07 General Anti Fraud Controls

8/10/2019 07 General Anti Fraud Controls

http://slidepdf.com/reader/full/07-general-anti-fraud-controls 1/17

© 2014 Association of Certified Fraud Examiners, Inc.

Fraud Risk Management

General Anti-Fraud Controls (Entity-Level)



2 of 18© 2014 Association of Certified Fraud Examiners, Inc.

Discussion Questions

1) Does your organization have controls in place

that have been effective at controlling fraud risks

that might be helpful at other organizations?

2) Can you think of any internal controls that canserve to both prevent and detect fraudulent

activity?




Learning Objectives

Define internal control .

Identify the different types of controls.

Understand how to implement entity-wide

controls designed to prevent fraud.

Understand how to implement entity-wide

controls designed to detect fraud.




COSO Definition of Internal Control

A process, effected by an entity’s board ofdirectors, management, and other personnel,

designed to provide reasonable assurance

regarding the achievement of objectives relating

to operations, reporting, and compliance.




Objectives of Internal Control

Operations objectives: the effectiveness andefficiency of the organization’s operations

Reporting objectives: the reporting of financial

and nonfinancial information to internal andexternal parties

Compliance objectives: the organization’s

adherence to the laws and the regulations to

which it is subject




Types of Internal Controls

Preventive vs. detective controls

Entity-level vs. process- or transaction-level

controls




COSO In ternal Con tro l —

In tegrated Framewo rk

Control environment

Risk assessment

Control activities Information and communication

Monitoring




Control Environment

Sets the moral tone and provides foundation forall other control components

Principles:

• Commitment to integrity and ethical values• Independent board that oversees development and

performance of internal control

• Appropriate structures, reporting lines, and

authorities and responsibilities• Commitment to attract, develop, and retain

competent individuals

• Accountability for internal control responsibilities




Risk Assessment

Dynamic and iterative process that forms thebasis for determining how risks will be managed

Principles:

• Set sufficiently clear objectives to enable theidentification and assessment of risks

• Identify and analyze risks to the achievement of

objectives across the entity

• Consider potential for fraud in assessing risks to theachievement of objectives

• Identify and assess changes that could significantly

impact the system of internal control




Control Activities

Policies and procedures that enforcemanagement’s directives

Principles:

• Select and develop control activities that mitigaterisks to acceptable levels

• Select and develop general control activities over

technology

• Deploy control activities through policies thatestablish what is expected and procedures that put

policies into action




Information and Communication

The exchange of information in a way thatallows employees to carry out their

responsibilities and achieve objectives

Principles:• Obtain/generate and use relevant, quality information

to support the functioning of controls

• Internally communicate information, including

objectives and responsibilities, necessary to supportthe functioning of internal control

• Communicate with external parties regarding matters

affecting the functioning of internal control




Monitoring

The process that assesses the effectiveness of

the control system over time

Principles:

• Select, develop, and perform ongoing and separateevaluations to ascertain whether the components of

internal control are present and functioning

• Evaluate and communicate control deficiencies in a

timely manner to those parties responsible for takingcorrective action




Fraud Preventive Controls

Code of conduct, ethics policy, anti-fraud policy

Employee education

The perception of detection

Organizational structure

Independent board of directors/audit committee





Tone at the top

Zero-tolerance stance

Internal audit function

Hiring practices and promotion procedures

• Background checks





Proper assignment of authority and

responsibility

Minimizing employee pressures

• Fair personnel policies and procedures

• Reasonable performance goals

• Open-door policies

• Employee support programs




Fraud Detective Controls

Reporting mechanisms and whistleblower

programs

• Rewards for whistleblowers

Proactive audit policies• Increased use of analytical review

• Fraud assessment questioning

• Surprise audits where possible




Fraud Detective Controls

Feedback mechanism

Mandatory vacation and job

rotation policies (where

possible)

Documents

07 General Anti Fraud Controls