Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internal Controls THE ROLE OF INTERNAL CONTROLS IN THE PREVENTION AND DETECTION OF FRAUD Presented by Mark Dauberman, CPA, EMBA.

Published byJulianna Chambers Modified over 6 years ago

Similar presentations

Presentation on theme: "Internal Controls THE ROLE OF INTERNAL CONTROLS IN THE PREVENTION AND DETECTION OF FRAUD Presented by Mark Dauberman, CPA, EMBA."— Presentation transcript:

1 Internal Controls THE ROLE OF INTERNAL CONTROLS IN THE PREVENTION AND DETECTION OF FRAUD Presented by Mark Dauberman, CPA, EMBA

2 “Fraud Is Committed by Desperate Individuals”
4/21/2018 “Fraud Is Committed by Desperate Individuals” Joseph T Wells, CPA, CFE Founder & Chairman of ACFE Capitalize “Is”

3 How Fraud is Committed – The Nature of Fraud
Misappropriation of assets Financial statement fraud Corruption schemes

4 Misappropriation of Assets
Theft of cash Theft of cash on hand Theft of cash receipts Fraudulent disbursements Misappropriation of inventory and other assets Larceny Misuse

5 Theft of Cash Receipts Larceny Skimming Sales Receivables
Refunds and other

6 Fraudulent Disbursements
Billing schemes Payroll schemes Expense reimbursement schemes Check tampering Register disbursements

7 Financial Statement Fraud
Overstatements of net income and net worth Understatements of net income and net worth

8 Overstatements of Net Income and Net Worth
Timing differences Fictitious revenues Concealed liabilities and expenses Improper asset valuations Improper disclosures

9 Understatements of Net Income and Net Worth
Timing differences Understated revenues Overstated liabilities and expenses Improper asset valuations Improper disclosures

10 Corruption Schemes Conflicts of interest Bribery Illegal gratuities
Economic extortion

11 Examples A T & T – Misuse of Assets
Foster Foods – Expense reimbursement scheme Agassiz – Check tampering A Major National Superstore – Inventory theft

12 A T & T – Misuse of Assets – The Headlines
May 9, 2013 – AT&T Pays FCC $18.25 Million to Settle IP Relay Fraud Claims November 7, 2013 – AT & T Pays Another $3.5 Million to Settle IP Relay Fraud Claims

13 The Fraud Overbilled U.S. Government Fund intended to help hearing and speech impaired customers - 80% of calls billed were ineligible - “It was common knowledge among AT&T communication assistants that many callers were from Nigeria and other foreign countries and that these callers used the system to defraud U.S. merchants by ordering goods with stolen credit cards and counterfeit checks.”

14 What Was (Were) the Fraud(s)?
April 21, 2018 What Was (Were) the Fraud(s)? Overbilling Did AT & T know? Should they have known? If so, is ignorance fraud? Allowing fraudulent use of service Should employees have blown the whistle? Should AT & T have known? Is AT & T responsible? (c) Mark Dauberman, CPA

15 Detection Who should be able to detect? Management Overbilled agency
How would it be detected? Knowledge Converted into expectations

16 Prevention Who committed the fraud? Communication assistants
Knew of fraud Should not have allowed Management

17 Prevention How to prevent: Take away the reason
Take away the opportunity Take away the ability to rationalize

18 Case 2 Expense Reimbursement
“When Petty Cash Isn’t Petty” Fraud Casebook – Lessons from the Bad Side of Business Edited by Joseph T. Wells, ACFE, Published by Wiley Chapter 21, Karen Frey, PhD, CPA If graphics person can do so in an attractive way, you can unify these slides by putting “Case 1” somewhere like in a corner – follow the pattern with the three cases.

19 The Company Foster Foods
Founded in 1953 by brothers Arthur & Louis Very successful selling jam made from family farm’s unsold fruit Changed strategy to research and development of dried fruit products Grew and transformed too rapidly and filed for Chapter 11 protection Used petty cash for expenditures as vendors were not accepting company checks or credit Typographical suggestion – minimize “The Company” and maximize “Foster Foods” – puts emphasis where it belongs. Graphics person should be able to do something to unify these elements.

20 The Perpetrator Jeri Hansen
Responsible for petty cash accounting and reconciliation and accounts payable 15-year employee with positive reputation Insisted on complete and accurate documentation Anticipated and fulfilled officer’s information needs Understood and provided types of documents and summaries needed by auditors “It would be a lot easier if I just get that for you” Rarely took time off

21 System Exploited Petty Cash Payments
Cash for estimated expenses given to drivers before trips Receipts and remaining cash returned by drivers after trip Voucher with receipts attached and remaining cash placed in petty cash drawer Cash reimbursed when low or drawer full of vouchers Jeri prepared reimbursement envelope with petty cash vouchers inside and summary on outside stating total reimbursement, payees, dates paid, and accounting distribution Controller reviewed contents and approved reimbursement Treasurer provided reimbursement check to Jeri to cash at the bank

22 The Fraud Methodology Invoices paid both by check and through petty cash Incorrect totals on vouchers Incorrect amounts transferred from vouchers to summary Receipts duplicated and submitted more than once Photocopies of receipts submitted as originals Amounts on receipts altered Vouchers issued without supporting receipts Payments made for credits or where invoice indicated that no amount was due Original and “corrected” invoices submitted for payment

23 Discovery CFO seeking information during Jeri’s vacation Repercussions
Not suspicious, but noticed petty cash disbursement to supplier normally paid by check Initiated investigation Repercussions Losses of $100,000 uncovered Jeri convicted Restitution ordered and partially paid Required to serve part of 24-month sentence in county jail

24 Lessons Learned Segregation of duties Supervision Control activities
Ensure that reimbursement procedures are followed Review analysis of fuel consumption Control activities – made all of these start with verbs in all three cases

25 Case 3 Check Tampering “A Taxing Problem”
Fraud Casebook – Lessons from the Bad Side of Business Edited by Joseph T. Wells, ACFE, Published by Wiley Chapter 11, Andrew Kautz, CFE

26 The Company Agassiz Midsize construction company involved in road and commercial building construction Family-type work environment with employees trusted and participating in success of company Expanded over years without making investment in internal controls Weak in accounting Lack of segregation Responsibility without oversight

27 The Perpetrator Angela Bauer
No high school diploma but GED and a few community college bookkeeping and business courses Willing to work, charming, and appeared to be capable and loyal employee Worked for company for more than 10 years Moved up from clerk to accounts payable Responsible for payments to vendors No check-signing authority Also responsible for bank reconciliation

28 The Fraud Tax Payments Prepared check requests for tax payments
Altered payee to be negotiable to Angela Bauer or her husband Some checks written to bank credited to Bauer’s benefit

29 Discovery After Angela had left company, government auditor performing normal review of books Identified two checks to agency, knew agency had only received one Found cancelled check written to bank instead of government Initiated investigation Repercussions Losses of $570,000 uncovered Angela liable for full amount of fraud and husband liable for portion

30 Lessons Learned Segregation of duties Control activities
Angela responsible for both issuing checks and reconciling bank account so she could perpetrate fraud and cover tracks Control activities Reassess controls on a regular basis Trust employees, but create basic safeguards

31 Case 4 Inventory “Price Check on Register One”
Fraud Casebook – Lessons from the Bad Side of Business Edited by Joseph T. Wells, ACFE, Published by Wiley Chapter 27, Dwight Taylor, CFE, DRE

32 The Company Major National Superstore
Very control conscious State-of-the-art surveillance system

33 The Perpetrators Holly Harmon
Married woman unable to make ends meet living in small town in Iowa Moved with husband to Des Moines for higher paying jobs Lacked specialized skills and had criminal record Obtained job as cashier at large national superstore

34 The Perpetrators Family & Friends
Clifton Harmon, husband Shelly North, Holly’s sister Divorced with 3 children Unable to work, dependent on government assistance Cathy Lester, one of Holly’s best friends Divorced with 2 children Working as office assistant and unable to make ends meet Amelia Leach, Holly’s friend Arrested for forgery at age 20 In and out of jail and marriage

35 The Fraud Cash Register Receipt Theft
Placed UPC codes for inexpensive items on more expensive merchandise Rang up merchandise at lower amounts on sales to accomplices Refunded items without return of merchandise Sold suitcases and other bags and containers full of merchandise

36 Discovery After Holly left company, manager performed routine review of activity of former employee Video tapes showed sales of items that did not appear on cash register tapes Video showed customer being allowed to retain merchandise after transaction was voided Initiated investigation upon reviewing tapes Clifton confessed upon interview Holly and Amelia received 10-year prison sentences and were ordered to pay restitution Approximately $12,000 in merchandise recovered

37 Lessons Learned Background checks Control activities
Should be routine for employees handling valuables such as cash or merchandise Would prevent hiring of people like Holly who have criminal records Control activities Create system that flags unusual activity such as a large number of voided transactions Perform regular, random reviews of cash register logs Make employees aware of monitoring as a deterrent

38 Identifying Control Deficiencies Understand Existing Core Systems
Initiation Authorization Execution Recording Verification

39 Identifying Control Deficiencies Document Understanding of Existing Core Systems
Documentation Narrative Flow of Transactions, Verified Throughout Flow Charts Documentation & Segregation of Duties

40 Identifying Control Deficiencies Identify Control Activities
Identify accounts affected by system Evaluate actions within system Determine control activity when action supports assertion Indicate assertion supported

41 Internal Control System Evaluation Matrix
B C D E F G H I J K L M N O P Q R S Sales Accounts Receivable Control Activity Occurrence Completeness Accuracy Cutoff Classification Existence Rights & Obligations Valuation & Allocation Error Fraud PD I used the abbreviated version that was in the text – You can explain how it would be added to, or prepare a slide with a complete version. Or, get rid of the title and move it up so that you can have the abbreviated version and then the longer one.

42 Identifying Control Deficiencies Evaluate Control Deficiencies
Review control activities by assertion What could go wrong? Type of issue Component of process Applicable assertion Nature of issue Error Fraud

43 Identifying Control Deficiencies Determine Appropriate Risk Response
Basis for decision Likelihood of loss Magnitude of loss Alternative responses Acceptance Rejection Sharing Mitigation

44 Limitations of Internal Controls
Design Implementation Subject Matter

45 Develop Preventive Internal Controls Create Management Reports
Create management reports that identify signs of possible fraud Abnormal relationships among accounts Sales & accounts receivable Sales & cost of sales Cost of sales & inventory Inventory & accounts payable Interest & average debt Accrued or prepaid expenses & monthly “burn” Anomalies or pattern changes Customer performance Employee behavior

46 Conventional controls
Develop Preventive Internal Controls Controls with Potential to Prevent Fraud Conventional controls Performance indicators Information processing controls Physical controls Segregation of duties “Holistic” controls Acceptance of reality Universal involvement Rewards over punishment

47 Understanding Internal Control
COSO Framework

48 Internal Control Components, Principles, and Factors
Control Environment Standards, processes, and structures providing basis for carrying out internal control Established by board of directors and management Importance of internal controls Expected standards of conduct Integrity and ethical values of organization Organizational structure and assignment of authority and responsibility Process for attracting, developing, and retaining competent individuals Accountability for performance

49 Principles Related to the Control Environment
- The organization demonstrates commitment to integrity and ethical values - The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. - Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. - The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. - The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.

50 Factors indicating that the organization demonstrates commitment to integrity and ethical values
- Sets the tone at the top – The board of directors and management at all levels of the entity demonstrate through their directives, actions, and behavior the importance of integrity and ethical values to support the functioning of the system of internal control. - Establishes Standards of Conduct—The expectations of the board of directors and senior management concerning integrity and ethical values are defined in the entity's standards of conduct and understood at all levels of the organization and by outsourced service providers and business partners. - Evaluates Adherence to Standards of Conduct—Processes are in place to evaluate the performance of individuals and teams against the entity's expected standards of conduct. competent individuals in alignment with objectives. - Addresses Deviations in a Timely Manner—Deviations from the entity's expected standards of conduct are identified and remedied in a timely and consistent manner..

51 Factors indicating that the board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. - Establishes Oversight Responsibilities—The board of directors identifies and accepts its oversight responsibilities in relation to established requirements and expectations. - Applies Relevant Expertise—The board of directors defines, maintains, and periodically evaluates the skills and expertise needed among its members to enable them to ask probing questions of senior management and take com­mensurate actions. - Operates Independently—The board of directors has sufficient members who are independent from management and objective in evaluations and decision-making.

52 - Provides Oversight for the System of Internal Control—The board of directors retains oversight responsibility for management's design, implementation, and conduct of internal control: Control Environment—Establishing integrity and ethical values, oversight. Risk Assessment—Overseeing management's assessment of risks to the achievement of objectives, including the potential impact of significant changes, fraud, and management override of internal control. Control Activities—Providing oversight to senior management in the development and performance of control activities. Information and Communication—Analyzing and discussing information relating to the entity's achievement of objectives. Monitoring Activities—Assessing and overseeing the nature and scope of monitoring activities and management's evaluation and remediation of deficiencies. 

53 Factors indicating that management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. - Considers All Structures of the Entity—Management and the board of direc­tors consider the multiple structures used (including operating units, legal entities, geographic distribution, and outsourced service providers) to support the achievement of objectives. - Establishes Reporting Lines—Management designs and evaluates lines of reporting for each entity structure to enable execution of authorities and responsibilities and flow of information to manage the activities of the entity.

54 - Defines, Assigns, and Limits Authorities and Responsibilities— Management and the board of directors delegate authority, define responsibilities, and use appropriate processes and technology to assign responsibility and segregate duties as necessary at the various levels of the organization: Board of Directors—Retains authority over significant decisions and reviews management's assignments and limitations of authorities and responsibilities Senior Management—Establishes directives, guidance, and control to enable management and other personnel to understand and carry out their internal control responsibilities. Management—Guides and facilitates the execution of senior management directives within the entity and its subunits. Personnel—Understands the entity's standard of conduct, assessed risks to objectives, and the related control activities at their respective levels of the entity, the expected information and communication flow, and monitoring activities relevant to their achievement of objectives. Outsourced Service Providers—Adheres to management's definition of the scope of authority and responsibility for all non-employees engaged

55 Factors indicating that the organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. - Establishes Policies and Practices—Policies and practices reflect expectations of competence necessary to support the achievement of objectives. - Evaluates Competence and Addresses Shortcomings—The - board of directors and management evaluate competence across the organization and in outsourced service providers in relation to established policies and practices, and act as necessary to address shortcomings. - Attracts, Develops, and Retains Individuals—The organization provides the mentoring and training needed to attract, develop, and retain sufficient and competent personnel and outsourced service providers to support the achievement of objectives. - Plans and Prepares for Succession—Senior management and the board of directors develop contingency plans for assignments of responsibility important for internal control.

56 Factors indicating that the organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. - Enforces Accountability through Structures, Authorities, and Responsibilities—Management and the board of directors establish the mechanisms to communicate and hold individuals accountable for performance of internal control responsibilities across the organization and implement corrective action as necessary. - Establishes Performance Measures, Incentives, and Rewards— Management and the board of directors establish performance measures, incentives, and other rewards appropriate for responsibilities at all levels of the entity, reflecting appropriate dimensions of performance and expected standards of conduct, and considering the achievement of both short-term and longer-term objectives.

57 - Evaluates Performance Measures, Incentives, and Rewards for Ongoing Relevance—Management and the board of directors align incentives and rewards with the fulfillment of internal control responsibilities in the achievement of objectives.  - Considers Excessive Pressures—Management and the board of directors evaluate and adjust pressures associated with the achievement of objectives as they assign responsibilities, develop performance measures, and evaluate performance. - Evaluates Performance and Rewards or Disciplines Individuals— Management and the board of directors evaluate performance of internal control responsibilities, including adherence to standards of conduct and expected levels of competence and provide rewards or exercise disciplinary action as appropriate.

58 Risk Assessment Dynamic and iterative process to identify and assess risks from external and internal sources Risks to achievement of objectives considered in relation to entity’s risk tolerances Tied to establishment of objectives related to operations, reporting, and compliance Considers changes to external and internal environment affecting internal control

59 Principles of Risk Assessment
The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. The organization considers the potential for fraud in assessing risks to the achievement of objectives. The organization identifies and assesses changes that could significantly impact the system of internal control.

60 Factors indicating that the organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives - Reflects Management’s Choices – Operations objectives reflect management’s choices about structure, industry considerations, and performance of the entity. - Considers Tolerances for Risk – Management considers the acceptable levels of variation relative to the achievement of operations objectives. - Includes Operations and Financial Performance Goals – The organization reflects the desired level of operations and financial performance for the entity within operations objectives. - Forms a Basis for Committing of Resources – Management uses operations objectives as a basis for allocating resources needed to attain desired operations and financial performance.

61 Factors indicating that the organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. - Includes Entity, Subsidiary, Division, Operating Unit, and Functional Levels – The organization identifies and assesses risks at the entity, subsidiary, division, operating unit, and functional levels relevant to the achievement of objectives. - Analyzes Internal and External Factors – Risk identification considers both internal and external factors and their impact on the achievement of objectives. - Involves Appropriate Levels of Management – The organization puts into place effective risk assessment mechanisms that involve appropriate levels of management. - Estimates Significance of Risks Identified – Identified risks are analyzed through a process that includes estimating the potential significance of the risk. - Determines How to Respond to Risks – Risk assessment includes considering how the risk should be managed and whether to accept, avoid, reduce, or share the risk.

62 Factors indicating that the organization considers the potential for fraud in assessing risks to the achievement of objectives. - Considers Various Types of Fraud – The assessment of fraud considers fraudulent reporting, possible loss of assets, and corruption resulting from the various ways that fraud and misconduct can occur. - Assesses Incentives and Pressures – The assessment of fraud risk considers incentives and pressures. - Assesses Opportunities – The assessment of fraud risk considers opportunities for unauthorized acquisition, use, or disposal of assets, altering of the entity’s reporting records, or committing other inappropriate acts. - Assesses Attitudes and Rationalizations – The assessment of fraud risk considers how management and other personnel might engage in or justify inappropriate actions.

63 Factors indicating that the organization identifies and assesses changes that could significantly impact the system of internal control. - Assesses Changes in the External Environment – The risk identification process considers changes to the regulatory, economic, and physical environment in which the entity operates. - Assesses Changes in the Business Model – The organization considers the potential impacts of new business lines, dramatically altered compositions of existing business lines, acquired or divested business operations on the system of internal control, rapid growth, changing reliance on foreign geographies, and new technologies. - Assesses Changes in Leadership – The organization considers changes in management and respective attitudes and philosophies on the system of internal control.

64 Control Activities Policies and procedures designed to ensure that management’s directives are followed Performed at all levels of entity May be preventive or detective May involve manual and authorizations and approvals, verifications, reconciliations, and performance reviews Should incorporate segregation of duties, where possible, or alternatives when not achievable

65 Principles of Control Activities
The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. The organization selects and develops general control activities over technology to support the achievement of objectives. The organization deploys control activities through policies that establish what is expected and procedures that put policies into action.

66 Factors indicating that the organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. - Integrates with Risk Assessment – Control activities help ensure that risk responses that address and mitigate risks are carried out. - Considers Entity-Specific Factors – Management considers how the environment, complexity, nature, and scope of its operations, as well as the specific characteristics of the organization, affect the selection and development of control activities. - Determines Relevant Business Processes – Management determines which relevant business processes require control activities. - Evaluates a Mix of Control Activity Types – Control activities include a range and variety of controls and may include a balance of approacht5es to mitigate risks, considering both manual and automated controls, and preventive and detective controls. - Considers at What Level Activities Are Applied – Management considers control activities at various levels in the entity. - Addresses Segregation of Duties – Management segregates incompatible duties, and where such segregation is not practical managemernt selects and develops alternative control activities.

67 Factors indicating that the organization selects and develops general control activities over technology to support the achievement of objectives. - Determines Dependency between the Use of Technology in Business Processes and Technology General Controls – Management understands and determines the dependency and linkage between business processes, automated control activities, and technology general controls. - Establishes Relevant Technology Infrastructure Control Activities – Management selects and develops control activities over the technology infrastructure, which are designed and implemented to help ensure the completeness, accuracy, and availability of technology processing. - Establishes Relevant Security Management Process Control Activities – Management selects and develops control activities that are designed and implemented to restrict technology access rights to authorized users commensurate with their job responsibilities and to protect the entity’s assets from external threats. - Establishes Relevant Technology Acquisition, Development, and Maintenance Process Control Activities – Management selects and develops control activities over the acquisition, development, and maintenance of technology and its infrastructure to achieve management’s objectives.

68 Factors indicating that the organization deploys control activities through policies that establish what is expected and procedures that put policies into effect. - Establishes Policies and Procedures to Support Deployment of Management’s Directives – Management establishes control activities that are built into business processes and employees’ day-to-day activities through policies establishing what is expected ands relevant procedures specifying actions. - Establishes Responsibility and Accountability for Executing Policies and Procedures – Management establishes responsibility and accountability for control activities with management (or other designated personnel) of the business unit or function in which the relevant risks reside. - Performs in a Timely Manner – Responsible personnel perform control activities in a timely manner as defined by the policies and procedures. - Takes Corrective Action – Responsible personnel investigate and act on matters identified as a result of executing control activities. - Performs Using Competent Personnel – Competent personnel with sufficient authority perform control activities with diligence and continuing focus. - Reassesses Policies and Procedures – Management periodically reviews control activities to determine their continued relevance, and refreshes them when necessary.

69 Information and Communication
Necessary for entity to carry out internal control responsibilities Provides management high quality information from internal and external sources relevant to support functioning of internal control Continual iterative process for providing, sharing, and obtaining appropriate information Disseminates information up, down, and across the entity Provides clear message from management as to importance of internal control Incorporates obtaining relevant information from, and providing it to, external sources

70 Principles of Information and Communication
The organization obtains or generates and uses relevant, quality information to support the functioning of other components of internal control. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control. The organization communicates with external parties regarding matters affecting the functioning of other components of internal control.

71 Factors indicating that the organization obtains or generates and uses relevant, quality information to support the functioning of other components of internal control. - Identifies Information Requirements – A process is in place to identify the information required and expected to support the functioning of the other components of internal control and the achievement of the entity’s objectives. - Captures Internal and External Sources of Data – Information systems capture internal and external sources of data. - Processes Relevant Data Into Information – Information systems process and transform relevant data into information. - Maintains Quality throughout Processing – Information systems produce information that is timely, current, accurate, complete, accessible, protected, and verifiable and retained. Information is reviewed to assess its relevance in supporting the internal control components. - Considers Costs and Benefits – The nature, quantity, and precision of information communicated are commensurate with and support the achievement of objectives.

72 Factors indicating that the organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the function of other components of internal control. - Communicates Internal Control Information – A process is in place to communicate required information to enable all personnel to understand and carry out their internal control responsibilities. - Communicates with the Board of Directors – Communication exists between management and the board of directors so that both have information needed to fulfill their roles with respect to the entity’s objectives. - Provides Separate Communication Lines – Separate communication channels, such as whistle-blower hotlines, are in place and serve as fail-safe mechanisms to enable anonymous or confidential communication when normal channels are inoperative or ineffective. - Selects Relevant Method of Communication – The method of communication considers the timing, audience, and nature of the information.

73 Factors indicating that the organization communicates with external parties regarding matters affecting the functioning of other components of internal control. - Communication to External Parties – Processes are in place to conmmunicate relevant and timely information to external parties including shareholders, partners, owners, regulators, customers, and financial analysts and other external parties. - Enables Inbound Communication – Open communication channels allow input from customers, consumers, suppliers, external auditors, regulators, financial analysts, and others, providing management and the board of directors with relevant information. - Communicates with the Board of Directors – Relevant information resulting from assessments conducted by external parties is communicated to the board of directors. - Provides Separate Communication Lines – Separate communication channels, such as whistle-blower hotlines, are in place and serve as fail-safe mechanisms to enable anonymous or confidential communication when normal channels are inoperative or ineffective. - Selects Relevant Method of Communication – The method of communication considers the timing, audience, and nature of the communication and legal, regulatory, and fiduciary requirements and expectations.

74 Monitoring Activities
Evaluations to determine if controls are present and functioning Ongoing evaluations built into business processes providing timely information Separate evaluations conducted periodically Findings evaluated against established criteria with deficiencies communicated to management and the board of directors, as appropriate

75 Principles of Monitoring Activities
The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.

76 Factors indicating that the organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. - Considers a Mix of Ongoing and Separate Evaluations– Management includes a balance of ongoing and separate evaluations. - Considers Rate of Change – Management considers the rate of change in business and business processes when selecting and developing ongoing and separate evaluations. - Establishes Baseline Understanding – The design and current state of an internal control system are used to establish a baseline for ongoing and separate evaluations. - Uses Knowledgeable Personnel – Evaluators performing ongoing and separate evaluations have sufficient knowledge to understand what is being evaluated. - Integrates with Business Processes – Ongoing evaluations are built into the business processes and adjust to changing conditions. - Adjusts Scope and Frequency – Management varies the scope and frequency of separate evaluations depending on risk. - Objectively Evaluates – Separate evaluations are perrformed periodically to provide objective feedback.

77 Factors indicating that the organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. - Assesses Results – Management and the board of directors, as appropriate, assess results of ongoing and separate evaluations. - Communicates Deficiencies – Deficiencies are communicated to parties responsible for taking corrective action and to senior management and the board of directors, as appropriate. - Monitors Corrective Actions – Management tracks whether deficienciers are remediated on a timely basis.

Download ppt "Internal Controls THE ROLE OF INTERNAL CONTROLS IN THE PREVENTION AND DETECTION OF FRAUD Presented by Mark Dauberman, CPA, EMBA."

Similar presentations

Internal Control–Integrated Framework

Internal Control–Integrated Framework
1 Fraud Prevention and Deterrence Pam Peters, CFE Office of Internal Audit.

1 Fraud Prevention and Deterrence Pam Peters, CFE Office of Internal Audit.
The Islamic University of Gaza

The Islamic University of Gaza
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Internal Control Over Governmental Financial Reporting Presented by Israel Gomez, CPA, Partner Marc Grace, CPA, Manager.

Internal Control Over Governmental Financial Reporting Presented by Israel Gomez, CPA, Partner Marc Grace, CPA, Manager.
Review of Introduction to Auditing

Review of Introduction to Auditing
Copyright © 2007 Prentice-Hall. All rights reserved 1 Internal Control & Cash Chapter 8.

Copyright © 2007 Prentice-Hall. All rights reserved 1 Internal Control & Cash Chapter 8.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Purpose of the Standards

Purpose of the Standards
Presented By: Donna Denker, CPA Donna Denker & Associates.

Presented By: Donna Denker, CPA Donna Denker & Associates.
Nature of an Integrated Audit

Nature of an Integrated Audit
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.
Chapter 9: Introduction to Internal Control Systems

Chapter 9: Introduction to Internal Control Systems
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 3-1 Chapter Three Risk Assessment and Materiality Chapter Three.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 3-1 Chapter Three Risk Assessment and Materiality Chapter Three.
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Introduction to Internal Control Systems

Introduction to Internal Control Systems
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING

Similar presentations

Ads by Google