acfe fraud prevention check-up - BKD

More documents

Recommendations

Info

financial reporting schemes are common across all organizations (e.g., setting aside unsupported reserves foruse in future periods and fraudulent top-side entries); other schemes are more industry-specific (e.g., backdatingagreements at software companies or channel stuffing for organizations that sell via distributors). Each scheme thatcould be relevant to the organization should be considered in the assessment.Organizations can use the framework in Appendix D to identify specific areas of greatest risk and as a foundationfor customizing the assessment process for their specific needs. For example, starting with the revenue recognitioncomponent of fraudulent financial reporting, the assessment should consider the following questions:• What are the main drivers of revenue at the organization?• Are revenues primarily from volume sales of relatively homogeneous products, or are they driven by arelatively few individual transactions?• What are the incentives and pressures present in the organization?• Are revenues recorded systematically or manually?• Are there any revenue recognition fraud risks specific to the organization’s industry?For significant marketplace disclosures (e.g., loan delinquency percentages) consider the following questions:• What controls are in place to monitor internal gathering and reporting of these disclosures?• Is there oversight from someone whose compensation is not directly affected by his or her performance?• Does someone monitor the organization’s disclosures in relation to other organizations and ask hardquestions about whether the organization’s disclosures are adequate or could be improved?The types of fraudulent financial reporting outlined by the ACFE typically focus on improving the organization’sfinancial picture by overstating income, understating losses, or using misleading disclosures. Conversely, someorganizations understate income to smooth earnings. Any intentional misstatement of accounting informationrepresents fraudulent financial reporting.Another consideration involves fraud where the objective is not to improve the organization’s financial statements,but to cover up a hole left by the misappropriation or misuse of assets. In this case, the fraud also includesfraudulent financial reporting.Misappropriation of AssetsAn organization’s assets, both tangible (e.g., cash or inventory) and intangible (e.g., proprietary or confidentialproduct, or customer information), can be misappropriated by employees, customers, or vendors. The organizationshould ensure that controls are in place to protect such assets. Considerations to be made in the fraud riskassessment process include gaining an understanding of what assets are subject to misappropriation, the locationswhere the assets are maintained, and which personnel have control over or access to tangible or intangible assets.Common schemes include misappropriation by:• Employees.- Creation of, and payments to, fictitious vendors.- Payment of inflated or fictitious invoices.25
- Invoices for goods not received or services not performed.- Theft of inventory or use of business assets for personal gain.- False or inflated expense claims.- Theft or use of customer lists and proprietary information.• Employees in collusion with vendors, customers, or third parties.- Payment of inflated or fictitious invoices.- Issuance of inflated or fictitious credit notes.- Invoices for goods not received or services not performed.- Preferred pricing or delivery.- Contract bid rigging.- Theft or use of customer lists and proprietary information.• Vendors.- Inflated or fictitious invoices.- Short shipments or substitution of lower quality goods.- Invoices for goods not received or services not preformed.• Customers.- False claims for damaged or returned goods or short shipments.Protecting against these risks requires not only physical safeguarding controls, but also periodic detective controlssuch as physical counts of inventory with reconciliations to the general ledger. Remember, a smart perpetrator maybe thinking about such controls and design the fraud to circumvent or be concealed from those controls. Thoseconducting the risk assessment should keep this in mind when deliberating misappropriation of asset schemes andtheir impact to the organization.CorruptionCorruption is operationally defined as the misuse of entrusted power for private gain. In the United States, theFCPA prohibits U.S. entities, their foreign subsidiaries, and others from bribing foreign government officials,either directly or indirectly, to obtain or retain business. There are similar anti-corruption laws in other countriesas well as guidelines established by the United Nations Convention Against Corruption, to which more than 100countries are signatories.Organizations that have operations outside their home countries need to consider other relevant anti-corruptionlaws when establishing a fraud risk management program. Transparency International, a multinational organizationfocused on anti-corruption and transparency in business and government, issues an annual Corruption PerceptionIndex, which ranks countries on their perceived levels of corruption. The Corruption Perception Index canassist organizations in prioritizing their anti-corruption efforts in areas of the world at greatest risk. It must beremembered, of course, that corruption can also occur in an organization’s home country.A common form of corruption is aiding and abetting. Law enforcement authorities worldwide have prosecutednumerous cases where organizations were not misstating their financial statements, but were knowingly structuringtransactions or making representations that enabled other organizations to fraudulently misstate their financialstatements. A thorough risk assessment will consider the risk that someone may be engaging in such behavior aswell as other types of corruption that may be applicable to the organization.26
Page 1 and 2: ACFE FRAUD PREVENTIONCHECK-UP
Page 3 and 4: ACFE FRAUD PREVENTIONCHECK-UPThe Be
Page 5 and 6: ACFE FRAUD PREVENTIONCHECK-UPACFE F
Page 13 and 14: Sponsored by:The Institute of Inter
Page 15 and 16: Team Members:Toby J.F. Bishop, CPA,
Page 17 and 18: Managing the Business Risk of Fraud
Page 19 and 20: establish their own fraud risk mana
Page 21 and 22: Fraud risk identification may inclu
Page 23 and 24: Thus, to properly address fraud ris
Page 25 and 26: The board also has the responsibili
Page 27 and 28: • Implementing adequate internal
Page 29 and 30: Fraud Risk Management Program Compo
Page 31 and 32: ecently been hired in the purchasin
Page 33 and 34: Organizations can identify and asse
Page 35 and 36: The Risk Assessment TeamA good risk
Page 37: This also involves understanding th
Page 41 and 42: Other RisksRegulatory and Legal Mis
Page 43 and 44: SECTION 3: FRAUD PREVENTIONPrincipl
Page 45 and 46: An organization’s HR group is oft
Page 47 and 48: SECTION 4: FRAUD DETECTIONPrinciple
Page 49 and 50: Process ControlsProcess controls sp
Page 51 and 52: keep such information confidential.
Page 53 and 54: will vary depending on the nature,
Page 55 and 56: Conducting the InvestigationPlannin
Page 57 and 58: • Extended investigation — Cond
Page 59 and 60: Fraud ControlsDeloitte Forensic Cen
Page 61 and 62: APPENDIX B: SAMPLE FRAMEWORK FOR A
Page 63 and 64: APPENDIX C: SAMPLE FRAUD POLICY 41N
Page 65 and 66: CONFIDENTIALITYThe ______________ U
Page 67 and 68: Sample Fraud Policy Decision Matrix
Page 69 and 70: Identified Fraud Risksand Schemes (
Page 71 and 72: 2) Misappropriation of:a) Tangible
Page 73 and 74: ) Embezzlement(1) False accounting
Page 75 and 76: Fraud Prevention Area, Factor, or C
Page 83 and 84: O-Organization / PersonnelO1-Leader
Page 85 and 86: O4.3 Enhance Operational Skills & C
Page 87 and 88: PR-Prevent, Protect & PreparePR1-Ge
Page 89 and 90:
E-Periodic EvaluationE1-Evaluation
Page 91 and 92:
I2-CommunicationI2.1 Develop Commun
Page 93 and 94:
CriminologyFraud Prevention Program
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Sample Fraud PolicyAssociation of C
Page 119 and 120:
Sample Fraud PolicyCONFIDENTIALITYT
Page 121 and 122:
Sample Fraud PolicyFraud Policy Dec
Page 123 and 124:
Fraud’s Worst Enemyhttp://www.fra
Page 125 and 126:
ACFE Insights - ACFE Insightshttp:/
Page 127:
ACFE Insights - ACFE Insightshttp:/
show all

acfe fraud prevention check-up - BKD

Create successful ePaper yourself

Delete template?

Save as template?