Fraud Risk Assessment & Prevention PDF

**CHAPTER 7: FRAUD RISK ASSESSMENT, AWARENESS, PREVENTION AND DETECTION** **Fraud** The use of one's occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization's resources or assets (Association of Certified Fraud Examiners) *Elements:* - Misrepresentation - of a material fact - with the **[intent]** to deceive *Types of Fraud:* - [Misappropriation of assets] -- theft or misuse of the university assets - [Corruption] - abusing influence and power within the university to obtain some benefit at the university's expense - [Fraudulent Financial Reporting] -- intentional misstatements or omissions of amounts or disclosures in financial statements *How to identify the fraudster/fraud* If you want to know what a fraudster looks like, look to the person on your right, then to the one on your left, and it will look like the person in the middle. White-collar criminals look like you and me. *Who Commits Fraud?* - Management - Manipulation of the accounting records - Employees - Stealing the University's assets such as cash, inventory, etc. Fraudulent disbursements - Vendors -Shell Companies, Bid Rigging *MANAGING FRAUD: Five Key Principles for proactively establishing an Environment to effectively manage an Organization's Fraud Risks* 1. As part of an organization's governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk. 2. Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate. 3. Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization. 4. Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized. 5. A reporting process should be in place to solicit input on potential fraud. **A FRAUD RISK ASSESSMENT** should be performed periodically to identify potential schemes and events that need to be mitigated. Most organizations have written policies and procedures to manage fraud risks, such as codes of conduct, expense account procedures, and incident investigation standards. They usually have some activities that management has implemented to assess risks, ensure compliance, identify and investigate violations, measure and report the organization's performance to appropriate stakeholders, and communicate expectations. *Elements of Fraud Risk Assessment* 1. Identify inherent fraud risks. 2. Assess likelihood and significance of inherent fraud risks 3. Respond to reasonably likely and significant inherent and residual fraud risks. *Why Do People Commit Fraud:* *Fraud Triangle Theory* *Fraud Diamond Theory* ![](media/image2.png) *Fraud Detection: Common Types of Fraud* - False claims / false statements - Mischarging: overcharging, defective pricing - Product substitution / Counterfeit parts - Kickbacks, bribery, gratuities, conflict of interest - Theft of government property - Embezzlement - Computer crimes - Collusive bidding/bid rigging/price fixing/antitrust *Fraud Detection: Red Flags* - Frequent sole source contracts / non-competitive awards - Unusually high indirect charges - Double / inflated charges -- have to frequently be contested - Frequently disallowed costs - Lack of supporting documentation - Supporting documents for invoices look "created" - Contractor has poor management officials - Restriction of records / original records not available - Charging maximum allowable price on invoices - Poor internal controls - Project milestones / deliverables are constantly delayed **Fraud Prevention: What Can You Do To Combat Fraud?** - Ensure proper segregation of responsibilities - Reconcile your monthly reports - Review procurement card statements, including receipts - Review approval authorities - Review travel documents, including receipts - Count inventories regularly - Conduct surprise cash counts - Pay attention to details in email/phone communication - Whistle blowing - ASK QUESTIONS **Forensic Accounting -** The gathering of evidence about economic transactions and reporting the legal framework which allows such evidence to be suitable to the purposes of establishing accountability and/or valuation. **CHAPTER 8: COMMUNICATING OF AUDIT RESULTS** Communication of the results of assurance and consulting engagement is an integral part of any assurance and consulting engagement due to various demands by the board, management, and other stakeholders to provide opinions as part of each "adding value services" on the overall adequacy of governance, risk management, and control within an organization. *Formulating and Expressing Internal Audit Opinions (IIA Practice Guide)* - An opinion on the organization's overall system of internal control over financial reporting. - An opinion on the organization's controls and procedures for compliance with applicable laws and regulations, such as health and safety, when those controls and procedures are performed in multiple countries or subsidiaries. - An opinion on the effectiveness of controls such as budgeting and performance management, when such controls are performed in multiple subsidiaries and coverage comprises the majority of the organization's assets, resources, revenues, etc. - An opinion on an individual business process or activity within a single organization, department, or location. - An opinion on the system of internal control at a subsidiary or reporting unit, when all work is performed in a single audit. - An opinion on the organization's compliance with policies, laws, and regulations regarding data privacy, when the scope of work, is performed in a single or just a few business units. *Quality of Audit Communication (IIA Standard 2420)* - Accurate - Objective - Clear - Concise - Constructive - Complete - Timely The audit reports produced by internal auditors are very different from the reports generated by external auditors. They do provide an opinion on the fairness of presentation of the financial statements. Internal auditors typically issue reports at the end of each audit that summarize their findings, recommendations, and any responses or action plans from management. Although the format and content of the audit final communications may vary by organization or type of audit, they should contain, at a minimum, the purpose, scope, and results of the audit. *Composition of the Audit Report (IIA Standard 2410)* - The engagement's objectives and scope - Applicable conclusions, opinion, or audit findings/observations - Recommendations - Action plans or corrective actions *Basis of Audit Observations* - Criteria - Condition - Cause - Effect *Types of Audit Opinion* - Positive Opinion / Reasonable Assurance (Exa. Binary, Graded, Directional) - Negative Opinion / Limited Assurance - Qualified Opinion - Disclaimer of Opinion *Disseminating Results (IIA Standard 2440)* The CAE must communicate results to the appropriate parties. He/she is responsible for the communicating the final results to parties who can ensure that the results are given due consideration. If not otherwise mandated by legal, statutory, or regulatory requirements, prior to releasing results to parties outside the organization the CAE must: - Assess the potential risk to the organization - Consult with senior management and/or legal counsel as appropriate; and - control dissemination by restricting the use of the results. *Disclosure of Nonconformance (IIA Standard 2431)* When nonconformance with the Definition of Internal Auditing, the Code of Ethics or the Standards impacts a specific engagement, communication of the results must disclose the: - Principle or rule of conduct of the Code of Ethics or Standard with which full conformance was not achieved; - Reason(s) for nonconformance; and - Impact of nonconformance on the engagement and the communicated engagement results. *Monitoring* - The CAE must establish and maintain a system to monitor the disposition of results communicated to management. The CAE must establish also follow-up process to monitor and ensure that management action have been effectively implemented or that senior management has accepted the risk of not taking action. Likewise, the internal audit activity must monitor the disposition of results of consulting engagements to the extent agreed upon with the client.

Fraud Risk Assessment & Prevention PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue