acfe fraud prevention check-up - BKD

More documents

Recommendations

Info

Organizations should apply a framework to document their fraud risk assessment. The framework below illustrateshow the elements of fraud risk identification, assessment, and response are applied in a rational, structuredapproach. This example begins with a list of identified fraud risks and schemes, which are then assessed for relativelikelihood and significance of occurrence. Next, the risks and schemes are mapped to the people and/or departmentsthat may be impacted and to relevant controls, which are evaluated for design effectiveness and tested to validateoperating effectiveness. Lastly, residual risks are identified, and a fraud risk response is developed. 32IdentifiedFraud Risks and SchemesLikelihoodSignificancePeople and/orDepartmentExistingAnti-fraudControlsControlsEffectivenessAssessmentResidualRisksFraud RiskResponseFinancial reportingRevenue recognition- Backdating agreements- Channel stuffing- Inducing distributors toaccept more product thannecessary- Holding books open- Via recording detailtransactions in a sub-ledger- Via recording top-sidejournal entries- Additional revenue risksManagement estimates- Self insurance- Altering underlying detailclaims and estimate data- Fraudulently changingunderlying assumptions inestimation of liability- Allowance for bad debts- Altering underlying A/Raging to manipulatecomputation- Fraudulent input fromsales persons or creditdepartment on credit quality- Additional estimatesDisclosures- Footnotes- Additional disclosuresMisappropriation of assetsCash/check- Point of sale- Accounts receivable applicationprocess- Master vendor file controlsoverride- Additional risks- Inventory- Theft by customers- Theft by employees- Other assets at riskCorruption- Bribery- Aiding and abettingOther Risks32Refer to Appendix D of this document for an example of the use of this framework.21
The Risk Assessment TeamA good risk assessment requires input from various sources. Before conducting a risk assessment, managementshould identify a risk assessment team. This team should include individuals from throughout the organizationwith different knowledge, skills, and perspectives and should include a combination of internal and externalresources such as:• Accounting/finance personnel, who are familiar with the financial reporting process and internal controls.• Nonfinancial business unit and operations personnel, to leverage their knowledge of day-to-day operations,customer and vendor interactions, and general awareness of issues within the industry.• Risk management personnel, to ensure that the fraud risk assessment process integrates with theorganization’s ERM program.• Legal and compliance personnel, as the fraud risk assessment will identify risks that give rise to potentialcriminal, civil, and regulatory liability if the fraud or misconduct were to occur.• Internal audit personnel, who will be familiar with the organization’s internal controls and monitoringfunctions. In addition, internal auditors will be integral in developing and executing responses to significantrisks that cannot be mitigated practically by preventive and detective controls.• If expertise is not available internally, external consultants with expertise in applicable standards, key riskindicators, anti-fraud methodology, control activities, and detection procedures.Management, including senior management, business unit leaders, and significant process owners (e.g., accounting,sales, procurement, and operations) should participate in the assessment, as they are ultimately accountable for theeffectiveness of the organization’s fraud risk management efforts.Fraud Risk IdentificationOnce assembled, the risk assessment team should go through a brainstorming activity to identify the organization’sfraud risks. Effective brainstorming involves preparation in advance of the meeting, a leader to set the agendaand facilitate the session, and openness to ideas regarding potential risks and controls 33 . Brainstorming enablesdiscussions of the incentives, pressures, and opportunities to commit fraud; risks of management override ofcontrols; and the population of fraud risks relevant to the organization. 34 Other risks, such as regulatory and legalmisconduct and reputation risk, as well as the impact of IT on fraud risks also should be considered in the fraud riskidentification process.The organization’s fraud risk identification information should be shared with the board or audit committee andcomments should be solicited. The board also should assess the implications of its own processes with respect to itscontribution to fraud risk, including incentive pressures.33Sources of information about good brainstorming practices include (a) Mark S. Beasley and Gregory Jenkins, “A Primer for BrainstormingFraud Risks,” Journal of Accountancy, December 2003, and (b) Michael J. Ramos, “Brainstorming Prior to the Audit,” in Fraud Detection in aGAAS Audit: Revised Edition, Chapter 2: “Considering Fraud in a Financial Statement Audit.”34Refer to Appendix E: Fraud Risk Exposures of this document for a list of potential fraud risk which could be used in brainstorming.22
Page 1 and 2: ACFE FRAUD PREVENTIONCHECK-UP
Page 3 and 4: ACFE FRAUD PREVENTIONCHECK-UPThe Be
Page 5 and 6: ACFE FRAUD PREVENTIONCHECK-UPACFE F
Page 13 and 14: Sponsored by:The Institute of Inter
Page 15 and 16: Team Members:Toby J.F. Bishop, CPA,
Page 17 and 18: Managing the Business Risk of Fraud
Page 19 and 20: establish their own fraud risk mana
Page 21 and 22: Fraud risk identification may inclu
Page 23 and 24: Thus, to properly address fraud ris
Page 25 and 26: The board also has the responsibili
Page 27 and 28: • Implementing adequate internal
Page 29 and 30: Fraud Risk Management Program Compo
Page 31 and 32: ecently been hired in the purchasin
Page 33: Organizations can identify and asse
Page 37 and 38: This also involves understanding th
Page 39 and 40: - Invoices for goods not received o
Page 41 and 42: Other RisksRegulatory and Legal Mis
Page 43 and 44: SECTION 3: FRAUD PREVENTIONPrincipl
Page 45 and 46: An organization’s HR group is oft
Page 47 and 48: SECTION 4: FRAUD DETECTIONPrinciple
Page 49 and 50: Process ControlsProcess controls sp
Page 51 and 52: keep such information confidential.
Page 53 and 54: will vary depending on the nature,
Page 55 and 56: Conducting the InvestigationPlannin
Page 57 and 58: • Extended investigation — Cond
Page 59 and 60: Fraud ControlsDeloitte Forensic Cen
Page 61 and 62: APPENDIX B: SAMPLE FRAMEWORK FOR A
Page 63 and 64: APPENDIX C: SAMPLE FRAUD POLICY 41N
Page 65 and 66: CONFIDENTIALITYThe ______________ U
Page 67 and 68: Sample Fraud Policy Decision Matrix
Page 69 and 70: Identified Fraud Risksand Schemes (
Page 71 and 72: 2) Misappropriation of:a) Tangible
Page 73 and 74: ) Embezzlement(1) False accounting
Page 75 and 76: Fraud Prevention Area, Factor, or C
Page 83 and 84: O-Organization / PersonnelO1-Leader
Page 85 and 86:
O4.3 Enhance Operational Skills & C
Page 87 and 88:
PR-Prevent, Protect & PreparePR1-Ge
Page 89 and 90:
E-Periodic EvaluationE1-Evaluation
Page 91 and 92:
I2-CommunicationI2.1 Develop Commun
Page 93 and 94:
CriminologyFraud Prevention Program
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Sample Fraud PolicyAssociation of C
Page 119 and 120:
Sample Fraud PolicyCONFIDENTIALITYT
Page 121 and 122:
Sample Fraud PolicyFraud Policy Dec
Page 123 and 124:
Fraud’s Worst Enemyhttp://www.fra
Page 125 and 126:
ACFE Insights - ACFE Insightshttp:/
Page 127:
ACFE Insights - ACFE Insightshttp:/
show all

acfe fraud prevention check-up - BKD

Create successful ePaper yourself

Delete template?

Save as template?