fraud risk management · 2020-02-24 · cash disbursement fraud check for duplicates or multiple...
TRANSCRIPT
© 2020 Association of Certified Fraud Examiners, Inc.
Fraud Risk Management
Specific Anti-Fraud Controls
(Process or Transaction Level)
© 2020 Association of Certified Fraud Examiners, Inc.
Discussion Questions
1. Does your organization have adequate staffing
to enforce separation of duties? Are there
departments or functions within your
organization where some incompatible duties
could be better segregated to decrease the risk
of fraud?
© 2020 Association of Certified Fraud Examiners, Inc.
Discussion Questions
2. Identify one or two of your organization’s most
significant fraud risks. Look over the controls
identified in this section to address those risks.
a. Are there any controls listed that your organization
has not implemented? Are there controls your
organization has implemented to address this risk
that are not included on the list?
© 2020 Association of Certified Fraud Examiners, Inc.
Discussion Questions
2. Identify one or two of your organization’s most
significant fraud risks. Look over the controls
identified in this section to address those risks.
b. Using the table in your workbook, complete a fraud
risk assessment for the two risks identified in step
2a. For each risk, identify, classify, and assess the
operating effectiveness of four internal controls,
then arrive at a residual risk rating and risk
response.
© 2020 Association of Certified Fraud Examiners, Inc.
Identified
Fraud
Risks and
Schemes
Personnel/
Departments
Involved
Likelihood
(1, 2, or 3)
Impact
(1, 2, or
3)
Internal
Control
No.
Internal
Control
Description
(P)
Preventive or
(D) Detective
Control
Describe
Testing/
Monitoring of
Control
Control
Effectiveness
(1, 2, or 3)
Residual Risk
Rating
(Low, Moderate,
High)
Fraud
Risk
Response
© 2020 Association of Certified Fraud Examiners, Inc.
Learning Objective
▪ Understand how to design and implement
internal controls to address the risk of specific
fraud schemes.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Financial Statement Fraud
▪ Anchor in effective oversight of management.
▪ Gain a solid understanding of the business.
▪ Maintain an appropriate level of skepticism.
▪ Consider incentives, pressures, and
rationalizations to commit fraud.
▪ Explore fraud risk scenarios.
▪ Assess the financial reporting culture.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Financial Statement Fraud
▪ Review transactions subsequent to the balance
sheet date.
▪ Internal audit focus.
▪ Review capitalization policies.
▪ Analyze compliance with loan covenants.
▪ Look for anomalies in inventory documentation.
▪ Review procedures for accounting estimates.
▪ Review journal entries.
▪ Review changes in accounting policies and
practices.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Theft of Incoming Cash
▪ Separate recordkeeping duties.
▪ Post signs offering a discount to customers who
do not receive a receipt.
▪ Use management oversight or video cameras to
safeguard cash-handling areas.
▪ Perform surprise cash counts.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Theft of Incoming Cash
▪ Use pre-numbered forms for sales receipts and
sales returns.
▪ Require management approval for voids and
refunds.
▪ Place a restrictive endorsement on checks upon
receipt.
▪ Deposit cash daily and itemize deposit slips.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Theft of Incoming Cash
▪ Place cash funds in a time-lock safe.
▪ Do not keep excessive cash on hand.
▪ Use cash registers that have adequate security
features.
▪ Maintain separate register drawers for each
cashier.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Accounts Receivable Fraud
▪ Separate recordkeeping duties.
▪ Set guidelines and procedures for opening mail.
▪ Use multi-part deposit slips.
▪ Install video cameras in the mail room and other
vulnerable areas.
▪ Use a lockbox system for cash receipts.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Accounts Receivable Fraud
▪ Require supervisory approval for:
• Changes to A/R master file
• Write-offs and discounts
• All accounts to be sent to a collection agency
▪ Scan journal entries for illogical debits to A/R.
▪ Monitor A/R for an unusual number of write-offs,
debits, or overdue accounts.
▪ Monitor employee activities.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Inventory Fraud
▪ Maintain effective physical security.
▪ Install video cameras in vulnerable areas.
▪ Implement access controls over computerized
inventory and accounting systems.
▪ Perform surprise counts of inventory.
▪ Use pre-numbered sales and inventory forms.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Inventory Fraud
▪ Require approval for:
• Adjustments to inventory records
• Scrap sales
• Sales returns
▪ Test for unusual inventory shrinkage.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Fixed Assets Fraud
▪ Create and communicate a policy on personal
use of company fixed assets.
▪ Attach identification tags to fixed assets and
track them in an up-to-date list.
▪ Secure the perimeter of the business.
▪ Use pre-numbered and multi-part requisitions,
purchase orders, and receiving documents.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Fixed Assets Fraud
▪ Require authorization for purchases,
improvements, and retirements, and for
additions to and deletions from fixed asset
accounts.
▪ Change access codes and locks when
employees are terminated.
▪ Perform a periodic fixed asset inventory count,
and reconcile it to the fixed asset subledger.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Investment Fraud
▪ Hold securities in the organization’s name.
▪ Keep securities in a safe deposit box under dual
control.
▪ Maintain a current list of all investments held by
the organization, including a record of expected
income payments.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Investment Fraud
▪ Require high-level authorization for investment
transactions.
▪ Require approval for write-downs.
▪ Implement separation of duties.
▪ Maintain access controls over investment
accounts and related software.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Accounts Payable and
Cash Disbursement Fraud
▪ Separate duties and functions.
▪ Use physical and software controls to restrict
access to A/P and disbursements systems.
▪ Restrict access to vendor master file and flag
any changes made.
▪ Maintain an approved vendor list independently
of the purchasing department.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Accounts Payable and
Cash Disbursement Fraud
▪ Check for duplicates or multiple payments to
the same vendor in one day.
▪ Require proper authorization of all transactions.
▪ Pay only from original invoices, not statements.
▪ Require matching of invoices to purchase
orders and receiving reports prior to payment.
▪ Make all disbursements via check or wire.
▪ Severely restrict the use of manual checks.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Accounts Payable and
Cash Disbursement Fraud
▪ Use positive pay or reverse positive pay.
▪ Request bank notification if a duplicate debit is
pending posting.
▪ Require dual approval when a new vendor is
set up for electronic payment.
▪ Require dual signatures for payment amounts
over an established threshold.
▪ Never sign blank checks.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Payroll Fraud
▪ Separate duties and functions.
▪ Use an imprest payroll bank account.
▪ Encourage the use of direct deposit.
▪ Keep signed paychecks in a secure location.
▪ Log and secure unclaimed paychecks.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Payroll Fraud
▪ Require employees to provide identification to
collect paycheck or stub.
▪ Match the payroll against personnel files.
▪ Have supervisors verify time worked.
▪ Require advanced authorization for overtime
and paid time off.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Expense
Reimbursement Fraud
▪ Have a clear policy stating:
• Types of reimbursable expenses
• Reimbursement limits
• Required time frame for submitting expense reports
▪ Require original receipts for all expense
reimbursements.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Expense
Reimbursement Fraud
▪ Require detailed expense reports:
• Explanation, including specific business purpose
• Time and date
• Location
• Amount of the expense
• Supervisor’s review and approval
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Fraud Related to Borrowing
▪ Require that the board
of directors approves
all debt transactions.
▪ Separate duties in
financing activities.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Equity Fraud
▪ Separate duties in equity transactions.
▪ Require that the board of directors approves all
dividends and stock sales.
▪ Use pre-numbered stock certificates.
▪ Announce dividend rates to shareholders
before the checks are issued.
▪ Safeguard unissued shares of stock.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Corruption
▪ The controls that
address payables and
disbursements fraud
can also be effective
in preventing and
detecting corruption
schemes.
© 2020 Association of Certified Fraud Examiners, Inc.
ISO 37001
▪ Communicate anti-bribery policy and program.
▪ Appoint compliance manager.
▪ Provide anti-bribery training and guidance.
▪ Perform bribery risk assessment, including third
parties.
▪ Ensure that controlled organizations and third
parties implement controls.
© 2020 Association of Certified Fraud Examiners, Inc.
ISO 37001
▪ Verify that personnel will comply with the policy
and program.
▪ Control benefits provided to individuals and
third parties.
▪ Implement financial, procurement, and other
controls.
▪ Implement whistleblower procedures and
investigate suspected bribery.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Conflicts of Interest
▪ Ensure that a strong ethics policy is in place.
▪ Detection of conflicts of interest is quite difficult;
focus should be on prevention through ethical
climate.
▪ Conduct occasional staff interviews, and have a
reporting mechanism available.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Fraud by Vendors
▪ Enforce an exhaustive process for approving
new vendors.
▪ Issue internal conflict of interest questionnaires,
and address any potential conflicts.
▪ Count inventory as it is delivered.
▪ Perform vendor compliance audits.
▪ Carefully review and approve invoices prior to
payment.
© 2020 Association of Certified Fraud Examiners, Inc.
Controls for Data Security Breaches
▪ Access restriction
and review
▪ Firewalls
▪ Physical control
over equipment
▪ Monitoring of
access attempts
and successes