Day 4 Preventing Fraud continued

1
Day 4 Preventing Fraud (continued)
2
Review

• Fraud prevention focus is the fraud triangle
  (scale).
• - pressures
• - opportunities
• - ability to rationalize/personal integrity

3
A practitioners view of (anti-fraud) internal
controls

• Active controls (prevents fraud)
• versus
• Passive controls (deter fraud)

4
Active Controls

• Like a fence
• Examples
• Problems?

5
Passive Controls

• Like a guard dog
• Examples
• Problems?

6
COSO

• 1. Control Environment
• a. Tone at the top
• b. Integrity and ethical values
• c. Employee competence
• d. Management operating style
• e. Assignment of authority
• f. Organizational structure
• g. Board of directors

7
COSO

• 2. Risk assessment
• 3. Information and communication
• 4. Monitoring
• 5. Control activities
• a. segregation of duties
• b. system of authorization
• c. independent checks
• d. physical controls
• e. adequate documentation

8
What else did COSO say?

• Internal controls are not perfect
• Cost/benefit importance
• All parties have responsibility
• Management
• Board
• Internal auditors
• Employees
• Other

9
AICPA

• A. Culture of honesty and high ethics
• 1. Tone at the top
• - act ethically
• - communicate expectations of honesty
• - everyone treated equal
• - code of conduct (ethics)

10
AICPA

• 2. Positive workplace environment
• - reward good behavior
• - positive feedback and recognition
• - equity
• - participation all around
• - loyalty
• - reasonable budgets/expectations

11
AICPA

• - open-door feeling
• - reasonable compensation
• - training/promotion opportunities
• - clear responsibilities
• - employee assistance programs
• - hotlines

12
AICPA

• 3. Hiring/promoting appropriate employees
• - background checks
• - resume/reference checks
• - honesty tests
• - promotion based on performance AND behavior

13
AICPA

• 4. Appropriate training
• - values and expectations
• - code of ethics
• - fraud awareness (victims, signs)
• - duty regarding reporting
• - new and periodic

14
AICPA

• 5. Confirmation (sign a statement)
• 6. Discipline
• - investigate thoroughly (but ethically)
• - take action (equal opportunity)
• - communicate actions

15
Case
16
AICPA

• B. Antifraud processes/controls
• Identify fraud risk
• Implement control activities to mitigate fraud
  risk
• Monitor said controls

17
AICPA

• C. Oversight
• Audit committee (board of directors)
• Management (responsible)
• Internal auditors (proactive)
• Independent auditors (SAS 99)
• Certified fraud examiners

18
Case
19
What else did the AICPA say?

• Misappropriation is serious even if not material
• Combination of prevention, deterrence and
  detection is best
• Organizational size makes a difference
• Internal controls are not perfect

20
ACFE

• Fraud Prevention Checklist
• Risk oversight
• Risk ownership
• Risk assessment
• Risk tolerance/management
• Process level controls
• Environment level controls
• Proactive fraud detection

21
What about Sarbanes-Oxley?

• Strengthening the role of boards and audit
  committees
• Management responsibility regarding internal
  controls
• Auditors attesting regarding internal controls
• Increased statute of limitations for fraud
• Increased penalties for financial statement fraud

22
Lets apply by looking at some cases!
23
End