How JCPenney is Managing Corporate Risk
John Polarinakis, Audit Director Dave Miller, Senior Audit Manager
What is JCPenney doing? Ethics Program Internal Audit Function Anti-Fraud Programs Enterprise-Wide Hotline
On-line Ethics Statement A letter from our Chairman The purpose of the Statement of Business Ethics Our responsibility as an employee A great work environment Our duty to the Company
An Effective Ethics Program Communication with Employees Communications with Suppliers Employee Training The Use of Criminal Background Checks The Role of the Legal and Ethics Compliance Committee Measuring our Performance – how effective are the programs
How does Internal Audit support the Company’s corporate governance initiatives?
Perform an Annual Risk Assessment Risk rank each audit area Discuss with management Allocate resources Allow for flexibility
Fashion Triangle for Internal Auditing
Anti-Fraud Programs Fraud Risk Assessment Fraud Awareness Program Continuous Auditing and Monitoring Enterprise-Wide Hotline
Objectives of Fraud Risk Assessment Evaluated the adequacy of select controls to mitigate fraud risks Reviewed the oversight processes to prevent and detect fraudulent activity Identified additional anti-fraud control enhancements
Benefits of Fraud Risk Assessment Interaction with management Increasing management’s fraud awareness
Business Process Owner Fraud Schemes/Scenarios Fraud Risk Matrix Business Process Owner Fraud Schemes/Scenarios Controls Monitoring Stores Theft of merchandise Store access is secured and alarmed when not receiving merchandise or during “off” hours. Hotline established for use by employees to report theft issues. Written procedures related to physical security, shoplifting, and internal employee theft. The following areas monitor these activities: Store, District and Regional Management Store, District, Regional and Home Office Loss Prevention Internal Auditing
Increasing Fraud Awareness Established multi-department task force to oversee Conducting awareness and ethics presentations Red Flags of Fraud poster Senior Management presentations to Audit Committee
Continuous Auditing Continuous Monitoring
Monitoring Retail Store Operations Short cash expense Bad check expense Purchase card expense POS information
Anti-Fraud Continuous Auditing Matching vendor and employee name, address and telephone number Identifying duplicate vendor invoices Identifying duplicate expenses – travel
Establishing an Enterprise-Wide Hotline Required as part of SOX 301 and 806 Means of anonymous communication for employees and vendors Establishing Awareness programs No Retaliation Policy communication
Benefits of Outsourced Program Online database of all call activity Automatic notification of call activity Available 24/7 Multi-lingual service Experienced operators Call monitoring
Steps to Take Communicate what is expected of employees Provide a safe mechanism to report concerns Zero Tolerance for fraud
Questions?