Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present...
-
Upload
hoangduong -
Category
Documents
-
view
256 -
download
6
Transcript of Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present...
![Page 1: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/1.jpg)
DaveCo(on,CPA,CFE,CGFMCo(on&Company,LLPAlexandria,Virginia
dco$on@co$oncpa.com
Fraud Risk Management & COSO: Past, Present & Future
WinterSeminar19January2017
![Page 2: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/2.jpg)
DAVIDL.COTTON,CPA,CFE,CGFMCOTTON&COMPANYLLPCHAIRMAN
DaveCottonischairmanofCotton&CompanyLLP,CertifiedPublicAccountants,headquarteredinAlexandria,Virginia.Thefirmwasfoundedin1981andhasapracticeconcentrationinassistingFederalandStategovernmentagencies,inspectorsgeneral,andgovernmentgranteesandcontractorswithavarietyofgovernmentprogram-relatedassuranceandadvisoryservices.Cotton&Companyhasperformedgrantandcontract,indirectcostrate,financialstatement,financialrelated,andperformanceauditsformorethantwodozenFederalinspectorsgeneralaswellasnumerousotherFederalandStateagenciesandprograms.Cotton&Company’sFederalagencyauditclientshaveincludedtheU.S.GovernmentAccountabilityOffice,U.S.Navy,U.S.MarineCorps,U.S.HouseofRepresentatives,U.S.CapitolPolice,U.S.SmallBusinessAdministration,U.S.BureauofPrisons,MillenniumChallengeCorporation,U.S.MarshalsService,andBureauofAlcohol,Tobacco,FirearmsandExplosives.Cotton&CompanyalsoassistsnumerousFederalagenciesinpreparingfinancialstatementsandimprovingfinancialmanagement,accounting,andinternalcontrolsystems.DavereceivedaBSinmechanicalengineering(1971)andanMBAinmanagementscienceandlaborrelations(1972)fromLehighUniversityinBethlehem,PA.HealsopursuedgraduatestudiesinaccountingandauditingattheUniversityofChicagoGraduateSchoolofBusiness(1977to1978).HeisaCertifiedPublicAccountant(CPA),CertifiedFraudExaminer(CFE),andCertifiedGovernmentFinancialManager(CGFM).DaveservedontheAdvisoryCouncilonGovernmentAuditingStandards(theCounciladvisestheUnitedStatesComptrollerGeneralonpromulgationofGovernmentAuditingStandards—GAO’syellowbook)from2006to2009.HeservedontheInstituteofInternalAuditors(IIA)Anti-FraudProgramsandControlsTaskForceandco-authoredManagingtheBusinessRiskofFraud:APracticalGuide.HeservedontheAmericanInstituteofCPAsAnti-FraudTaskForceandco-authoredManagementOverride:TheAchillesHeelofFraudPrevention.Daveisthepast-chairoftheAICPAFederalAccountingandAuditingSubcommitteeandhasservedontheAICPAGovernmentalAccountingandAuditingCommitteeandtheGovernmentTechnicalStandardsSubcommitteeoftheAICPAProfes-sionalEthicsExecutiveCommittee.DavechairedtheFraudRiskManagementTaskForce,sponsoredbyCOSOandACFEandisaprincipalauthoroftheCOSO-ACFEFraudRiskManagementGuide.HeispresentlyservingontheAICPA’sPerformanceAuditStandardsTaskForce.DaveservedontheboardoftheVirginiaSocietyofCertifiedPublicAccountants(VSCPA)andontheVSCPALitigationServicesCommittee,ProfessionalEthicsCommittee,QualityReviewCommittee,andGovernmentalAccountingandAuditingCommittee.HeisamemberoftheAssociationofGovernmentAccountants(AGA)andpast-advisoryboardchairmanandpast-presidentoftheAGANorthernVirginiaChapter.HeisalsoamemberoftheInstituteofInternalAuditorsandtheAssociationofCertifiedFraudExaminers.
Davehastestifiedasanexpertingovernmentalaccounting,auditing,andfraudissuesbeforetheUnitedStatesCourtofFederalClaimsandotheradministrativeandjudicialbodies.Davehasspokenfrequentlyoncostaccounting,professionalethics,andauditors’frauddetectionresponsibilitiesunderSAS99,ConsiderationofFraudinaFinancialStatementAudit.HehasbeenaninstructorfortheGeorgeWashingtonUniversitymastersofaccountancyprogram(FraudExaminationandForensicAccounting),andhasinstructedfortheGeorgeMasonUniversitySmallBusinessDevelopmentCenter(FundamentalsofAccountingforGovernmentContracts).DavewastherecipientoftheAGA’s2006BarrAward(“torecognizethecumulativeachievementsofprivatesectorindividualswhothroughouttheircareershaveservedasarolemodelforothersandwhohaveconsistentlyexhibitedthehighestpersonalandprofessionalstandards”)aswellasAGA’s2012EducatorAward(“torecognizeindividualswhohavemadesignificantcontributionstotheeducationandtrainingofgovernmentfinancialmanagers”).
![Page 3: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/3.jpg)
dco$on@co$oncpa.com 1
WinterSeminar19January2017
Plan for This Session …
Fraud Happens ACFE Fraud Statistics Anti-Fraud Guidance Managing the Business Risk of Fraud COSO Update and Assessing Fraud Risk COSO-ACFE Task Force GAO Green Book and Assessing Fraud Risk GAO’s Fraud Risk Management Framework
Fraud Happens …
![Page 4: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/4.jpg)
dco$on@co$oncpa.com 2
WinterSeminar19January2017
Billy-Bob …
Is fantastic … Has been with us for years … Does ALL of the accounting stuff so that we can focus on more important things … Works long hours and many weekends … Never takes a vacation … Works for very modest pay and never asks for a raise (we think he inherited some money/retired after a successful career in some other field) … Has turned down offers to work elsewhere for more money because he believes in our mission …
Mary-Lou …
Is fantastic and totally dedicated to our mission … Has been our executive director since our founding … We wouldn’t be where we are today without her … Is a “hands-on” and “no nonsense” executive and makes all of the important decisions … Works long hours and most weekends … Never takes a vacation … Knows everyone on the board and personally recommended each one … Makes board service easy, because she really runs the organization with an iron hand …
![Page 5: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/5.jpg)
dco$on@co$oncpa.com 3
WinterSeminar19January2017
Fraud Happens …
Four words precede EVERY fraud:
Eight words follow EVERY fraud:
5
The Talented AGA Member from Tennessee
Case Study
![Page 6: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/6.jpg)
dco$on@co$oncpa.com 4
WinterSeminar19January2017
The Talented AGA Member from Tennessee
Jeffrey Wayne Hughes, CGFM, CFE, MBA
Case Study
The Talented AGA Member from Tennessee Jeffrey Wayne Hughes has an impressive resume ! BBA, Human Resources Management & Accounting, 2005, Univ. of
Northern Alabama
! MBA, Management, 2008, Univ. of Northern Alabama
! Auditor II, Tennessee Comptroller of the Treasury, Mar 2006 - Feb 2010
! Regional Accountant, TN Dept. of Health, Feb 2010 – Sep 2010
! Chairman of the Board, A Kid’s Place Child Advocacy Center, Jul 2014 – Mar 2016
! Lawrence County (TN) Commissioner, Sep 2014 – Mar 2016
! State of Tennessee Fiscal Director, Sep 2012 – Apr 2016
! Customer Service Representative, Amazon, Jun 2016 – Jul 2016
Case Study
![Page 7: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/7.jpg)
dco$on@co$oncpa.com 5
WinterSeminar19January2017
The Talented AGA Member from Tennessee Jeff Hughes was a rising star at AGA
Case Study
![Page 8: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/8.jpg)
dco$on@co$oncpa.com 6
WinterSeminar19January2017
The Talented AGA Member from Tennessee Jeff Hughes was, until recently, seeking new employment
Case Study
![Page 9: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/9.jpg)
dco$on@co$oncpa.com 7
WinterSeminar19January2017
The Talented AGA Member from Tennessee Jeffrey’s life changed abruptly in April 2016
Case Study
Source: http://www.wsmv.com/story/31738666/former-lawrence-co-commissioner-indicted-on-theft-forgery-charges
The Talented AGA Member from Tennessee Jeffrey’s life changed abruptly in April 2016
Case Study
Source: http://www.wsmv.com/story/31738666/former-lawrence-co-commissioner-indicted-on-theft-forgery-charges
![Page 10: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/10.jpg)
dco$on@co$oncpa.com 8
WinterSeminar19January2017
The Talented AGA Member from Tennessee Case Study
Source: http://www.lawrenceburgnow.com/120516former.html
Case Study
![Page 11: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/11.jpg)
dco$on@co$oncpa.com 9
WinterSeminar19January2017
According to the Comptroller’s Investigation " Lawrence County Fire and Rescue operates as an umbrella
organization to facilitate the operations of the 13 volunteer fire departments in Lawrence County, including Crossroads VFD.
Case Study
" Hughes served as treasurer for both Lawrence County Fire and Rescue and for the Crossroads VFD
" Hughes misappropriated at least $254,266 by issuing unauthorized fire and rescue checks for his personal benefit
According to the Comptroller’s Investigation " Hughes:
! Wrote more than 80 checks payable to cash totaling over $188,679
! Wrote more than 80 checks totaling $42,491 to Walmart … to purchase gift cards
! Made other improper withdrawals totaling $12,651
! Funneled $10,445 from the LCF&R account to the Crossroads VFD account, then diverted those funds for his personal use
! Misappropriated at least $10,800 from Crossroads VFD
Case Study
![Page 12: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/12.jpg)
dco$on@co$oncpa.com 10
WinterSeminar19January2017
According to the Comptroller’s Investigation Case Study
According to the Comptroller’s Investigation
" LCF&R officers indicated that their signatures on the unauthorized checks were not authentic
" The LCF&R board did not approve and was not aware of the fraudulent activity
Case Study
![Page 13: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/13.jpg)
dco$on@co$oncpa.com 11
WinterSeminar19January2017
Case Study
FRAUD
opportunity
Motive Pressure
Attitude rationalization
The Talented AGA Member from Tennessee
Case Study
Fraud risk factors/indicators
The Talented AGA Member from Tennessee
![Page 14: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/14.jpg)
dco$on@co$oncpa.com 12
WinterSeminar19January2017
According to the Comptroller’s Investigation Case Study
The Talented and Tragic AGA Member from Tennessee
Case Study
![Page 15: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/15.jpg)
dco$on@co$oncpa.com 13
WinterSeminar19January2017
TheEmbezzelingAuditor
Case Study
TheEmbezzelingAuditor
RobinA.Howard
Case Study
![Page 16: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/16.jpg)
dco$on@co$oncpa.com 14
WinterSeminar19January2017
TheEmbezzelingAuditor
# BSAccoun>ng,HawaiiPacificUniversity(1997)# MBABusiness/Accoun>ng,TroyStateUniversity# Manager,InternalAudit,WashingtonMetropolitanArea
TransitAuthority,2002-2006# Manager,MorganFranklinCorp.,2006-2007# ChiefAuditExecu>ve,PrinceWilliamCounty,2008-1012# AuditorGeneral,MetropolitanAtlantaRapidTransit
Authority,Jan2012–Apr2013# Ac>veIIAMember,WashingtonDCChapter,Treasurer
andChapterPresident
Case Study
TheEmbezzelingAuditorCase Study
![Page 17: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/17.jpg)
dco$on@co$oncpa.com 15
WinterSeminar19January2017
TheEmbezzelingAuditorAccordingto# Howardwasindictedon6countsof
embezzelment,accusedofstealingmorethan$30,000,fromtheDCChapteroftheIIAbetween2009and2012
# HowardresignedfromhisMARTAposi>on# Howardhadabout$24,000inchild-support
judgmentsagainsthim
Case Study
TheEmbezzelingAuditorCase Study
![Page 18: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/18.jpg)
dco$on@co$oncpa.com 16
WinterSeminar19January2017
TheEmbezzelingAuditor
# Accordingto# Duringhis2-years>ntastreasurer,Howard
hadbankstatementssenttohishome# WhenHowardwaselectedchapter
president,thenewtreasurerallowedthestatementstocon>nuetogotoHoward
# WhenHowardmovedtoAtlanta,thechapterhaddifficultygeangaccoun>ngrecordsreturnedfromHoward
Case Study
TheEmbezzelingAuditor
# Accordingto# “ThePrinceWilliamCountyindictment
issuedMondayaccusesHowardofsixcountsofembezzlementinvolvingatotalofabout$50,000…”
# “TheAJClearnedthougharecordssearchthatHowardhasahistoryoffive-figureliensandcourtjudgmentsagainsthim.”
Case Study
![Page 19: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/19.jpg)
dco$on@co$oncpa.com 17
WinterSeminar19January2017
TheEmbezzelingAuditorCase Study
TheEmbezzelingAuditorCase Study
![Page 20: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/20.jpg)
dco$on@co$oncpa.com 18
WinterSeminar19January2017
TheEmbezzelingAuditorAlfordplea:InanAlfordPlea,thecriminaldefendantdoesnotadmittheact,butadmitsthattheprosecu>oncouldlikelyprovethecharge.Thecourtwillpronouncethedefendantguilty.Thedefendantmaypleadguiltyyetnotadmitallthefactsthatcomprisethecrime.AnAlfordpleaallowsdefendanttopleadguiltyevenwhileunableorunwillingtoadmitguilt.
Case Study
Source:hfps://defini>ons.uslegal.com/a/alford-plea/
TheEmbezzelingAuditorCase Study
![Page 21: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/21.jpg)
dco$on@co$oncpa.com 19
WinterSeminar19January2017
Case Study
FRAUD
opportunity
Motive Pressure
Attitude rationalization
TheEmbezzelingAuditor
Case Study
Fraud risk factors/indicators
TheEmbezzelingAuditor
![Page 22: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/22.jpg)
dco$on@co$oncpa.com 20
WinterSeminar19January2017
ACFE Fraud Statistics
The Magnitude of Fraud
40
![Page 23: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/23.jpg)
dco$on@co$oncpa.com 21
WinterSeminar19January2017
The typical organization loses 5% of its revenues to fraud each year Median loss caused by fraud in the cases studied was ~$150,000 Frauds lasted a median of 18 months before being detected Asset misappropriation: • 83% of cases; median loss ~$125,000
Financial statement (managerial) fraud: • <10% of cases; median loss of ~$975,000
Corruption schemes: • 35.4% of cases; median loss of $200,000
41
TheMagnitudeofFraudThisiswheremostofthe
fraudac8onis.
But,thesefraudscanbeando<enarecatastrophic.
![Page 24: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/24.jpg)
dco$on@co$oncpa.com 22
WinterSeminar19January2017
Most common means of detection: tips from employees of the victim organization-- ~39.1% of cases
43
TheMagnitudeofFraud
![Page 25: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/25.jpg)
dco$on@co$oncpa.com 23
WinterSeminar19January2017
![Page 26: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/26.jpg)
dco$on@co$oncpa.com 24
WinterSeminar19January2017
Most common means of detection: tips from employees of the victim organization-- ~39.1% of cases Organizations should make it as easy as possible for employees to report concerns Fraud hotlines used to be expensive; and sometimes distrusted New web-based hotline systems are inexpensive; and provide greater trust by employees; and allow follow-up contact with whistleblowers CAUTION: before engaging a third-party hotline provider, perform due diligence regarding information security C&C list of providers available on request
47
TheMagnitudeofFraud
Most common means of detection: tips from employees of the victim organization-- ~39.1% of cases Corruption and billing schemes pose the greatest risk Fraud is a significant threat to small businesses, with disproportionate losses Most commonly victimized industries: • Banking and financial services • Government and public administration • Manufacturing
Presence of anti-fraud controls notably correlated with decreases in the cost and duration of frauds Perpetrators with higher levels of authority tend to cause much larger losses The longer a perpetrator has been with an organization, fraud losses tend to be higher
48
TheMagnitudeofFraud
![Page 27: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/27.jpg)
dco$on@co$oncpa.com 25
WinterSeminar19January2017
![Page 28: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/28.jpg)
dco$on@co$oncpa.com 26
WinterSeminar19January2017
~76% of frauds committed by individuals in one of seven departments: • Accounting: ~16% • Operations: ~15% • Sales: ~12% • Executive/upper management: ~11% • Customer service: ~9% • Purchasing: ~8% • Finance: ~5%
Collusion results in higher losses: 1 perp, median loss $80,000; 2 perps, $200,000; 3 perps, $355,000; 4 or more perps, > $500,000
52
TheMagnitudeofFraud
![Page 29: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/29.jpg)
dco$on@co$oncpa.com 27
WinterSeminar19January2017
![Page 30: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/30.jpg)
dco$on@co$oncpa.com 28
WinterSeminar19January2017
Organizations with hotlines are MUCH more likely to detect fraud by tips Organizations with hotlines had frauds that were 41% less costly Organizations with hotlines detected frauds 50% more quickly
55
TheMagnitudeofFraud
In 91% of cases, the perpetrator displayed one or more red flags: • Living beyond means—46% of cases • Financial problems—30% of cases • Unusually close association with vendors/customers—20% of cases • Excessive control issues—15% of cases • “Wheeler-Dealer” attitude—15% of cases • Divorce/family problems—13% of cases • Irritability, suspiciousness, defensiveness—12% of cases • Addiction problems—10% of cases
• No behavioral red flags—9% of cases
56
TheMagnitudeofFraud
![Page 31: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/31.jpg)
dco$on@co$oncpa.com 29
WinterSeminar19January2017
58.1% of victim organizations do not recover ANY losses suffered
58
TheMagnitudeofFraud
![Page 32: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/32.jpg)
dco$on@co$oncpa.com 30
WinterSeminar19January2017
Fraud is universal Fraud reporting mechanisms—hotlines—are critical to effective anti-fraud programs External audits are useful in deterrence, but detect very few (~3%) frauds Fraud awareness training is critical to preventing and detecting fraud Small organizations are particularly vulnerable Most fraudsters exhibit behavioral red flags The cost of fraud—financially and reputationally—can be devastating
60
ACFE Conclusions
![Page 33: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/33.jpg)
dco$on@co$oncpa.com 31
WinterSeminar19January2017
The Magnitude of Fraud
61
http://www.acfe.com/rttn2016.aspx
Anti-Fraud Guidance
![Page 34: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/34.jpg)
dco$on@co$oncpa.com 32
WinterSeminar19January2017
Historical Perspective on Anti-Fraud Guidance
2000-2002 were traumatic years for the accountability profession • Enron, WorldCom, Tyco, Global Crossing, Waste Management,
Baptist Foundation of America, Peregrine, AOL/Time Warner, HealthSouth, Adelphia, IMClone
• Demise of Arthur Andersen
In 2002, the AICPA formed a task force: The Antifraud Programs and Controls Task Force
64
![Page 35: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/35.jpg)
dco$on@co$oncpa.com 33
WinterSeminar19January2017
Historical Perspective on Anti-Fraud Guidance
The Task Force’s Mandate: develop “attestable criteria” for an organization to follow in implementing anti-fraud programs and controls The Task Force rebelled against that mandate • More immediately important guidance was needed • Recent catastrophic frauds (Enron, WorldCom, Tyco, Global
Crossing, Waste Management, Baptist Foundation of America, Peregrine, AOL/Time Warner, HealthSouth, Adelphia, IMClone) ALL caused by management override of internal control
FREEat:hfp://www.cofoncpa.com/outreach/thought-leadership/
New Guidance for Audit Committees
Publishedin2005Recentlyupdated…
![Page 36: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/36.jpg)
dco$on@co$oncpa.com 34
WinterSeminar19January2017
TARGET AUDIENCE:
Those Charged with Governance
ManagementOverride:TheAchilles’HeelofInternalControl
ManagementOverride:TheAchilles’HeelofInternalControl
The Audit Committee’s Responsibilities Actions to Address the Risk of Management Override of Internal Controls • Maintaining Skepticism • Strengthening Committee Understanding of the Business Brainstorming
to Identify Fraud Risks • Using the Code of Conduct to Assess Financial Reporting Culture • Cultivating a Vigorous Whistleblower Program • Developing a Broad Information and Feedback Network
Appendix: Suggested Audit Committee Procedures: Strengthening Knowledge of the Business and Related Financial Statement Risks • Incentives or Pressures on Management • Opportunities Management Can Exploit
![Page 37: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/37.jpg)
dco$on@co$oncpa.com 35
WinterSeminar19January2017
A Restructured Task Force then Went Back to the Future
Under IIA leadership (President Dave Richards), a reconstituted task force returned to the original (attestable criteria) mandate
70
![Page 38: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/38.jpg)
dco$on@co$oncpa.com 36
WinterSeminar19January2017
Is your organization fully committed to protecting
stakeholder assets?
FREEat:hfp://www.cofoncpa.com/
wp-content/uploads/2014/08/
ManagingTheBusinessRiskofFraud.pdf
Publishedin2007
![Page 39: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/39.jpg)
dco$on@co$oncpa.com 37
WinterSeminar19January2017
Managing the Business Risk of Fraud: A Practical Guide
Managing the Business Risk of Fraud: A Practical Guide
![Page 40: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/40.jpg)
dco$on@co$oncpa.com 38
WinterSeminar19January2017
Anti-Fraud Principles
Principle 1: As part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk.
Principle 2: Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate.
Anti-Fraud Principles
Principle 3: Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization.
Principle 4: Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized.
Principle 5: A reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely.
![Page 41: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/41.jpg)
dco$on@co$oncpa.com 39
WinterSeminar19January2017
FLASH UPDATE
The 2013 Updated COSO Internal Control Framework added 17 Principles Principle #8: “Theorganiza:onconsidersthepoten:alforfraudinassessingriskstotheachievementofobjec:ves.”
![Page 42: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/42.jpg)
dco$on@co$oncpa.com 40
WinterSeminar19January2017
Fraud Risk Assessment
![Page 43: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/43.jpg)
dco$on@co$oncpa.com 41
WinterSeminar19January2017
Joint COSO-ACFE Task Force
COSO Principle #8 (Assess Fraud Risk) resulted in a need for more specific guidance on assessing fraud risk Task Force updated Managing the Business Risk of Fraud: A Practical Guide (originally published in 2007) Update was completed by the end of 2015 Guide was issued in September 2016
Joint COSO-ACFE Task Force Barbara Andrews AICPA
Michael Birdsall Comcast Corporation
Toby Bishop Formerly ACFE, Deloitte
Margot Cella Center for Audit Quality
David Coderre Comptroller General of Canada
Dave Cotton Cotton & Company LLP
James Dalkin GAO
Ron Durkin Durkin Forensics
Bert Edwards Formerly State Department
Frank Faist Time Warner Cable
Eric Feldman Formerly CIA/NRO/DoD OIG
Dan George USAC
John D. Gill ACFE
Leslye Givarz Formerly AICPA, PCAOB
Cindi Hook Comcast Corporation
Sandra K. Johnigan Johnigan, PC
Bill Leone Norton Rose Fulbright
Andi McNeal ACFE
Linda Miller GAO
Kemi Olateju General Electric
Chris Pembroke Crawford & Associates, PC
J. Michael Peppers University of Texas
Kelly Richmond Pope DePaul University
Carolyn Devine Saint University of Virginia
Jeffrey Steinhoff KPMG
William Titera Formerly EY
Michael Ueltzen Ueltzen & Company
Pamela Verick Protiviti
Vincent Walden EY
Bill Warren PwC
Richard Woodford DOL-OIG
![Page 44: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/44.jpg)
dco$on@co$oncpa.com 42
WinterSeminar19January2017
Updated Guide
Similar to MBRF; more up-to-date More emphasis on data analytics 5 Principles (slightly different than MBRF) and many Points of Focus 5 Fraud Risk Management Principles correlate with the COSO Components and Principles More robust appendices MBRF: ~80 pages Updated version: ~285 pages
![Page 45: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/45.jpg)
dco$on@co$oncpa.com 43
WinterSeminar19January2017
Mapping of COSO Components and Principles to the Fraud Risk Management Guide
Principles and Points of Focus Principles are the fundamental concepts associated with internal control components • In order for an organization to have an effective system of internal
control, each of the 17 internal control Principles is present and functioning
• In order for an organization to have an effective system of fraud risk management, each of the 5 fraud risk management Principles is present and functioning
Points of Focus are important characteristics of Principles. • Points of Focus may assist management in designing,
implementing, and conducting internal control (and managing fraud risk) and assessing whether principles are present and functioning.
• Management does not need to assess separately whether Points of Focus are in place.
![Page 46: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/46.jpg)
dco$on@co$oncpa.com 44
WinterSeminar19January2017
Control Environment
Risk Assessment
Control Activities Information & Communication
Monitoring Activities
Updated Guide Can Be Used:
Just for complying with Principle #8—performing a fraud risk assessment, or For developing and implementing a comprehensive fraud risk management program
![Page 47: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/47.jpg)
dco$on@co$oncpa.com 45
WinterSeminar19January2017
So, ….
YougettoworkoneMondaymorningandyourbosssays,“Hey,weneedtodoafraudriskassessmentinordertocomplywiththenewCOSOPrincipleaboutfraudrisk,andwewantyoutoheaduptheefforttodothatforus.Getstartedrightawayandreportbackwhenyouaredone.”
Whatwouldyoudo?
90
FraudRiskAssessment
The Risk Assessment Process …
![Page 48: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/48.jpg)
dco$on@co$oncpa.com 46
WinterSeminar19January2017
91
Establishthefraudriskassessmentteam,considering:
-Appropriatemanagementlevels-Allorganiza8onalcomponents
Iden8fyallfraudschemesandfraudrisks,considering:
-Internalandexternalfactors-Varioustypesoffraud-Riskofmanagementoverride
FraudRiskAssessment
![Page 49: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/49.jpg)
dco$on@co$oncpa.com 47
WinterSeminar19January2017
![Page 50: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/50.jpg)
dco$on@co$oncpa.com 48
WinterSeminar19January2017
95
Establishthefraudriskassessmentteam,considering:
-Appropriatemanagementlevels-Allorganiza8onalcomponents
Iden8fyallfraudschemesandfraudrisks,considering:
-Internalandexternalfactors-Varioustypesoffraud-Riskofmanagementoverride
Es8matelikelihoodandsignificanceofeachfraud
schemeandrisk
FraudRiskAssessment
![Page 51: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/51.jpg)
dco$on@co$oncpa.com 49
WinterSeminar19January2017
97
Establishthefraudriskassessmentteam,considering:
-Appropriatemanagementlevels-Allorganiza8onalcomponents
Iden8fyallfraudschemesandfraudrisks,considering:
-Internalandexternalfactors-Varioustypesoffraud-Riskofmanagementoverride
Es8matelikelihoodandsignificanceofeachfraud
schemeandrisk
Determineallpersonnelanddepartmentspoten8allyinvolvedconsideringthefraudtriangle
Iden8fyexis8ngcontrolsandassesstheireffec8veness
Assessandrespondtoresidualrisksthatneedtobemi8gated:-Strengthenexis8ngcontrolac8vi8es-Addcontrolac8vi8es-Considerdataanaly8cs
Documenttheriskassessment
FraudRiskAssessment
Documenting the Fraud Risk Assessment
![Page 52: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/52.jpg)
dco$on@co$oncpa.com 50
WinterSeminar19January2017
99
Establishthefraudriskassessmentteam,considering:
-Appropriatemanagementlevels-Allorganiza8onalcomponents
Iden8fyallfraudschemesandfraudrisks,considering:
-Internalandexternalfactors-Varioustypesoffraud-Riskofmanagementoverride
Es8matelikelihoodandsignificanceofeachfraud
schemeandrisk
Determineallpersonnelanddepartmentspoten8allyinvolvedconsideringthefraudtriangle
Iden8fyexis8ngcontrolsandassesstheireffec8veness
Assessandrespondtoresidualrisksthatneedtobemi8gated:-Strengthenexis8ngcontrolac8vi8es-Addcontrolac8vi8es-Considerdataanaly8cs
Documenttheriskassessment
Reassessriskperiodically,consideringchanges:
-Externaltotheorganiza8on-Opera8onal-Leadership
FraudRiskAssessment
Appendices A:GLOSSARYB:ROLESANDRESPONSIBILITIESC:CONSIDERATIONSFORSMALLERENTITIESD:REFERENCEMATERIALE:DATAANALYTICS
![Page 53: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/53.jpg)
dco$on@co$oncpa.com 51
WinterSeminar19January2017
Data Analytics
Appendices G:LISTOFFRAUDRISKEXPOSURESH:SAMPLEFRAUDRISKASSESSMENTI:FRAUDRISKMANAGEMENTASSESSMENTSCORECARDS
I1:FRAUDRISKGOVERNANCEI2:FRAUDRISKASSESSMENTI3:FRAUDCONTROLACTIVITIESI4:FRAUDINVESTIGATIONANDFOLLOWUPI5:FRAUDRISKMANAGEMENTMONITORING
![Page 54: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/54.jpg)
dco$on@co$oncpa.com 52
WinterSeminar19January2017
![Page 55: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/55.jpg)
dco$on@co$oncpa.com 53
WinterSeminar19January2017
![Page 56: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/56.jpg)
dco$on@co$oncpa.com 54
WinterSeminar19January2017
Appendices G:LISTOFFRAUDRISKEXPOSURESH:SAMPLEFRAUDRISKASSESSMENTI:FRAUDRISKMANAGEMENTASSESSMENTSCORECARDS
I1:FRAUDRISKGOVERNANCEI2:FRAUDRISKASSESSMENTI3:FRAUDCONTROLACTIVITIESI4:FRAUDINVESTIGATIONANDFOLLOWUPI5:FRAUDRISKMANAGEMENTMONITORING
J:HYPERLINKSTOADDITIONALTOOLS
![Page 57: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/57.jpg)
dco$on@co$oncpa.com 55
WinterSeminar19January2017
HYPERLINKSTOADDITIONALTOOLS
Points of Focus Documentation Templates
Points of Focus Documentation Templates
![Page 58: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/58.jpg)
dco$on@co$oncpa.com 56
WinterSeminar19January2017
HYPERLINKSTOADDITIONALTOOLS
Points of Focus Documentation Templates Risk Assessment and Follow-up Actions Template
Risk Assessment and Follow-up Actions Template
![Page 59: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/59.jpg)
dco$on@co$oncpa.com 57
WinterSeminar19January2017
Fraud Risk Heat Map
Fraud Risk Ranking Matrix
![Page 60: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/60.jpg)
dco$on@co$oncpa.com 58
WinterSeminar19January2017
HYPERLINKSTOADDITIONALTOOLS
Points of Focus Documentation Templates Risk Assessment and Follow-up Actions Template Log for allegations of fraud and investigation results
Log for allegations of fraud and investigation results
![Page 61: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/61.jpg)
dco$on@co$oncpa.com 59
WinterSeminar19January2017
HYPERLINKSTOADDITIONALTOOLS
Points of Focus Documentation Templates Risk Assessment and Follow-up Actions Template Log for allegations of fraud and investigation results Interactive Scorecards Library of Data Analytics Tests
Skimming
![Page 62: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/62.jpg)
dco$on@co$oncpa.com 60
WinterSeminar19January2017
Library of Data Analytics Tests
CASH - SKIMMING Cash Receipts Analysis Review sequential numbering of cash receipts journal to ensure no out-of-sequence numbers
Vertical Analysis Vertical analysis of sales accounts, (i.e., cash as a percentage of total assets over time, etc. can be used to detect skimming at a high level)
Horizontal Analysis Horizontal analysis of sales accounts, (i.e., cash percent change over time, can be used to detect skimming at a high level) Current Ratio Analysis Track current assets to current liabilities over time Quick Ratio Analysis (Cash+Securities+Receivables) over Current Liabilities percent change over time
Inventory Analysis
Track inventory shrinkage due to unrecorded sales. Inventory detection may include statistical sampling, trend analysis, reviews of receiving reports and inventory records and verification for material requisition and shipping documentation as well as actual physical inventory counts
Red Flags Bank employee questions the validity of a check Red Flags Inspect for a forged endorsement on a check Red Flags Inspect for an employee bank account with a name similar to the company name Red Flags Inspect for alteration of the check payee or endorsement
Journal Entry Review
Analysis of journal entries made to the cash and inventory accounts to identify: (1) False credits to inventory to conceal unrecorded or understated sales, (2) Write-offs related to lost, stolen or obsolete product, (3) Write-offs to accounts receivable, (4) Irregular entries to cash accounts
Journal Entry Review Analysis of journal entries to review suspicous or inaccurate journal entries.
Journal Entry Review Identify larger entries split into smaller entries to avoid exceeding their approval limit. To ensure authorization and validity of the Journal Entry based on the approval limits
Bid Rigging
![Page 63: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/63.jpg)
dco$on@co$oncpa.com 61
WinterSeminar19January2017
Library of Data Analytics Tests
BID RIGGING
Corruption: Bid Rigging Compare inventory levels and turnover rates on a by project or by product basis, by region
Corruption: Bid Rigging Inventory written-off and then new purchase made (total write-offs and quantities purchased by product)
Corruption: Bid Rigging Compare contract awards by vendor (number of contracts won compared to bids submitted)
Corruption: Bid Rigging Sole sourced contracts - number of bids per contract
Corruption: Bid Rigging Check for vague contract specifications: (i) amendments, extension, increases in contract values, (ii) total number of amendments, (iii) original delivery date and final delivery date, (iv) original contract value and final contract value
Corruption: Bid Rigging Check for split contract (same vendor, same day)
Corruption: Bid Rigging Bids submitted after bid closing date
Corruption: Bid Rigging Last bid wins
Corruption: Bid Rigging Low bidder drops out, and subcontracts to higher bidder (compare contractor with invoice payee)
Corruption: Bid Rigging Fictitious bids - verify bidders and prices
Fictitious Revenue
![Page 64: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/64.jpg)
dco$on@co$oncpa.com 62
WinterSeminar19January2017
Library of Data Analytics Tests
REVENUE RECOGNITION
Bill & Hold Analysis of inventory that has been "segregated" or shipped to a third party intermediary where the customer has not taken title and assumed the risks, yet the company has booked this isolated inventory as revenue
Bill & Hold Identify revenue and receivables recorded prior to shipment Channel Stuffing Compare discounts or incentives on a monthly basis to identify unusual spikes at the end of the quarter or year. Channel Stuffing Compare sales and corresponding returns on a per customer basis Debt Swap Identification of Journal Entries with Net Debit to Liability and Credit to Revenue Debt Swap Identification of Journal Entries with Net Debit to Liability and Credit to Expenses Fake Invoices Analysis of sequentially numbered invoices
Fake Invoices Benford's analysis of the first two digits to identify anomalies such as a disproportionate number of invoices starting with 7, 8 or 9 Fake Invoices Analysis of company names that "sound like" known vendors
Fake Invoices Examine inventory records to identify locations or items that require specific attention during or after the physical inventory count Revenue Recognition Analysis and anomaly detection of the sequence of transactions to identify missing checks, invoices Revenue Recognition Compare A/R credit memos to A/P invoices Revenue Recognition Compare revenue reported by month and by product line during the current period with comparable prior periods
Revenue Recognition Confirm with selected, high risk customers relevant contract terms or question company staff regarding shipments near the end of the period
Revenue Recognition Identification of revenue recognized at period end and subsequently reversed or partially reversed
Fraud Triangle Analytics E-mail analysis of selected employees (accounting or sales) for "Rev Rec" related key words around incentive/pressure, opportunity and rationalization
Appendices G:LISTOFFRAUDRISKEXPOSURESH:SAMPLEFRAUDRISKASSESSMENTI:FRAUDRISKMANAGEMENTASSESSMENTSCORECARDS
I1:FRAUDRISKGOVERNANCEI2:FRAUDRISKASSESSMENTI3:FRAUDCONTROLACTIVITIESI4:FRAUDINVESTIGATIONANDFOLLOWUPI5:FRAUDRISKMANAGEMENTMONITORING
J:HYPERLINKSTOADDITIONALTOOLSK:MANAGINGTHERISKOFFRAUDINGOVERNMENT
![Page 65: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/65.jpg)
dco$on@co$oncpa.com 63
WinterSeminar19January2017
The Plan for the Guide
Completed and issued as COSO “guidance” in 2016 COSO will then vet the Guide by exposing it for public comment COSO will re-issue the vetted product as a 3rd COSO Framework
COSO Frameworks
Framework
![Page 66: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/66.jpg)
dco$on@co$oncpa.com 64
WinterSeminar19January2017
FLASH UPDATE
GAO’s Green Book, Standards for Internal Control in the Federal Government, was updated in 2014 to mirror the 2013 updated COSO Framework. Green Book Principle #8: “Management should consider the potential for fraud when identifying, analyzing, and responding to risks.”
![Page 67: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/67.jpg)
dco$on@co$oncpa.com 65
WinterSeminar19January2017
COSO Framework vs GAO Green Book
COSO Framework Principles and Points of Focus Best Practices (i.e. no “shoulds” or “musts”)
GAO Green Book Principles and Attributes Mandatory Standards (i.e. contains “shoulds” and “musts”)
![Page 68: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/68.jpg)
dco$on@co$oncpa.com 66
WinterSeminar19January2017
FLASH UPDATE—GAO
GAO recently published A Framework for Managing Fraud Risks in Federal Programs Available at: http://www.gao.gov/products/GAO-15-593SP
![Page 69: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/69.jpg)
dco$on@co$oncpa.com 67
WinterSeminar19January2017
Costs versus Benefits????
This sounds like a lot of work … It IS a comprehensive process if done correctly But, there are benefits • You WILL learn things about your organization that you did not
know • Your employees WILL feel empowered, involved, committed to
enhancing operations, and dedicated to improved accountability • You WILL reduce your risk due to fraud
If we were to ask organizations that have been victims of fraud, what do you think THEY would say?
What Does FRM Mean for External Auditors?
External auditors are required to assess fraud risk Audits are risk-based: higher risk = more audit work needed = higher audit fees If you tell your auditors that you have implemented rigorous fraud risk management processes, their assessment of fraud risk should go down …
![Page 70: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/70.jpg)
dco$on@co$oncpa.com 68
WinterSeminar19January2017
Prediction:
Auditing standards will be revised to REQUIRE auditors to evaluate and test management’s fraud risk management system and processes Similar to the existing requirement that auditors must evaluate and test management’s system of internal control
Not Quite Sure You Need to Implement a Fraud Risk Management Program in Your Organization?
$ I will send you the 5 Scorecards or you can download them at (http://www.cottoncpa.com/outreach/thought-leadership/)
$ Print them and get some red, yellow, and green dots (at Office Depot or Staples)
$ Self-assess at your next senior staff or governing board meeting (45-60 minutes)
$ See how much RED there is in your organization … $ Then decide …
136
![Page 71: Fraud Risk Management & COSO: Past, Present & Future · Fraud Risk Management & COSO: Past, Present & Future ... , indirect cost rate, ... from Lehigh University in Bethlehem ...](https://reader034.fdocuments.net/reader034/viewer/2022050804/5b1cd7007f8b9a16788b8f1a/html5/thumbnails/71.jpg)
dco$on@co$oncpa.com 69
WinterSeminar19January2017
Concluding Comments
Fraud is not a subject that any organization wants to deal with, but the reality is most organizations experience fraud to some degree. Dealing with fraud can be constructive, and forward-thinking, and can position an organization in a leadership role within its industry or business segment. Strong, effective, and well-run organizations exist because management takes proactive steps to anticipate issues before they occur and to take action to prevent undesired results. Implementation of this guide should help establish a climate where positive and constructive steps are taken to protect employees and ensure a positive culture. The dynamics of any organization require an ongoing reassessment of fraud exposures and responses in light of the changing environment the organization encounters.
137
Fraud Risk Management & COSO: Past, Present & Future
Dave Cotton, CPA, CFE, CGFM Cotton & Company, LLP
Alexandria, Virginia [email protected]
WinterSeminar19January2017