Fraud & Internal Control Frank M. Klaus, CPA. Fraud Definition Fraud is the misappropriation of...
-
Upload
emma-mcgee -
Category
Documents
-
view
227 -
download
0
Transcript of Fraud & Internal Control Frank M. Klaus, CPA. Fraud Definition Fraud is the misappropriation of...
Fraud & Internal Control
Frank M. Klaus, CPA
Fraud Definition
Fraud is the misappropriation of assets for the benefit of an individual.
“Willful misrepresentation by one person of a fact inflicting damage on another person.”
“Any act involving the use of deception to obtain an illegal advantage.” ISACA
Fraud in operations.
Association of Certified Fraud Examiners
2006 Report to the Nation on Occupational Fraud and Abuse
The median government and not-for-profit frauds were around $100,000.
SAS No. 55 “Fraud is an intentional act the results in a
material misstatement in financial statements that are the subject of an audit.”
SAS No. 82 “Consideration of Fraud in a Financial
Statement Audit”
Adopted in 1997
Purpose: To clarify the auditor’s responsibility to detect fraud.
Revised as SAS No. 99
SAS No. 99 Effective December 2002
Same title as SAS No,. 82
Time period of:
Post Enron
SOX 2002
SAS No. 99 (Continued) Issued in response to the past ineffectiveness
of risk assessment process during audit.
Requires auditor to gauge the exposure of the entity to the risk of fraud.
“Brainstorming” requirement.
What does fraud include? Fraud includes:
Balance Sheet Misstatement
Theft of Assets
The Fraud Triangle
The three elements required for FRAUD:
The three side of the FRAUD triangle. 1. Opportunity
2. Rationalization
3. Pressure
Internal Control Issues The importance of good policies and
procedures.
Communicate
Publish
Update
Segregation of Duties
The importance of “segregation of duties” to the internal control process.
Yellow Book The role of the “Yellow Book” in the internal
control process.
The role of the government auditor.
The importance of review and approval by supervisors.
Yellow Book Update Government Auditing Standards
GAGAS: Generally Accepted Government Auditing Standards
Provides a framework for conducting high quality audits with competence, integrity, objectivity, and independence.
2007 Yellow Book Current Edition
Superseded by the 2011 Yellow Book
2011 Yellow Book Effective for financial audits and attestation
engagements for periods ending on or after December 15, 2012,
And for performance audits beginning on or after December 15, 2011.
Early implementation is not permitted.
Resources Electronic version of document available.
GAO’s Yellow Book Web Page
http://www.gao.gov/yellowbook
Not subject to copyright protection.
The Role of the Client. The client has a responsibility to:
Cooperate with the auditor
Keep the auditor informed of status updates.
Participate in activities such as
Flowcharting
Narratives
The Client Conference The final conference is in addition
communication during the audit process.
Client sign-off at the conclusion of the audit.
Who should attend the final conference?
Follow-up, if required.
Timing
Management’s Responsibility Set the Proper Tone at the Top of the
Organization.
Develop and implement policies and procedures.
Communicate importance and seriousness of issue.
Management’s Responsibility (Cont’d) Demonstrate by actions
Not just lip service
Importance of ATTITUDE.
COSO Framework Committee of Sponsoring Organizations
AAA AICPA IIA IMA FEI
COSO Formed by Treadway Commission to develop a
framework in which organizations could understand and improve their internal controls.
In 1992 issued Internal Control—Integrated Framework
Congress mandated controls reporting for public companies in 1992.
COSO Update
2006: Internal Controls over Financial Reporting—Guidance for Smaller Public Companies
2007: New auditing standards provide further support for the COSO Standards.
Five Components of COSO 1. Control environment
Sets the overall controls tone of an organization.
Foundation for all other components of internal control.
Five Components of COSO 2. Risk Assessment
Entity’s identification and analysis of risks in the achievement of its objectives.
Risks should be identified and managed.
Five Components of COSO 3. Information and Communication
Relates to the systems and reports that enable management and employees to carry out their objectives.
Five Components of COSO 4. Control Activities
Processes, Policies, and Procedures
Help ensure that management directives are carried out.
Consist of controls over the process.
Five Components of COSO 5. Monitoring
Process that oversees internal control performance.
COBIT
Published by the IT Governance Institute.
COBIT: Control Objectives for Information and related Technologies
Provides good practices across a domain and process framework and presents activities in a manageable and logical structure.
Business Orientation of COBIT
The business orientation of COBIT consists of linking business goals to IT goals.
Management Information
Dashboard Scorecard Benchmarking
Common Fraud Risk Areas
Sales and Cash Receipts
Purchasing and Cash Disbursements
Payroll
Equipment, Inventory and Anything Not Bolted Down
Antifraud Controls & Programs 1. Culture
Tone at the Top Workplace Environment Hiring & Promotion Training Disciplinary Action
Antifraud Controls & Programs 2, Evaluating Antifraud Processes and
Controls ID Risk Mitigate Risks Implement Controls Monitor Controls
Antifraud Controls & Programs 3. Oversight
Audit Committee Inspector General Internal Auditor Independent External Auditor Certified Fraud Examiner
Antifraud Controls & Programs 4. Miscellaneous
AICPA ISACA ACFE International Standards of Auditing
Conclusion 1. Fraud can occur in any organization.
2. Management must set the tone at the top.
3. Everyone should be cognizant of the organization’s internal control policies and procedures.
4. Policies and procedures must be monitored and enforced.
Final Thought
“The best fraud is no fraud.”
Contact Information Frank M. Klaus, CPA Cleveland State University Department of Accounting 2121 Euclid Avenue Cleveland, OH 44115