Fraud Risk in Difficult Economic Times - questions for directors to ask

Similar documents
FRAUD RISK FACTORS CHECKLIST (Source: New AU Section 240, Appendix A)

Consideration of Fraud in a Financial Statement Audit (Redrafted) *

AUDIT RISK ASSESSMENT AND RESPONSES TO ASSESSED RISK BY Geoffrey Byamugisha Partner, Ernst & Young. Lessons on Audit Risk. Responding to fraud risk

Protecting your private business from fraud

Fraud incident handling management. Meeting the challenges of fraud

IAASB Main Agenda (September 2004) Page Agenda Item PROPOSED REVISED INTERNATIONAL STANDARD ON AUDITING 540

STUDY UNIT TEN INTERNAL AUDIT RESPONSIBILITIES FOR FRAUD

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

716 West Ave Austin, TX USA

Diving into the 2013 COSO Framework. Presented by: Ronald A. Conrad

Anti-Fraud Programs and Control Policy

IAASB Main Agenda (December 2008) Page Agenda Item

My experiences with Employee Fraud

Consideration of Fraud in a Financial Statement Audit

Auditor Objectivity and Skepticism What s Next?

SA 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL

FRAUD AWARENESS UPDATE

EY Center for Board Matters. Leading practices for audit committees

9/17/2017. An Overview of COSO s New Framework and Implementation Guidance SPEAKER. Laura Harden, CPA History

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

Effective implementation of COSO s new anti-fraud guidance

Fraud Prevention, Detection and Control. Elizabeth Coles, CPA Aldrich CPAs + Advisors LLP

WHISTLEBLOWER POLICY Whistleblower Policy and Procedures (the Policy ) of Canadian Solar Inc. and its Subsidiary Entities.

Presented by Ed Williamson and Erica Bailey

IAASB Main Agenda (December 2004) Page Agenda Item

Reducing fraud, bribery and corruption in your private business: 6 things you can do now

Audit & Risk Committee Charter

SECTION A CASE QUESTIONS (Total: 50 marks)

13-A. Fraud Phase II Issues Paper

Fraud Risk Management

Corporate Governor. Providing vision and advice for management, boards of directors and audit committees Winter 2015

STANDING ADVISORY GROUP MEETING

Financial reporting: Reviewing financial information

Your committee: Evaluates the "tone at the top" and the company's culture, understanding their relevance to financial reporting and compliance

Implementation Tool for Auditors

Pre-Engagement Activities and Audit Planning By: Tariq Mahmood FCA, ACMA

Internal Controls. Presented by: Mark Payne, CPA Partner Rae Kerr, CPA Senior Manager. March 5, 2014

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

the truth and fairness of the view given by the financial statements of the Company

Leveraging ERM to meet. and create business value. Management Flora Do, Senior Manager, Enterprise Risk Management

DECISION. mb a5 EFSA Internal Control Framework. Internal Control Framework of the European Food Safety Authority. Decision No.

B U S I N E S S R I S K M A N A G E M E N T L T D

2/27/2017. Segregation of Duties/ Internal Controls. Objectives. Agenda

Ethics and Financial Reporting: Delivering on the Commitment

Fraud Prevention and Detection Michael Schulstad, CPA/CFF/CGMA/FBI (ret)

Fraud Control Policy. Enriching Futures

Agenda 11/26/13. Updated COSO Framework

Fraud in focus March Fraud & Corruption in the Victorian Public Sector learnings and insight for 2017 and beyond

6 Assessment of risk Introduction General risk assessment Specific risk assessment Reliability factors 50 6.

Auditing Standards and Practices Council

Navigating the PCAOB s and SEC s internal control expectations A discussion. June 2015

INTERNAL AUDIT EFFECTIVENESS. Conducting Fraud Investigations Conducting Internal Audit

Standards for Internal Control in New York State Government 2016 Update

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

An Overview of the 2013 COSO Framework. August 2013

RED FLAGS- CONCEPTS AND TECHNIQUES. P r e s e n t e d b y : B y : J o h n E k a d a h

Fraud prevention, detection and investigation

Audit and Risk Committee Charter

VERSION #1 WRITE ON YOUR SCANTRON!!!

Completion and review

Entity level controls Design/implementation 530 Page 1 of 9

NACCHO GOVERNANCE CODE: NATIONAL PRINCIPLES AND GUIDELINES FOR GOOD GOVERNANCE

Standard on Quality Control (SQC) 1. Presentation to the ICAI January 18, 2014

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

uaudit Committee Self Assessment

COSO Updates and Expectations. IIA San Diego Chapter January 8, 2014

Alyssa G. Martin, CPA Brandon Tanous, CIA, Using the COSO CFE, CGAP, CRMA Framework to Develop a Strong and Preventive Control Environment

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS

FEDERAL HOME LOAN BANK OF INDIANAPOLIS CHARTER FOR THE AUDIT COMMITTEE

LIQUEFIED NATURAL GAS LIMITED

FRAUD SCHEMES. South Carolina HFMA Finance & Reimbursement Forum. November 13, 2012 WITH RELATED INTERNAL CONTROLS

Audit quality a director s guide

"Finnair" and "Finnair Group" as used herein refer to Finnair Plc and its subsidiaries.

Corporate Governance

Code of Conduct & Ethics

GOODWILL INDUSTRIES OF COLORADO SPRINGS

Internal Control Integrated Framework. An IAASB Overview September 2016

Internal Control Integrated Framework. An IAASB Overview September 2016

CAAS 104 Cost Audit and Assurance Standard on Knowledge of Business, its Processes and the Business Environment

STARWOOD HOTELS & RESORTS WORLDWIDE, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

Final May Corporate Governance Guideline

Evaluating Internal Controls

Risk Management Policy and Framework

Audit-Risk Committee. Board Approval: August 2018

Fraud, bribery and corruption Protecting reputation and value

[RELEASE NOS ; ; FR-77; File No. S ]

CORPORATE GOVERNANCE GUIDELINES

THE NEW AND REVISED INTERPRETATIONS CONTAINED IN THIS DOCUMENT ARE EFFECTIVE ON AUGUST 31, 2017 UNLESS OTHERWISE NOTED.

Report on Inspection of Deloitte LLP (Headquartered in Toronto, Canada) Public Company Accounting Oversight Board

Implementation Tool for Auditors

International Standards for the Professional Practice of Internal Auditing (Standards)

Alfa Laval (India) Limited Whistle Blower Policy

This document articulates ethical and behavioral guidance for all NGA Human Resources companies, employees, and business partners (such as suppliers,

STRENGTHENING INTERNAL CONTROLS. What We Will Cover Today

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

McGraw-Hill/Irwin. Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved.

Transcription:

Fraud Risk in Difficult Economic Times - questions for directors to ask Author: Mike Savage, CA Introduction In difficult economic times, the risk of fraud is heightened because of both an increased incidence of fraud risk factors and an increased likelihood of detecting frauds that have continued for some time. Fraud risk factors increase because individuals face more pressures, are presented with more opportunities to commit fraud and find it easier to rationalize their actions. In considering the due diligence required, directors should take into account the following: Stakeholders have higher expectations of those charged with governance than ever before. A large proportion of management may have limited prior experience in the pressures of managing through a global recession. Material frauds are crisis events and responding to them can be a significant distraction to management. Both the current and historical fraud experiences in the entity and the industry will be relevant. While most, if not all, employees have integrity, in any large organization there will likely be some employees who are vulnerable at a point in time. Directors should satisfy themselves that management has implemented reasonable and prudent measures to manage the risks of external and internal fraud. Fraud can be defined as an intentional deception resulting in injury or loss to the organization. External fraud includes losses from frauds by suppliers, customers or others outside the company, such as organized crime. Internal fraud refers to fraud committed by those within the organization, whether management or employees, and may include asset misappropriation, corruption or financial statement fraud. While it is easier to relate to fraudsters as outsiders rather than as employees, directors should bear in mind that employees may be recruited by outsiders because of their access to assets, systems and information. Securities regulations require many companies to have internal controls over financial reporting. While these internal control programs would typically cover financial statement fraud and even asset misappropriation, they would be designed to identify amounts considered material for financial reporting purposes and might not extend to other types of frauds. The harm fraud inflicts on an organization extends beyond the direct financial loss. It is relatively rare for the loss to be so large as to cause a business failure, even though the losses accumulate over time. The real harm is the element of misrepresentation inherent in the fraud. Trust relationships erode, reputations are impaired and concerns emerge about what else remains undetected. Repeated often enough, or at a senior management level, fraud can have a direct impact not just on individuals, but also on the company s reputation leaving scars that may never fully heal. What are diligent directors to do in these volatile times? Directors should ask questions to understand how management has managed the risk of fraud. Is management focused on the risks most likely to cause significant harm? Are there adequate policies and procedures that are properly communicated and supported by effective internal controls? This presents a series of questions as a catalyst for useful dialogue. Not all of the questions will be relevant to all companies. Many of the questions are intended for directors to ask management. Others are questions for directors to discuss among themselves. Fraud Risk in Difficult Economic Times - questions for directors to ask 1

Factors Leading to the Increased Incidence of Fraud The fraud triangle is a generally accepted model for managing fraud risk. It asserts that there are elements of opportunity, pressure and rationalization present in fraudulent actions. Difficult economic conditions aggravate each of these risk factors, elevating the risk of fraud, as detailed below. Flatter management Downsizing finance & compliance Opportunity Budgets are decreasing Doing more with less Layoffs are increasing Stock prices are declining Credit crisis Lower incentive compensation Internal and External Pressure Opportunity to Commit Fraud Actions Rationalized Weakened trust relationships Alienated employees will justify their actions Pressure Rationalization A. Opportunity Cost-cutting measures may be implemented without full consideration of the impact on internal controls. As a result, some measures may weaken internal controls or delay the remediation of identified control deficiencies. Some internal controls will be discontinued as employees leave. Fewer employees will likely mean that remaining employees will be asked to take on additional functions and responsibilities, some of which may impair the proper segregation of duties. Management review and supervision is also likely to deteriorate where layers of management are flattened, middle management is trimmed or attention is directed towards business imperatives such as maintaining sales and cash flow. Management oversight functions, such as internal audit, compliance and legal, are unlikely to be able to fully compensate even if they remain unaffected by the cost-cutting. Directors need to assess whether management has given appropriate consideration to the effects of cost-cutting on the company s fraud risks. 1. Where there have been headcount reductions, is the segregation of duties still effective, and does management understand the need for increased supervision and review in the interim? Is there a process to assess and rebalance the remaining internal controls? 2. Do any operational changes provide an opportunity for management rotation into operations historically vulnerable to fraud? 3. Is the plan to remediate previously identified internal control deficiencies adequate and on schedule? 4. Are there measures to manage the fraud risks stemming from increased integration with business partners, service providers and intermediaries? Fraud Risk in Difficult Economic Times - questions for directors to ask 2

B. Pressure At the individual level, there are personal pressures the so called need or greed factors that relate to fraud risk. These are often related to lifestyle (home, cars, second home) or vices (drugs, gambling, alcohol, greed, ego). In some cases, the personal financial situation of members of management may be threatened by the organization s financial performance or dependent on incentive compensation. Risks are higher, for example, where incentive compensation was previously a large proportion of total compensation, or the method of incentive compensation is narrowly focused on short-term performance. At the corporate level, there are broader employment pressures to postpone difficult decisions, such as closures, disposals or separations. There are also market pressures related to the financial stability or profitability of the business, such as debt covenants. 5. What measures exist to deal with the concerns of management and/or employees regarding falling incentive or contingent compensation? 6. Should incentive compensation targets for future periods be recalibrated to realistic levels? 7. What processes exist to identify when a management bias in accounting estimates crosses the line and becomes inappropriate accounting? 8. What are the processes to manage a possible breach of debt covenants? 9. If earnings targets are likely to be missed, what is the process to ensure that: - revenues are not recorded prematurely, - expenses are properly accrued, and - inflated provisions or accruals are not established as a means to achieve targets in later periods? C. Rationalization Fraudsters rationalize their actions to themselves. The more common rationalizations include: a noble cause, such as it s for the team, or to accommodate a business partner ; a borrowing, such as it will net out when business picks up or I ll pay it back ; a sense of entitlement, such as I deserve it, they owe me or it s immaterial to them. 10. What more can be done to reinforce the tone from the top? 11. Is the guidance on appropriate conduct clear, consistent and adequately communicated, or is there ambiguity and room for interpretation? 12. Is there an undue reliance on segregation of duties between members of small close-knit teams (affinity groups)? For example, is the finance manager at a remote operation an effective check and balance over the general manager? 13. What has management done to maintain the loyalty of non-terminated employees, for example, to reinforce to them that their contribution is valued? The Increased Likelihood of Detecting Pre-Existing Fraud Frauds that have continued for some time are more likely to be detected during difficult economic times. Some factors that may contribute to this include the following: Low earnings and revenues attract more focused scrutiny and oversight. Changes to management structures or closer review and supervision are likely to bring fresh perspectives and changes to long-standing practices or procedures. Business failures may precipitate investigations by third parties such as regulators, creditors or new owners. Fraud Risk in Difficult Economic Times - questions for directors to ask 3

Different Fraud Risks in Difficult Economic Times Different fraud risks are likely to become more relevant during difficult economic times. For example, asset misappropriation may be more likely now than in prior years. A balance is required between the risk of a fraud event and the costs of internal controls. A risk-based approach is appropriate to focus on the more significant exposures and more likely incidents of fraud, referred to below as the priority fraud risks. Effective fraud risk assessments require sound and thoughtful judgments that reflect a company s individual facts and circumstances. These circumstances include the economic conditions in which the organization operates. Examples of priority fraud risks might include the following: procurement frauds, such as kickback schemes or undisclosed interests in contracts by employees looking to establish a source of funds in addition to employment income; failure to disclose of breaches of debt covenants to financiers; corrupt payments to secure or preserve revenue streams; premature recognition of revenue; difficulties in achieving compliance with generally accepted accounting practices, including those relating to fair value measurements, accounting estimates, asset impairment and post-retirement obligations; and asset misappropriation through unauthorized loans and advances. 14. Has management considered the extent to which the difficult economic times have changed the fraud risk profile and responded accordingly? Elements of an Anti-Fraud Program Management is responsible for a system of internal controls designed to provide reasonable assurance that the financial records are reliable and form a proper basis for preparing the financial statements, that the assets are properly accounted for and safeguarded and that there is compliance with regulations. While most, if not all, internal controls have some value in preventing or detecting fraud, it is not practical to guard against all possible frauds, and for any given fraud scheme or scenario, some controls will be more effective than others. For ease of reference, the key internal controls and processes in managing fraud risk are referred to as management s anti-fraud program. The key elements of an anti-fraud program should include: Tone at the top The tone set by the directors and by executive management establishes the environment in which people make choices. Employees take their ethical cues from the words and actions of their leaders. Tone is maintained when employees see consistent and repeated examples of ethical choices. The relative importance that leaders attach to integrity and ethical behaviour sets the foundation for effective internal controls. Fraud risk assessment The more significant and more likely frauds are identified and selected for consideration as specific fraud risks, typically articulated in the form of a scheme or scenario. The key prevention and detection internal controls over those specific fraud risks are both designed and operating effectively. There is a process to monitor the key controls. Policy and procedure communication and training The expected minimum standards for behaviour are established through policies and procedures, including a code of conduct. These standards are made available and communicated to employees. In some instances, communication may be insufficient to ensure a proper understanding. In these instances, training or close supervision may be appropriate; for example, where the procedure is complex, or the employee is new to the role. Fraud Risk in Difficult Economic Times - questions for directors to ask 4

Responses to fraud events or allegations Responses should reinforce the importance of compliance, not only to identify and deal with the perpetrator, but also to provide a credible deterrent to others. Responses could include: escalation and investigation of allegations of grounds for concern, enforcement of discipline and compliance to correct behaviours, financial recovery of losses, and control remediation. 15. Is management able to articulate the key elements of its anti-fraud program? 16. Has the fraud risk appetite been considered? For example, is a zero-tolerance policy appropriate or practical, and what level of fraud loss should be escalated to the attention of the directors? Due Diligence and Management Override Many of the more significant historical corporate frauds were associated with a failure to detect an override by management of an otherwise effective system of internal control. This poses a particularly difficult dilemma for directors, who are required to be diligent in discharging their governance and oversight responsibilities, but who should not foster a culture of mistrust within management, nor should they unduly cross the line into operational matters. In the context of fraud risk, directors can effectively demonstrate due diligence by: ensuring that a member of management takes responsibility for management s anti-fraud program (as discussed above), assessing the effectiveness of the anti-fraud program, and managing the risk that management inappropriately overrides its own system of internal controls. Measures to address the risk of management override of internal controls could include 1 : Maintaining skepticism. Fraud risks exist in every entity. Beliefs about management integrity should be set aside because override is not necessarily by consistently dishonest executives, but also by good executives gone bad. Strengthening understanding of the business and the industry as a basis for evaluation of management s representations. Setting and reinforcing an appropriate culture or tone at the top, including an effective code of conduct. The availability and effectiveness of a direct reporting channel of last resort for whistleblowers. Developing a broad information and feedback network that extends beyond senior management. The network could include, for example, internal audit, external audit, general counsel, compliance or human resources. This network acts in many respects as a second level of conscience for management. 17. What measures are in place to mitigate the risk that management may override its own internal controls? Conclusion One of the most difficult risks for directors to manage is that of fraud. This document is intended to alert directors to the risk of fraud and to provide guidance on some prudent and reasonable measures that can be taken to demonstrate due diligence. Mike Savage is the practice leader for Fraud Investigation & Dispute Services for Ernst & Young in Canada and leads their anti-fraud solution globally. He is a chartered accountant. 1 American Institute of Certified Public Accountants. Management Override of Internal Controls: The Achilles Heel of Fraud Prevention, 2005 This is a publication of CICA's Risk Management and Governance Board. Additional guidance publications for boards of directors can be found at www.rmgb.ca. Fraud Risk in Difficult Economic Times - questions for directors to ask 5

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback