acfe fraud prevention check-up - BKD

More documents

Recommendations

Info

• Results of employee or other stakeholder surveys concerning the integrity or culture of the organization.• Resources used by the organization.Appropriate measurement techniques will vary by organization based on factors, such as controls in place, fraudrisks identified, and resources available. Examples of specific measurement techniques are:• The recurrence of frauds uncovered.• The timeliness of implementation of remediation plans.• Timeliness in implementing additional controls to prevent new frauds.• Assessment of the likelihood that frauds perpetrated against other organizations in the same industry willoccur in the organization.• Comparison of fraud versus complaints, grievances, etc., via hotline calls.• Comparison of the number of frauds discovered versus the number of fraud audits performed.• Ratios of problems revealed in background checks versus the number of checks performed.A senior member of management should be assigned as the process owner for each technique implemented. Eachprocess owner should:• Evaluate the effectiveness of the technique regularly.• Adjust the technique as required.• Document any adjustments.• Report immediately through the appropriate channels details of any modification necessary or anytechnique that becomes less effective.SECTION 5: fraud INVESTIGATION AND CORRECTIVE ACTIONPrinciple 5: A reporting process should be in place to solicit input on potential fraud, and a coordinatedapproach to investigation and corrective action should be used to help ensure potential fraud isaddressed appropriately and timely.It is essential that any violations, deviations, or other breaches of the code of conduct or controls, regardlessof where in the organization, or by whom, they are committed, be reported and dealt with in a timely manner.Appropriate punishment must be imposed, and suitable remediation completed. The board should ensure that thesame rules are applied at all levels of the organization, including senior management.Fraud Investigation and Response ProtocolsReceiving the AllegationPotential fraud may come to the organization’s attention in many ways, including tips from employees, customers, orvendors; internal audits; process control identification; external audits; or by accident. The board should ensure thatthe organization develops a system for prompt, competent, and confidential review, investigation, and resolution ofallegations involving potential fraud or misconduct. Protocols for the board’s involvement in such cases — which39
will vary depending on the nature, potential impact, and seniority of persons involved — should be defined clearlyand communicated to management by the board.The investigation and response system should include a process for:• Categorizing issues.• Confirming the validity of the allegation.• Defining the severity of the allegation.• Escalating the issue or investigation when appropriate.• Referring issues outside the scope of the program.• Conducting the investigation and fact-finding.• Resolving or closing the investigation.• Listing types of information that should be kept confidential.• Defining how the investigation will be documented.• Managing and retaining documents and information.The process approved by the board should include a tracking or case management system in which all allegations offraud are logged. Designated senior management approved by the board and the board itself may be given accessto this system if necessary to ensure that appropriate action is being taken.Evaluating the AllegationOnce an allegation is received, the organization should follow the process approved by the board to evaluate theallegation. The process should include designating an individual or individuals with the necessary authority andskills to conduct an initial evaluation of the allegation and determine the appropriate course of action to resolve it.In cases that involve the board or senior management, the board may want to hire outside independent advisers toassist in this evaluation.The allegation should be examined to determine whether it involves a potential violation of law, rules, or companypolicy. Depending on the nature and severity of the allegation, other departments may need to be consulted, such asHR, legal counsel, senior management, IT, internal auditing, security, or loss prevention. The organization’s externalauditor must also be advised of any fraud that could affect the organization’s financial statements.If an allegation involves senior management, or if the allegation affects the financial statements, there may bestandards, regulations, or laws that require that others (e.g., audit committee, board, external auditors, counsel) benotified of the allegation. For example, if the allegation relates to misconduct involving the CEO, the board shouldbe notified of the allegation and should ensure that the CEO is not overseeing the investigation.Investigation ProtocolsInvestigations should be performed in accordance with protocols approved by the board. A consistent process forconducting investigations can help the organization mitigate losses and manage risks associated with the investigation.40
Page 1 and 2: ACFE FRAUD PREVENTIONCHECK-UP
Page 3 and 4: ACFE FRAUD PREVENTIONCHECK-UPThe Be
Page 5 and 6: ACFE FRAUD PREVENTIONCHECK-UPACFE F
Page 13 and 14: Sponsored by:The Institute of Inter
Page 15 and 16: Team Members:Toby J.F. Bishop, CPA,
Page 17 and 18: Managing the Business Risk of Fraud
Page 19 and 20: establish their own fraud risk mana
Page 21 and 22: Fraud risk identification may inclu
Page 23 and 24: Thus, to properly address fraud ris
Page 25 and 26: The board also has the responsibili
Page 27 and 28: • Implementing adequate internal
Page 29 and 30: Fraud Risk Management Program Compo
Page 31 and 32: ecently been hired in the purchasin
Page 33 and 34: Organizations can identify and asse
Page 35 and 36: The Risk Assessment TeamA good risk
Page 37 and 38: This also involves understanding th
Page 39 and 40: - Invoices for goods not received o
Page 41 and 42: Other RisksRegulatory and Legal Mis
Page 43 and 44: SECTION 3: FRAUD PREVENTIONPrincipl
Page 45 and 46: An organization’s HR group is oft
Page 47 and 48: SECTION 4: FRAUD DETECTIONPrinciple
Page 49 and 50: Process ControlsProcess controls sp
Page 51: keep such information confidential.
Page 55 and 56: Conducting the InvestigationPlannin
Page 57 and 58: • Extended investigation — Cond
Page 59 and 60: Fraud ControlsDeloitte Forensic Cen
Page 61 and 62: APPENDIX B: SAMPLE FRAMEWORK FOR A
Page 63 and 64: APPENDIX C: SAMPLE FRAUD POLICY 41N
Page 65 and 66: CONFIDENTIALITYThe ______________ U
Page 67 and 68: Sample Fraud Policy Decision Matrix
Page 69 and 70: Identified Fraud Risksand Schemes (
Page 71 and 72: 2) Misappropriation of:a) Tangible
Page 73 and 74: ) Embezzlement(1) False accounting
Page 75 and 76: Fraud Prevention Area, Factor, or C
Page 83 and 84: O-Organization / PersonnelO1-Leader
Page 85 and 86: O4.3 Enhance Operational Skills & C
Page 87 and 88: PR-Prevent, Protect & PreparePR1-Ge
Page 89 and 90: E-Periodic EvaluationE1-Evaluation
Page 91 and 92: I2-CommunicationI2.1 Develop Commun
Page 93 and 94: CriminologyFraud Prevention Program
Page 103 and 104:
CriminologyFraud Prevention Program
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Sample Fraud PolicyAssociation of C
Page 119 and 120:
Sample Fraud PolicyCONFIDENTIALITYT
Page 121 and 122:
Sample Fraud PolicyFraud Policy Dec
Page 123 and 124:
Fraud’s Worst Enemyhttp://www.fra
Page 125 and 126:
ACFE Insights - ACFE Insightshttp:/
Page 127:
ACFE Insights - ACFE Insightshttp:/
show all

acfe fraud prevention check-up - BKD

Create successful ePaper yourself

Delete template?

Save as template?