AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu...
-
Upload
alisha-candace-wilkins -
Category
Documents
-
view
217 -
download
0
Transcript of AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu...
![Page 1: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/1.jpg)
1
AUDIT and INTERNAL CONTROL
Conf. univ. dr. Camelia DobroţeanuProf. univ. dr. Laurenţiu Dobroţeanu
Master Aprofundat 2009-2010
![Page 2: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/2.jpg)
2
Detailed requirements:Study materials:
Brink’s Modern Internal Auditing, R. Moeller, ed. Wiley, ediţia 6, 2005
Sawyer’s Internal Auditing, L. B. Sawyer et. al, IIA, ediţia 5, 2005
Managing the audit function: a corporate audit department procedures guide, M.P. Cangemi, T. Singleton, Ed. Wiley, ediţia 3, 2003
Audit Intern, C. L. Dobroţeanu, L. Dobroţeanu, ed. InfoMega, 2007
Audit: concepte şi practici. O abordare naţională şi internaţională, L. Dobroţeanu, C. L. Dobroţeanu, Ed. Economică, 2002
Teoria şi practica auditului intern, J. Renard, Ministerul Finanţelor, 2002
Marking:
Workshop 30%
Written examination 70%
![Page 3: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/3.jpg)
3
Syllabus:
I. The system of internal control: conceptual
framework, principles, models (2 lectures)
II. Risk management (1 lecture)
III. Fraud: detection and prevention (1 lecture)
IV. Audit - internal control relationships (1.5 lectures)
V. Audit – internal control – corporate governance (0.5 lectures)
![Page 4: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/4.jpg)
4
I. Internal Control System
Lecture overview:1. Importance of IC2. Fundamentals of IC3. Essential IC techniques4. COSO framework5. IC assessment: SOX
![Page 5: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/5.jpg)
5
I.1. Importance of IC
Definition: “IC reflects any action taken by the board, management etc. to improve the risk management and to increase the likelihood that the organization meets its objectives”
Can we define a good IC?
![Page 6: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/6.jpg)
6
I.1. Importanţa CI
Good IC if:Accomplishes its stated mission; Produces accurate and reliable data;Complies with applicable laws and organization policies;Provides for economical and efficient use of resources;Provides for appropriate safeguarding of assets.
![Page 7: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/7.jpg)
7
I.2. Fundamentals of IC
acceleratorbrake
steering wheel
driver
![Page 8: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/8.jpg)
8
I.2. Fundamentals of IC
Controller
Standard
Communicator
Detector/Senzor
1. Performance
Indicator
2. Benchmark
3. Signals departures
4. Transmits messages
![Page 9: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/9.jpg)
9
I.2. Fundamentals of IC
Monitor/measure control element
Are controls within standards?
Correct CE
Monitor to make sure corrections are
working
Continue monitoring CE
NO YES
![Page 10: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/10.jpg)
10
I.3. Essential IC techniques
1.
•Prevention controls
2.
•Detection controls
3.
•Corrective controls
![Page 11: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/11.jpg)
11
I.3. Essential IC techniques
Steering controls
Yes/No Controls
Post-Action Controls
e.g. macro-economic trends
e.g. Authorization,
approval
e.g. after dismissal of an
employee
![Page 12: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/12.jpg)
12
WORKSHOP
Case study: ................
![Page 13: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/13.jpg)
13
I.4. COSO Framework
IMA
AICPA
IIA
AAA
FEI
COSO:
![Page 14: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/14.jpg)
14
I.4. COSO Framework
Internal Control: Integrated FrameworkIC – a process, affected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives of the following categories:
Effectiveness and efficiency of operationsReliability of financial reportingCompliance with applicable laws and regulations
![Page 15: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/15.jpg)
15
I.4. COSO Framework
Monitoring
Control activities
Risk assessment
Control environment
Comm
unicationICS
![Page 16: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/16.jpg)
16
I.4. COSO Frameworka. Control environment:
Integrity and ethical valuesProfessional competenceBoard and audit committeeManagement philosophy and operating styleOrganizational structureAssignment of authority and responsibilityHuman resources policies and practices:
RecruitmentNew employee orientationEvaluation, promotion, compensationDisciplinary actions
Monitorizare
Activităţi de control
Evaluarea riscurilor
Mediul de control
![Page 17: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/17.jpg)
17
I.4. COSO Framework
b. Risk assessment:3-step process:
Identification of significant risksAssess the risk likelihood or frequencyConsider the appropriate actions to manage the risk
Monitorizare
Activităţi de control
Evaluarea riscurilor
Mediul de control
![Page 18: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/18.jpg)
18
I.4. COSO Framework
b. Risk assessment (cont.):Types of risks:
Organizational risks from external factorsOrganizational risks from internal factorsSpecific activity-level risks
Monitorizare
Activităţi de control
Evaluarea riscurilor
Mediul de control
![Page 19: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/19.jpg)
19
I.4. COSO Framework
c. Control activitiesTypes of control activities:
top-level reviews direct functional or activity management information processing physical controls performance indicators segregation of duties
Monitorizare
Activităţi de control
Evaluarea riscurilor
Mediul de control
![Page 20: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/20.jpg)
20
I.4. COSO Framework
c. Control activities (cont.)Integration of control activities with risk assessmentControls over information systems
general controls – applied to overall information systems application controls – applied to specific sections of the system
Monitorizare
Activităţi de control
Evaluarea riscurilor
Mediul de control
![Page 21: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/21.jpg)
21
I.4. COSO Framework
d. CommunicationRelationship of information and ICMeans and methods of communication
Monitorizare
Activităţi de control
Evaluarea riscurilor
Mediul de control
![Page 22: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/22.jpg)
22
I.4. COSO Framework
e. MonitoringOngoing monitor activities:
operating management normal functions communications from external parties organizational structures and supervisory activities physical inventories and asset reconciliation
Monitorizare
Activităţi de control
Evaluarea riscurilor
Mediul de control
![Page 23: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/23.jpg)
23
I.4. COSO Framework
e. Monitoring (cont.)Separate evaluation of IC
ReviewsInternal audit: compliance, peer reviewSelf-assessmentExternal evaluationAction plan
Reporting IC deficienciesTo whom?How?
Monitorizare
Activităţi de control
Evaluarea riscurilor
Mediul de control
![Page 24: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/24.jpg)
24
I.5. IC ASSESSMENT: SOX- TO BE PREPARED BY STUDENTS -
![Page 25: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/25.jpg)
25
WORKSHOP
Case study: Pam-Pam or Keos
![Page 26: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/26.jpg)
26
II. Risk Management
II.1. ERM frameworkII.2. COSO: IC framework – ERM
framework
![Page 27: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/27.jpg)
27
II.1. ERM framework
• 2001 – PWC: developed a framework for ERM assessment – completed in 2004
![Page 28: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/28.jpg)
28
II.1. ERM framework
ERM: A process implemented by the board, management and other staff at enterprise strategic level with a view:– To identify events that could adversely affect the
organization;– To manage the risks within the risk appetite
limits – To obtain a reasonable assurance that the
organization’s objectives are achievable.
![Page 29: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/29.jpg)
29
II.1. ERM framework
Organization’s objectives:• Strategic
• Operational • Reporting
• Compliance
![Page 30: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/30.jpg)
30
II.1. ERM framework
Components of ERM framework:1. Internal environment2. Setting the objectives3. Identification of events4. Risk assessment5. Risk response: AARS (avoid, accept, reduce,
share) 6. Control activities7. Information and communication8. Monitoring
![Page 31: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/31.jpg)
31
II.1. ERM framework
Objectives – components relationships:
Internal Environment
Identification of events
Risk assessment
Risk response
Control activities
Inf.&Communic.Monitoring
Stra
tegi
cOpe
ration
al
Rapor
ting
Com
plia
nce
Org
an
izatio
nD
ivis
ion
Bu
sin
ess u
nit
Bra
nch
![Page 32: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/32.jpg)
32
II.1. ERM framework
ERM effectiveness:a. Effective functioning of the 8
components:– There are no material deficiencies
and– Risks managed within the risk appetite
limits
![Page 33: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/33.jpg)
33
II.1. ERM framework
Effectiveness of ERM (cont.)b. Objectives:
–governance structures know whether the objectives are achievable
![Page 34: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/34.jpg)
34
II.1. ERM framework
Governance structures’ role:– Supervision of ERM
• Understand the risks and risk response
• Know to what extent the management has implemented an effective ERM
• Review the risk portfolio against the risk appetite
• Monitor the revision of material risk indicators
![Page 35: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/35.jpg)
35
II.1. ERM framework
COSO responses related ERM – current financial crises:– Reconsideration of current ERM and assessment
of risk appetite
ERM is an integral component of internal control!
![Page 36: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/36.jpg)
36
II.2. COSO: IC – ERM frameworks
• Are there any differences?– ERM: risk based assessment– COSO-CI: IC framework
• ERM – IC framework components: similar(environment, monitoring, communication and
information, etc.)• Is ERM an improved version of IC
framework?• The controversial role of internal auditors:
– ERM seem to provide assurance that risks are managed!
![Page 37: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/37.jpg)
37
III. Fraud: detection and prevention
![Page 38: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/38.jpg)
38
Lecture outlines:
1. The concept of fraud
2. Responsibilities for fraud
prevention&detection - DPF
2.1. Risk of fraud assessment - EFR
2.2. “Audit of fraud” and IIA requirements
![Page 39: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/39.jpg)
39
1. The concept of fraud
Illegal actions – deception, betrayal
Does not necessarily imply the use of force or force threats
Actions done purposely:
to obtain financial benefits
to avoid the payment for or the opportunity lost of a financial/personal benefit
![Page 40: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/40.jpg)
40
1. The concept of fraud
Benefits:
• direct – e.g.: money
• indirect – e.g.: promotion, power,
influence.
![Page 41: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/41.jpg)
41
1. The concept of fraudFrauds committed in the organization’s
benefit: Sale of fictitious assets;
Forbidden payments: illegal financing of political campaigns, bribery, etc.;
False statement/misuses of transactions;
Incorrect assessment of transfer prices (for assets exchanged between members of the same group).
![Page 42: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/42.jpg)
42
1. The concept of fraud
Frauds committed in the organization’s benefit (cont.):
misrecording or misreporting of transactions to
mislead users of financial reports;
Illegal commercial activities;
Tax frauds.
![Page 43: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/43.jpg)
43
1. The concept of fraud
Frauds committed in the organization’s
detriment:
Acceptance of bribery;
Unlawful seizure of profitable transactions by an employee;
Invoicing goods or services which were actually not provided to the company.
![Page 44: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/44.jpg)
44
1. The concept of fraud
Frauds committed in the organization’s detriment(cont.):
Misuse of resources or falsification of accounting records;
Intentional omission or misleading interpretation of events or transactions.
![Page 45: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/45.jpg)
45
1. The concept of fraud
Indications of fraud (Simmons):
intentionally
trust
Injury
Victim
Action
![Page 46: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/46.jpg)
46
1. The concept of fraud
Frauds (Simmons):Bribery: offering, acceptance, requesting;Theft;Conflict of interest;False statements;Swindle;Mail and internet frauds;Conspiracy;Brake of financial obligations provided by
agreements;Embezzlement.
![Page 47: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/47.jpg)
47
2. Responsibilities for DPF
Fraud
![Page 48: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/48.jpg)
48
2. Responsibilities for DPF
Board + AC – supervise:
antifraud programmes and controls, including identification of fraud risk and implementation of antifraud actions;
the risk of controls avoidance and inappropriate management influence;
whistle-blowing mechanisms;
![Page 49: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/49.jpg)
49
2. Responsibilities for DPFBoard + AC – supervise (cont.):
regular reporting: nature, stage and actions taken for detected frauds;
IA plan: risk of fraud and whistle-blowing channels for IA;
involvement of independent experts in investigations of frauds.
![Page 50: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/50.jpg)
50
2. Responsibilities for DPF
IA role – to answer to questions like:
What is the risk of fraud within the organization?
What are the programs and internal controls that have been implemented to face these risks?
What is IA doing to PDRF before it leads to corporate scandals?
![Page 51: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/51.jpg)
51
2.1. Assessment of the risk of fraud
IA role – the process of ARF:
Organize the assessment process – integration of ARF within the current risks assessment process / setting up a separate process.
Identify the areas to be assessed - ARF at each of the following level:
organization, units, operations (accounts, etc.); complex transactions (e.g. acquisitions, mergers, combinations, etc.)
![Page 52: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/52.jpg)
52
2.1. Assessment of the risk of fraud
IA role – the process of ARF (cont.):
Identify the possible scenarios: the organization commits frauds or suffer injuries due to other’s frauds? How? DB – specific issues;
Assess the likelihood of fraud commitment.
scale used for assessmentUS practice: three level qualitative values
Assess the relevance of the RF: Impact of RF RR = Impact X LikelihoodUS practice: RR ≥ average – considered by IA
![Page 53: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/53.jpg)
53
2.1. Assessment of the risk of fraud
IA role – the process of ARF(cont.):Identify and assess the associated internal controls
Avoidance / ignorance of internal controls
Identify internal controls unable to mitigate the RF
Integrate the ARF results within the audit plan: a separate section dedicated to audit of fraud based on residual risk
![Page 54: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/54.jpg)
54
2.2. Audit of fraud
G.1210-A2.2 – Responsibilities for fraud detection (FD): – FD = identification of fraud indications sufficient
to request an investigation.
IA responsibilities:To have sufficient and appropriate knowledge regarding the fraud indications:
The basic elements of a fraud, Techniques used,Types of frauds particular for the audited areas;
![Page 55: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/55.jpg)
55
2.2. Audit of fraud
Responsabilităţile AI (cont.):să fie vigilent deficienţele SCI:
prezenţa mai multor indicii, simultan, creşte probabilitatea ca o fraudă să fi fost comisă;
să evalueze indiciile unei fraude şi să decidă dacă sunt necesare alte măsuri sau să se recomande o anchetă;să înştiinţeze autorităţile competente din cadrul entităţii.
![Page 56: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/56.jpg)
56
G. 1210.A2-1, Fraud detection
IA responsibilities:
To investigate and assess the existence and importance of eventual associations to commit frauds;
To establish the required knowledge, abilities and other competencies to conduct an investigation;
To set up procedures to be followed in order to identify the fraud authors, the fraud scope, the reasons, impacts, and the techniques used;
2.2. Audit of fraud
![Page 57: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/57.jpg)
57
2.2. Audit of fraud
IA responsibilities:
To coordinate its activities during the investigation with management, legal advisors, and any other expert involved;
To be aware of the rights of the supposed authors of fraud.
![Page 58: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/58.jpg)
58
2.2. Audit of fraud
G 1210.A2-1, Fraud detection: Reporting the results of an audit of fraud engagement – issues to be considered:
Recommendations for implementation and/or strengthening the internal controls;
Design audit test that would allow future detection of similar frauds;
The need to set up a knowledge file related to the risk of fraud;
Privileged information.
![Page 59: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/59.jpg)
59
2.2. Audit of fraud
IIAS 2400:
Immediate reporting to the executive management and the board:
If a relevant fraud has been detected – high certainty;
The fraud has had an adverse significant impact on the financial position and financial results reported for the previous years.
![Page 60: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/60.jpg)
60
![Page 61: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/61.jpg)
61
![Page 62: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/62.jpg)
62
![Page 63: AUDIT and INTERNAL CONTROL Conf. univ. dr. Camelia Dobroţeanu Prof. univ. dr. Laurenţiu Dobroţeanu Master Aprofundat 2009-2010 1.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649e6b5503460f94b69b74/html5/thumbnails/63.jpg)
63