acfe fraud prevention check-up - BKD

More documents

Recommendations

Info

Incentives, Pressures, and OpportunitiesMotives for committing fraud are numerous and diverse. One executive may believe that the organization’s businessstrategy will ultimately be successful, but interim negative results need to be concealed to give the strategy time.Another needs just a few more pennies per share of income to qualify for a bonus or to meet analysts’ estimates.The third executive purposefully understates income to save for a rainy day.The fraud risk identification process should include an assessment of the incentives, pressures, and opportunities tocommit fraud. Incentive programs should be evaluated — by the board for senior management and by managementfor others — as to how they may affect employees’ behavior when conducting business or applying professionaljudgment (e.g., estimating bad debt allowances or revenue recognition). Financial incentives and the metrics onwhich they are based can provide a map to where fraud is most likely to occur. There may also be nonfinancialincentives, such as when an employee records a fictitious transaction so he or she does not have to explain anotherwise unplanned variance. Even maintaining the status quo is sometimes a powerful enough incentive forpersonnel to commit fraud.Also important, and often harder to quantify, are the pressures on individuals to achieve performance or othertargets. Some organizations are transparent, setting specific targets and metrics on which personnel will bemeasured. Other organizations are more indirect and subtle, relying on corporate culture to influence behavior.Individuals may not have any incremental monetary incentive to fraudulently adjust a transaction, but there may beample pressure — real or perceived — on an employee to act fraudulently.Meanwhile, opportunities to commit fraud exist throughout organizations and may be reason enough to commitfraud. These opportunities are greatest in areas with weak internal controls and a lack of segregation of duties.However, some frauds, especially those committed by management, may be difficult to detect because managementcan often override the controls. Such opportunities are why appropriate monitoring of senior management by astrong board and audit committee, supported by internal auditing, is critical to fraud risk management.Risk of Management’s Override of ControlsAs part of the risk identification process, it is important to consider the potential for management override ofcontrols established to prevent or detect fraud. Personnel within the organization generally know the controls andstandard operating procedures that are in place to prevent fraud. It is reasonable to assume that individuals whoare intent on committing fraud will use their knowledge of the organization’s controls to do it in a manner thatwill conceal their actions. For example, a manager who has the authority to approve new vendors may create andapprove a fictitious vendor and then submit invoices for payment, rather than just submit false invoices for payment.Hence, it is also important to keep the risk of management’s override of controls in mind when evaluating theeffectiveness of controls; an anti-fraud control is not effective if it can be overridden easily.Population of Fraud RisksThe fraud risk identification process requires an understanding of the universe of fraud risks and the subset of risksspecific to the organization. This may involve obtaining information from external sources such as industry news;criminal, civil, and regulatory complaints and settlements; and organizations such as The IIA, AICPA, ACFE, and CICA.23
This also involves understanding the organization’s business processes and gathering information about potentialfraud from internal sources by interviewing personnel and brainstorming with them, reviewing complaints from thewhistleblower hotline, and performing analytical procedures.Various taxonomies are available to organize fraud risks. Appendix H displays the Foundation Principles issued bythe Open Compliance and Ethics Group (OCEG) that relate to fraud risk identification. The ACFE, on the other hand,classifies occupational fraud risks into three general categories: fraudulent statements, misappropriation of assets,and corruption 35 . Using the ACFE’s categories as a starting point, a more detailed breakout can be developed toproduce an organization-specific fraud risk assessment. For example, potential fraud risks to consider in the ACFE’sthree general categories include:1) Intentional manipulation of financial statements, which can lead to:a) Inappropriately reported revenues.b) Inappropriately reported expenses.c) Inappropriately reflected balance sheet amounts, including reserves.d) Inappropriately improved and/or masked disclosures.e) Concealing misappropriation of assets.f) Concealing unauthorized receipts and expenditures.g) Concealing unauthorized acquisition, disposition, and use of assets.2) Misappropriation of:a) Tangible assets by:i) Employees.ii) Customers.iii) Vendors.iv) Former employees and others outside the organization.b) Intangible assets.c) Proprietary business opportunities.3) Corruption including:a) Bribery and gratuities to:i) Companies.ii) Private individuals.iii) Public officials.b) Receipt of bribes, kickbacks, and gratuities.c) Aiding and abetting fraud by other parties (e.g., customers, vendors).Fraudulent Financial ReportingEach of the three categories outlined by the ACFE includes at least one scheme of how the fraud could occur.For instance, acceleration of revenue recognition can be achieved via numerous schemes, including backdatingagreements, recognizing revenue on product not shipped by period end, or channel stuffing. Some fraudulent35The ACFE’s Report to the Nation on Occupational Fraud and Abuse.24
Page 1 and 2: ACFE FRAUD PREVENTIONCHECK-UP
Page 3 and 4: ACFE FRAUD PREVENTIONCHECK-UPThe Be
Page 5 and 6: ACFE FRAUD PREVENTIONCHECK-UPACFE F
Page 13 and 14: Sponsored by:The Institute of Inter
Page 15 and 16: Team Members:Toby J.F. Bishop, CPA,
Page 17 and 18: Managing the Business Risk of Fraud
Page 19 and 20: establish their own fraud risk mana
Page 21 and 22: Fraud risk identification may inclu
Page 23 and 24: Thus, to properly address fraud ris
Page 25 and 26: The board also has the responsibili
Page 27 and 28: • Implementing adequate internal
Page 29 and 30: Fraud Risk Management Program Compo
Page 31 and 32: ecently been hired in the purchasin
Page 33 and 34: Organizations can identify and asse
Page 35: The Risk Assessment TeamA good risk
Page 39 and 40: - Invoices for goods not received o
Page 41 and 42: Other RisksRegulatory and Legal Mis
Page 43 and 44: SECTION 3: FRAUD PREVENTIONPrincipl
Page 45 and 46: An organization’s HR group is oft
Page 47 and 48: SECTION 4: FRAUD DETECTIONPrinciple
Page 49 and 50: Process ControlsProcess controls sp
Page 51 and 52: keep such information confidential.
Page 53 and 54: will vary depending on the nature,
Page 55 and 56: Conducting the InvestigationPlannin
Page 57 and 58: • Extended investigation — Cond
Page 59 and 60: Fraud ControlsDeloitte Forensic Cen
Page 61 and 62: APPENDIX B: SAMPLE FRAMEWORK FOR A
Page 63 and 64: APPENDIX C: SAMPLE FRAUD POLICY 41N
Page 65 and 66: CONFIDENTIALITYThe ______________ U
Page 67 and 68: Sample Fraud Policy Decision Matrix
Page 69 and 70: Identified Fraud Risksand Schemes (
Page 71 and 72: 2) Misappropriation of:a) Tangible
Page 73 and 74: ) Embezzlement(1) False accounting
Page 75 and 76: Fraud Prevention Area, Factor, or C
Page 83 and 84: O-Organization / PersonnelO1-Leader
Page 85 and 86: O4.3 Enhance Operational Skills & C
Page 87 and 88:
PR-Prevent, Protect & PreparePR1-Ge
Page 89 and 90:
E-Periodic EvaluationE1-Evaluation
Page 91 and 92:
I2-CommunicationI2.1 Develop Commun
Page 93 and 94:
CriminologyFraud Prevention Program
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Sample Fraud PolicyAssociation of C
Page 119 and 120:
Sample Fraud PolicyCONFIDENTIALITYT
Page 121 and 122:
Sample Fraud PolicyFraud Policy Dec
Page 123 and 124:
Fraud’s Worst Enemyhttp://www.fra
Page 125 and 126:
ACFE Insights - ACFE Insightshttp:/
Page 127:
ACFE Insights - ACFE Insightshttp:/
show all

acfe fraud prevention check-up - BKD

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?