assessment

Anti Fraud Programs and Control Policy Appendix A Page 6 Step Conduct fraud. Management must determine the controls that should be tested, including the anti-fraud program and controls. Internal audit activity relating to fraud should be adequate, and the internal audit function (externally or internally staffed) should report directly to the Audit Committee. The Audit Committee should demonstrate an adequate level of involvement and interaction with internal audit on fraud matters. With respect to the external auditor, Canadian Auditing Standards (CAS) requires the external auditor to hold annual fraud risk discussions with the Audit Committee. The Board lists the following controls that might address these risks: Reference / Comments Fraud Risk Assessment and Financial Close Process Code of Conduct Audit Committee (and other) charters Fraud risk discussions at Audit Committee meetings Cascading certifications Presentations by Management, including business Consideration of entity-level controls and tone at the top Controls over significant, unusual transactions, particularly those that result in late or unusual journal entries Controls over journal entries and adjustments made in the period-end financial reporting processes Controls over related party transactions Controls related to significant Management estimates Controls that mitigate incentives for, and pressures on, Management to falsify or inappropriately manage financial results Management and the Audit Committee should also focus on these controls to ensure that they are in place and operating effectively. Maintain effective code of conduct. Documentation of the code of conduct provisions should exist, especially those related to conflicts of interest, related party transactions, illegal acts and the monitoring of the code by Management and the Audit Committee or Board. If there is a code, is it public? Is it communicated adequately throughout the organization? Is it periodically reinforced? Is it enforced consistently? Entity-level Process

Anti Fraud Programs and Control Policy Appendix A Page 7 Step Exercise anti-fraud program oversight. Fraud needs to be on the agenda of Audit Committee meetings, Disclosure Committees and fraud program Management at appropriate times. There should be clear documentation of such considerations to establish the viability of the anti-fraud program. Identify and investigate complaints. There should be adequate procedures for handling complaints and for accepting anonymous, confidential submissions of concerns about questionable accounting or auditing matters. Determine whether the Audit Committee has established procedures to handle anonymous, confidential complaints and submissions regarding financial reporting and/or audit irregularities. Is there a whistleblower process in place? How are concerns or complaints reported directly through the chain of command captured, elevated and addressed? What is the frequency of reported frauds? Is there a procedure in place to ensure that investigations (both internal and independent) are conducted in a timely, efficient and consistent manner? Do corrective and remediation activities address the root cause(s) of misconduct? What is conducted to determine if fraud is reported, investigated and resolved in the manner described in the antifraud program? Remediate deficiencies. When deficiencies in the anti-fraud program are identified, they should be remedied in a timely manner. Consult with advisors. Management should consult with legal advisors, fraud specialists and the external auditors as Tahoe documents, evaluates and refines the anti-fraud program. Reference / Comments As Documented in this document; see also Entitylevel Process Entity-level Process Fraud Risk Assessment Management will retained external advisors to assist with the ICFR compliance process as deemed necessary. Additionally, the ICC Team has been in close collaboration with the external auditor.

Anti Fraud Programs and Control Policy Appendix A Page 8 Tahoe recognizes that, while there is no one-size-fits-all approach to managing fraud risk, an effective risk based anti-fraud program will enable the evaluation, mitigation and monitoring of fraud risk. Tahoe also recognizes that to be successful, Senior Management must be involved in supervising the program, and the Audit Committee must provide appropriate oversight. Consequently, Tahoe places a strong emphasis on creating a culture of honesty and high ethics, evaluating anti-fraud processes and controls, and developing an appropriate oversight process. Both Management and the Audit Committee are focused on an effective anti-fraud program. The Audit Committee augments the tone at the top that is so vital to an effective control environment. To that end, the Audit Committee becomes knowledgeable and informed about the ICFR evaluation process and Management s assessment results. In the process, the Audit Committee ensures that a rigorous evaluation is conducted to address fraudulent reporting risk, including the risk of Management override in the financial reporting process. To accomplish this, Management periodically generates and the Audit Committee actively reviews reports evidencing effective operation of the anti-fraud program. For example, Management prepares a fraud risk assessment and includes consideration of vulnerabilities across the enterprise and within business units, geographies and the industry. In exercising its oversight role, the Audit Committee reviews Management s overall summary documentation, articulating the overall approach to, and the results of the ICFR assessment process. Additionally, the Audit Committee, the Board, External Auditors, Internal Audit specialists and advisors collaborate on a regular basis to ensure the anti-fraud program is effective and meets the requirements of all applicable regulations, laws and rules.

Anti Fraud Programs and Control Policy Appendix B Page 9 APPENDIX B

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback