acfe fraud prevention check-up - BKD

More documents

Recommendations

Info

APPENDIX D: FRAUD RISK ASSESSMENT FRAMEWORK EXAMPLENOTE: This example is for illustrative purposes and focuses solely on potential revenue recognition risks withinfinancial reporting. A full fraud risk assessment would consider fraudulent financial reporting in other areasrelevant to the organization, such as accounts subject to estimation, related-party transactions, and inventoryaccounting. In addition, the risk of misappropriation of assets, corruption, and other misconduct would beassessed in the same manner.Identified Fraud Risksand Schemes (1)Likelihood (2)Significance (3)Peopleand/orDepartment (4)Existing Anti-fraud Controls (5)ControlsEffectivenessAssessment (6)ResidualRisks (7)Fraud RiskResponse (8)Financial ReportingRevenue recognition• BackdatingagreementsReasonablypossibleMaterialSales personnelControlled contract administrationsystemTested by IAN/APeriodic testingby IA• Channel stuffingRemoteInsignificantN/AN/AN/AN/AN/A• Holding books openReasonablypossibleMaterialAccountingStandard monthly close processTested by IARisk ofmanagementoverrideTesting of latejournal entriesReconciliation of invoice register togeneral ledgerTested bymanagementCut off testingby IAEstablished procedures for shipping,invoicing, and revenue recognitionTested by IAEstablished process for consolidationTested by IA• Late shipmentsReasonablypossibleSignificantShipping dept.Integrated shipping system, linked toinvoicing and sales registerDaily reconciliation of shipping logto invoice registerTested by IATested bymanagementRisk ofmanagementoverrideCut off testingby IARequired management approval ofmanual invoicesTested by IA• Side letters/agreementsProbableMaterialSales personnelAnnual training of sales and financepersonnel on revenue recognitionpracticesQuarterly signed attestation ofsales personnel concerning extracontractual agreementsTested bymanagementTested bymanagementRisk ofoverrideDisaggregatedanalysis of sales,sales returns,and adjustmentsby salespersonInternal audit confirming withcustomers that there are no otheragreements, written or oral, thatwould modify the terms of thewritten agreement• Inappropriate journalentriesReasonablypossibleMaterialAccounting &FinanceEstablished process for consolidationEstablished, systematic accesscontrols to the general ledgerStandard monthly and quarterlyjournal entry log maintained. Reviewprocess in place for standard entries,and nonstandard entries subject totwo levels of reviewTested by IATested by IATested bymanagementRisk ofoverrideN/AN/AData mining ofjournal entrypopulation byIA for:• Unusual Dr/CRcombinations• Late entriesto accountssubject toestimation55
Identified Fraud Risksand Schemes (1)Likelihood (2)Significance (3)People and/orDepartment (4)Existing Anti-fraud Controls (5)ControlsEffectivenessAssessment (6)ResidualRisks (7)Fraud RiskResponse (8)• Roundtrip transactionsRemoteInsignificantN/AN/AN/AN/AN/A• Manipulation of billand hold arrangementsRemoteInsignificantN/AN/AN/AN/AN/A• Early delivery ofproductReasonablypossibleSignificantSales andshippingSystematic matching of salesorder to shipping documentation;exception reports generated.Tested bymanagementAdequatelymitigated bycontrolsN/A• Partial shipmentsReasonablypossibleSignificantSales andshippingSystematic shipping documentsmanually checked against everyshipment.Tested bymanagementAdequatelymitigated bycontrolsN/ASystematic matching of salesorder to shipping documentation;exception reports generated.Customer approval of partialshipment required prior to revenuerecognition.• Additional revenuerisksSystematic shipping documentsmanually checked against everyshipment.1. Identified Fraud Risks and Schemes: This column should include a full list of the potential fraud risks and schemes that mayface the organization. This list will be different for different organizations and should be informed by (a) industry research, (b)interviews of employees and other stakeholders, (c) brainstorming sessions, and (d) activity on the whistleblower hotline.2. Likelihood of Occurrence: To design an efficient fraud risk management program, it is important to assess the likelihood of theidentified fraud risks so that the organization establishes proper anti-fraud controls for the risks that are deemed most likely.For purposes of the assessment, it should be adequate to evaluate the likelihood of risks as remote, reasonably possible, andprobable.3. Significance to the Organization: Quantitative and qualitative factors should be considered when assessing the significanceof fraud risks to an organization. For example, certain fraud risks may only pose an immaterial direct financial risk to theorganization, but could greatly impact its reputation, and therefore, would be deemed to be a more significant risk to theorganization. For purposes of the assessment, it should be adequate to evaluate the significance of risks as immaterial, significant,and material.4. People and/or Department Subject to the Risk: As fraud risks are identified and assessed, it is important to evaluate which peopleinside and outside the organization are subject to the risk. This knowledge will assist the organization in tailoring its fraud riskresponse, including establishing appropriate segregation of duties, proper review and approval chains of authority, and proactivefraud auditing procedures.5. Existing Anti-fraud Internal Controls: Map pre-existing controls to the relevant fraud risks identified. Note that this occurs afterfraud risks are identified and assessed for likelihood and significance. By progressing in this order, this framework intends for theorganization to assess identified fraud risks on an inherent basis, without consideration of internal controls.6. Assessment of Internal Controls Effectiveness: The organization should have a process in place to evaluate whether the identifiedcontrols are operating effectively and mitigating fraud risks as intended. Companies subject to the provisions of The U.S. Sarbanes-Oxley Act of 2002 Section 404 will have a process such as this in place. Organizations not subject to Sarbanes-Oxley shouldconsider what review and monitoring procedures would be appropriate to implement to gain assurance that their internal controlstructure is operating as intended.7. Residual Risks: After consideration of the internal control structure, it may be determined that certain fraud risks may not bemitigated adequately due to several factors, including (a) properly designed controls are not in place to address certain fraudrisks or (b) controls identified are not operating effectively. These residual risks should be evaluated by the organization in thedevelopment of the fraud risk response.8. Fraud Risk Response: Residual risks should be evaluated by the organization and fraud risk responses should be designed toaddress such remaining risk. The fraud risk response could be one or a combination of the following: (a) implementing additionalcontrols, (b) designing proactive fraud auditing techniques, and/or (c) reducing the risk by exiting the activity.56
Page 1 and 2:
ACFE FRAUD PREVENTIONCHECK-UP
Page 3 and 4:
ACFE FRAUD PREVENTIONCHECK-UPThe Be
Page 5 and 6:
ACFE FRAUD PREVENTIONCHECK-UPACFE F
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Sponsored by:The Institute of Inter
Page 15 and 16:
Team Members:Toby J.F. Bishop, CPA,
Page 17 and 18: Managing the Business Risk of Fraud
Page 19 and 20: establish their own fraud risk mana
Page 21 and 22: Fraud risk identification may inclu
Page 23 and 24: Thus, to properly address fraud ris
Page 25 and 26: The board also has the responsibili
Page 27 and 28: • Implementing adequate internal
Page 29 and 30: Fraud Risk Management Program Compo
Page 31 and 32: ecently been hired in the purchasin
Page 33 and 34: Organizations can identify and asse
Page 35 and 36: The Risk Assessment TeamA good risk
Page 37 and 38: This also involves understanding th
Page 39 and 40: - Invoices for goods not received o
Page 41 and 42: Other RisksRegulatory and Legal Mis
Page 43 and 44: SECTION 3: FRAUD PREVENTIONPrincipl
Page 45 and 46: An organization’s HR group is oft
Page 47 and 48: SECTION 4: FRAUD DETECTIONPrinciple
Page 49 and 50: Process ControlsProcess controls sp
Page 51 and 52: keep such information confidential.
Page 53 and 54: will vary depending on the nature,
Page 55 and 56: Conducting the InvestigationPlannin
Page 57 and 58: • Extended investigation — Cond
Page 59 and 60: Fraud ControlsDeloitte Forensic Cen
Page 61 and 62: APPENDIX B: SAMPLE FRAMEWORK FOR A
Page 63 and 64: APPENDIX C: SAMPLE FRAUD POLICY 41N
Page 65 and 66: CONFIDENTIALITYThe ______________ U
Page 67: Sample Fraud Policy Decision Matrix
Page 71 and 72: 2) Misappropriation of:a) Tangible
Page 73 and 74: ) Embezzlement(1) False accounting
Page 75 and 76: Fraud Prevention Area, Factor, or C
Page 83 and 84: O-Organization / PersonnelO1-Leader
Page 85 and 86: O4.3 Enhance Operational Skills & C
Page 87 and 88: PR-Prevent, Protect & PreparePR1-Ge
Page 89 and 90: E-Periodic EvaluationE1-Evaluation
Page 91 and 92: I2-CommunicationI2.1 Develop Commun
Page 93 and 94: CriminologyFraud Prevention Program
Page 117 and 118: Sample Fraud PolicyAssociation of C
Page 119 and 120:
Sample Fraud PolicyCONFIDENTIALITYT
Page 121 and 122:
Sample Fraud PolicyFraud Policy Dec
Page 123 and 124:
Fraud’s Worst Enemyhttp://www.fra
Page 125 and 126:
ACFE Insights - ACFE Insightshttp:/
Page 127:
ACFE Insights - ACFE Insightshttp:/
show all

acfe fraud prevention check-up - BKD

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?