Fraud & Internal Control Frank M. Klaus, CPA

Fraud Definition  Fraud is the misappropriation of assets for the benefit of an individual.  “Willful misrepresentation by one person of a fact inflicting damage on another person.”  “Any act involving the use of deception to obtain an illegal advantage.” ISACA

Fraud in operations.  Association of Certified Fraud Examiners  2006 Report to the Nation on Occupational Fraud and Abuse  The median government and not-for-profit frauds were around $100,000.

SAS No. 55  “Fraud is an intentional act the results in a material misstatement in financial statements that are the subject of an audit.”

SAS No. 82  “Consideration of Fraud in a Financial Statement Audit”  Adopted in 1997  Purpose: To clarify the auditor’s responsibility to detect fraud.  Revised as SAS No. 99

SAS No. 99  Effective December 2002  Same title as SAS No,. 82  Time period of:  Post Enron  SOX 2002

SAS No. 99 (Continued)  Issued in response to the past ineffectiveness of risk assessment process during audit.  Requires auditor to gauge the exposure of the entity to the risk of fraud.  “Brainstorming” requirement.

What does fraud include?  Fraud includes:  Balance Sheet Misstatement  Theft of Assets

The Fraud Triangle  The three elements required for FRAUD:

The three side of the FRAUD triangle.  1. Opportunity  2. Rationalization  3. Pressure

Internal Control Issues  The importance of good policies and procedures.  Communicate  Publish  Update

Segregation of Duties  The importance of “segregation of duties” to the internal control process.

Yellow Book  The role of the “Yellow Book” in the internal control process.  The role of the government auditor.  The importance of review and approval by supervisors.

Yellow Book Update  Government Auditing Standards  GAGAS: Generally Accepted Government Auditing Standards  Provides a framework for conducting high quality audits with competence, integrity, objectivity, and independence.

2007 Yellow Book  Current Edition  Superseded by the 2011 Yellow Book

2011 Yellow Book  Effective for financial audits and attestation engagements for periods ending on or after December 15, 2012,  And for performance audits beginning on or after December 15,  Early implementation is not permitted.

Resources  Electronic version of document available.  GAO’s Yellow Book Web Page   Not subject to copyright protection.

The Role of the Client.  The client has a responsibility to:  Cooperate with the auditor  Keep the auditor informed of status updates.  Participate in activities such as  Flowcharting  Narratives

The Client Conference  The final conference is in addition communication during the audit process.  Client sign-off at the conclusion of the audit.  Who should attend the final conference?  Follow-up, if required.  Timing

Management’s Responsibility  Set the Proper Tone at the Top of the Organization.  Develop and implement policies and procedures.  Communicate importance and seriousness of issue.

Management’s Responsibility (Cont’d)  Demonstrate by actions  Not just lip service  Importance of ATTITUDE.

COSO Framework  Committee of Sponsoring Organizations  AAA  AICPA  IIA  IMA  FEI

COSO  Formed by Treadway Commission to develop a framework in which organizations could understand and improve their internal controls.  In 1992 issued Internal Control—Integrated Framework  Congress mandated controls reporting for public companies in 1992.

COSO Update  2006: Internal Controls over Financial Reporting— Guidance for Smaller Public Companies  2007: New auditing standards provide further support for the COSO Standards.

Five Components of COSO  1. Control environment  Sets the overall controls tone of an organization.  Foundation for all other components of internal control.

Five Components of COSO  2. Risk Assessment  Entity’s identification and analysis of risks in the achievement of its objectives.  Risks should be identified and managed.

Five Components of COSO  3. Information and Communication  Relates to the systems and reports that enable management and employees to carry out their objectives.

Five Components of COSO  4. Control Activities  Processes, Policies, and Procedures  Help ensure that management directives are carried out.  Consist of controls over the process.

Five Components of COSO  5. Monitoring  Process that oversees internal control performance.

COBIT  Published by the IT Governance Institute.  COBIT: Control Objectives for Information and related Technologies  Provides good practices across a domain and process framework and presents activities in a manageable and logical structure.

Business Orientation of COBIT  The business orientation of COBIT consists of linking business goals to IT goals.  Management Information  Dashboard  Scorecard  Benchmarking

Common Fraud Risk Areas  Sales and Cash Receipts  Purchasing and Cash Disbursements  Payroll  Equipment, Inventory and Anything Not Bolted Down

Antifraud Controls & Programs  1. Culture  Tone at the Top  Workplace Environment  Hiring & Promotion  Training  Disciplinary Action

Antifraud Controls & Programs  2, Evaluating Antifraud Processes and Controls  ID Risk  Mitigate Risks  Implement Controls  Monitor Controls

Antifraud Controls & Programs  3. Oversight  Audit Committee  Inspector General  Internal Auditor  Independent External Auditor  Certified Fraud Examiner

Antifraud Controls & Programs  4. Miscellaneous  AICPA  ISACA  ACFE  International Standards of Auditing

Conclusion  1. Fraud can occur in any organization.  2. Management must set the tone at the top.  3. Everyone should be cognizant of the organization’s internal control policies and procedures.  4. Policies and procedures must be monitored and enforced.

Final Thought  “The best fraud is no fraud.”

Contact Information  Frank M. Klaus, CPA  Cleveland State University  Department of Accounting  2121 Euclid Avenue  Cleveland, OH 