4

Device

Chapter8PPT4thedition.pptx

Home >Business & Finance homework help >Accounting homework help >4

Fraud Risks and Controls

Role of InTERNAL AUDIT

Chapter 8

Fraud Risks and Controls

Chapter 8

Chapter 8: Fraud Risks and Controls

Learning objectives

Understand the prevalence of illegal acts and fraud in today’s world.

Compare and contrast various illegal acts/fraud definitions.

Describe the fraud triangle and its three elements, and “dark triad” personalities.

Define the types of fraud and fraud risk factors.

Define governance, risk management, and control in the context of fraud.

Describe fraud prevention, deterrence, and detection techniques.

Understand the behavioral aspects of fraudsters.

Describe internal auditors’ compliance and fraud-related responsibilities related to protecting the organization from regulatory violations.

Understand evolving responsibilities of the internal audit function, including the involvement of forensic accountants and fraud examination specialists.

Chapter 8: Fraud Risks and Controls

Standards related to Fraud

Chapter 8: Fraud Risks and Controls

Current environment: The perfect Storm for fraud

Internal

Controls

Layoffs unemployment and unease continue

Personal retirement plans and market levels remain low

Opportunity to

Commit Fraud

Anti-bribery regulatory focus increased globally

Budgets are decreasing. Companies and organizations are doing more with less.

Companies are decentralized which has an immediate effect on internal controls

Stressed and disaffected employees may have greater ability to rationalize improper actions

Pressure

Opportunity

Rationalization

Large government contracts

Employees are working in countries with perception of bribery

Lack of infrastructure and controls in many foreign countries

Internal and External

Pressure

(slide reproduced with permission from EY—Fraud Investigation and Dispute Services practice)

Chapter 8: Fraud Risks and Controls

Why discuss fraud?

Increasing Incidence of Fraud

Indicative of Corporate Governance Failure

Destruction of Economic Value

Legal Liability (Class-Actions)

Reputational Damage

Adverse Impact on Employee Morale and Attrition

Suggestive of Non-Compliance with Laws & Regulations

Chapter 8: Fraud Risks and Controls

Types of fraud

Fraud Types

Corruption

Assets Misappropriation

Fraudulent Statement

Conflict of Interest

Bribery

Illegal Gratuities

Economic Extortion

Cash

Inventory and other

Larceny

Skimming

Financial

Non-Financial

Chapter 8: Fraud Risks and Controls

Fraud types:

frequency vs impact

High

FREQUENCY

Low

IMPACT

($)

Financial

Reporting

Fraud

Infringement

Data Security Breaches:

ID Theft

Bribery and

Kickbacks

(FCPA)

Asset

Misappropriation

Chapter 8: Fraud Risks and Controls

Why and how fraud happens

Behavioral and Integrity Risks

Collusion, including with Third Parties

Conflicts of Interest

Unethical Conduct

Insider Trading and Self-Dealing

Operational/Financial Risks

Pressure to meet Earnings Targets

Poor Internal Controls

Lax Data/Information Security Structure

Compensation Tied to Earnings/Performance

Economic Downturn Creates Pressure

Chapter 8: Fraud Risks and Controls

Fraud indicia

Subtle and nondescript clues include:

Numbers do not add up

Revenues outside core business

Important documents missing

Journal entries without support

Aggressive accounting techniques

Management obsessed with revenue and profits

Domineering management, executives

Control overrides

Collusion is usually involved

Chapter 8: Fraud Risks and Controls

Fraud definition

Chapter 8: Fraud Risks and Controls

Additional Fraud

definitions

Chapter 8: Fraud Risks and Controls

Fraud requirements

Chapter 8: Fraud Risks and Controls

Risk of fraud – responsible parties

Board and Management

(SOX 301 requires Audit Committees to set up appropriate whistleblower policy/mechanisms)

Internal and external auditors

All employees

Chapter 8: Fraud Risks and Controls

Fraud classification

Chapter 8: Fraud Risks and Controls

The fraud triangle

Chapter 8: Fraud Risks and Controls

Root causes of fraud

Supply of motivated offenders

Availability of suitable targets

Absence of capable guardians

Means, motivation and opportunity

Excuses/Rationalization

Chapter 8: Fraud Risks and Controls

Dark triad personality factors

Three types of dark triad personalities:

Narcissists

Psychopaths

Machiavellians

Common personality traits:

Little or no conscience

Low empathy

Anti-social personality disorder (DSM-5, APA, 2013)

Disagreeableness

Can be charming, but manipulative and scheming

Source: Paulhus & Williams, 2002

Epstein & Ramamoorti (2016) in their article in THE CPA JOURNAL

Chapter 8: Fraud Risks and Controls

Warning signs

Chapter 8: Fraud Risks and Controls

COSO Internal control integrated framework principle #8

In the COSO internal control integrated framework (2013), principle #8 is one of the risk assessment component principles.

Principle #8 states:

“The organization considers the potential for fraud in Assessing risks to the achievement of objectives.”

Chapter 8: Fraud Risks and Controls

The value proposition

Chapter 8: Fraud Risks and Controls

Fraudulent financial reporting

Financial Statement Fraud:

Misrepresentation

Omission of information

Intentional misapplication of accounting principles

Misclassifications

Chapter 8: Fraud Risks and Controls

corruption

Extortion

Bribes/Kickbacks

Conflicts of interest

Illegal gratuities

Chapter 8: Fraud Risks and Controls

Fraud and internal audit

What fraud risks are being monitored?

Can management override controls?

Risk of management override (recent events)

Do the internal auditors have the required expertise to address risk of fraud?

Internal audit’s definition of the fraud detection process

Organization status of the audit function

Chapter 8: Fraud Risks and Controls

Use of data analysis to detect fraud

Chapter 8: Fraud Risks and Controls

Fraud related standards

1220.A1 - Internal auditors must exercise due professional care by considering the:

Extent of work needed to achieve the engagement's objectives.

Relative complexity, materiality, or significance of matters to which assurance procedures are applied.

Adequacy and effectiveness of governance, risk management, and control processes.

Probability of significant errors, fraud, or noncompliance.

Cost of assurance in relation to potential benefits.

2210.A2 - Internal auditors must consider the probability of significant errors, fraud, noncompliance, and other exposures when developing the engagement objectives.

Chapter 8: Fraud Risks and Controls

Role of internal auditors

Raise fraud awareness, fraud deterence

Whistleblower procedures

Standard 2130: Nature of Work: Control

Promote ethics and values

Performance management and accountability

Communications about risk and controls

Coordination responsibilities – internal auditors need help to detect and prevent fraud from occurring

Shadowing forensic investigations

Chapter 8: Fraud Risks and Controls

Fraud detection

Professional skepticism, professional judgment, and industry experience

Looking at fraud indicia and evidence

Incomplete information

Forensic data analytics, use of monitoring and visualization tools

Determining whether it is an internal control breakdown or management override of controls

No controls can provide absolute assurance

Chapter 8: Fraud Risks and Controls

Questions for

internal auditors

What fraud risks are being monitored?

Can management override controls?

What is the risk of management override (recent events)?

Do the internal auditors have the required expertise to address risk of fraud?

What is the internal audit function’s definition of the fraud detection process?

What is the organizational status of the audit function?

Chapter 8: Fraud Risks and Controls