acfe fraud prevention check-up - BKD

PR-Prevent, Protect & PreparePR1-General Controls, Policies & ProceduresPR1.1 Develop Controls, Policies & Procedures that represent a mix of controls designed to prevent, detect, monitor,and respond to fraud risk, including:• Policy defining fraud, irregularities, authority to conduct investigations, confidentiality, and reporting ofresults of investigations, and potential disciplinary action should fraud be confirmed.• Policies encouraging high ethical standards and empowering employees, customers and vendors to insistthose standards are met.• Policy that everyone be 100% open and honest with external auditors.• Policy that fraud involving senior management or that causes a material misstatement of financialstatements be reported directly to the audit committee.• Policy that fraud detected by either internal audit or external audit be brought to the attention of theappropriate level of management.• Procedures regarding the nature and extent of communications with the audit committee about fraudcommitted by lower level employees.• Preventive controls like exit interviews, background checks, training, segregation of duties, performanceevaluation, compensation practices, physical and logical access restrictions.• Detective controls like anonymous reporting, internal audit, and process controls.PR1.2 Implement and Manage Controls, Policies & Procedures confirming roles and responsibilities related to thefraud policy (See Appendix B), proper communication, implementation of, adherence to, and operation of fraud riskmanagement controls, policies and procedures.PR1.3 Automate Controls, Policies & Procedures to protect against the risk that fraudulent or corrupt conduct goundetected due to inherent variation in human-centric activities.PR2-Code Of ConductPR2.1 Develop Code of Conduct to include expectations about proper conduct in the face of opportunities for fraudor corruption, non-retaliation for and the proper procedures for reporting identified fraudulent or corrupt conductregardless of whether the opportunity arises from conflict of interest, use of corporate assets, customer, supplier,government or other business dealings.PR2.2 Distribute and Manage Code of Conduct publicly and across all levels of the organization so that each levelunderstands and receives training on their respective roles and responsibilities in relation to fraud and corruptionrisk management, keeping the Code refreshed based upon changes in laws, operating conditions and policies.PR3-Training & EducationPR3.1 Design / Develop Training related to ethical conduct in the face of stressors or opportunities for fraudulentor corrupt behavior that occur at all levels of the organization and through the extended enterprise, assuring thatsuch training is timely attended based upon changes in roles or responsibilities, and that individuals are meetingcomprehension goals.PR3.2 Implement and Manage Training to confirm that fraud risk management training appropriate to each person’srole has been delivered in accordance with the training plan and has met all performance targets.74