DOC

Applying The Five COSO Elements for an Effective Antifraud Program

By Troy Hart,2014-03-08 22:07
9 views 0
Applying The Five COSO Elements for an Effective Antifraud Program

    Applying The Five COSO Elements for an Effective Antifraud Program

1) Control Environment

    A strong control environment based on a culture of honesty and high ethics is critical 1to a successful antifraud programs and controls.

    Control environment elements pertaining to antifraud programs and controls include: ; Codes of Conduct/Ethics

    ; Ethics Hotline/Whistleblower Program

    ; Integrity Diligence In Hiring and Promotion

    ; Board and Audit Committee Oversight Of Management’s Antifraud Efforts

    ; A Standard Investigative Process

    ; Remediation of Identified Fraud

Applying The COSO Framework to Your Antifraud Efforts

    ; What is the “tone at the top”?

    ; Do employees understand the requirements of the code of conduct? ; What diligence does the organization perform prior to hiring and promoting

    employees to positions of trust?

    ; What diligence is conducted of strategic third parties (consultants, vendors,

    joint venture parties, customers)?

    ; Is the Audit Committee active or passive regarding issues involving fraud and

    reputation risk?

    ; Does the organization have a standard investigative process? ; What is the organization’s track record for understanding control failures and

    preventing re-occurrence when fraud and misconduct are identified?

2) Fraud Risk Assessment

    Fraud and reputation-risk assessments are the cornerstones of an antifraud program that anticipates, rather than reacts to, fraud and misconduct. An effective fraud and reputation-risk assessment will identify previously unidentified risks and strengthen the ability of the organization to prevent and detect fraud and misconduct before they emerge into a corporate scandal. A fraud and reputation-risk assessment, moreover, should identify cost-savings opportunities far in excess of the costs of the assessment.

    Fraud risk assessment expands upon traditional risk assessment. It is scheme and scenario based rather than based on control risk or inherent risk. The assessment considers the various ways that fraud and misconduct can occur by and against the company. Fraud risk assessment also considers vulnerability to management override and potential schemes to circumvent existing control activities, which may require additional compensating control activities.

See a Fraud Risk Assessment Process

Applying The Five COSO Elements for an Effective Antifraud Program

Applying The COSO Framework to Your Antifraud Efforts

    ; What is management’s process for assessing fraud risk?

    ; How is it documented?

    ; How often does management assess fraud risk?

    ; Is fraud risk considered when there is a major change in the business? ; What categories of fraud risk are considered?

    ; How deep within the organization is the fraud risk assessment conducted? ; What levels of likelihood and significance are considered?

3) Control Activities

    Once the fraud risk assessment has taken place, the organization should identify the control activities implemented to mitigate the identified fraud risk. In the context of an antifraud management program, control activities are those actions taken by management to identify, prevent and mitigate fraudulent financial reporting or misuse of an organization’s assets. Antifraud control activities should occur

    throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, segregation of duties, reviews of operating performance and security of assets.

    Internal audit should expect to tie 70% to 80% of identified fraud risks to existing control activities such as approvals, authorisations, verifications, reconciliations,

    Applying The Five COSO Elements for an Effective Antifraud Program

    segregation of duties, reviews of operating performance and security of assets. Anticipate, conversely, that the fraud and reputation-risk assessment will reveal that no control activities exist to mitigate 20% to 30% of the identified risks. Also anticipate that internal audit will be asked to develop potential controls to address risks lacking control coverage.

    PCAOB Auditing Standards requires the independent auditor to evaluate whether the organization’s documentation provides reasonable support of management’s assessment of controls to prevent and detect fraud, including who performs the controls and related segregation of duties. The standards further require that the independent auditor evaluate and test the design and operating effectiveness of all controls specifically intended to address the risks of fraud that have at least a reasonably possible likelihood of having a material effect on the company's financial statements.

    The independent auditor cannot conduct this evaluation, if management does not provide adequate documentation linking control activities to identified fraud risks. Inadequate documentation may result in a finding of a significant deficiency, or worse, issuance of a qualified or adverse opinion.

    Management also needs to evaluate and test the design and operating effectiveness of controls intended to prevent and detect fraud, as the organization cannot reply upon the independent auditor’s assessment. PCAOB auditing standards define the process for evaluating and testing controls. While the process for evaluating antifraud controls is similar to that for testing other control activities, it differs in one important manner: in evaluating antifraud controls, you also need to address the possibility that management might seek to circumvent or override controls intended to prevent or detect fraud.

Applying The COSO Framework to Your Antifraud Efforts

    ; What control activities exist to mitigate identified fraud risk? ; How well are those control activities documented?

    ; How does management test and evaluate the effectiveness of the control

    activities?

4) Information and Communication

    Effective communication is critical to ensuring the success of antifraud programs and policies. Antifraud policies must be stated clearly. This information must be communicated to employees effectively. An assessment of the antifraud program must consider whether the content of its policies is appropriate, timely, current and properly disseminated.

Applying The COSO Framework to Your Antifraud Efforts

    ; What training is provided regarding fraud and misconduct?

    ; Are employees required to certify that they have read the Code of Ethics and

    reported any and all unethical activity?

5) Monitoring

    A company’s antifraud controls, programs and policies must be subjected to ongoing and periodic performance assessments. The frequency of these assessments is a matter of management’s judgment. In determining the frequency consideration should be given to the following: the nature and degree of changes occurring, the competence and experience of the individuals implementing the controls, and the results of ongoing monitoring.

    Applying The Five COSO Elements for an Effective Antifraud Program

Applying The COSO Framework to Your Antifraud Efforts

    ; Does management use information technology to spot indicators of fraud and

    misconduct?

    ; Does Internal Audit consider fraud risk in planning its internal audit cycle? ; Does Internal Audit include (or have access to) professionals with experience

    in prevention, detection, investigation and remediation of fraud? ; Are all foreign operations and joint ventures subject to internal audit? ; How does Internal Audit conduct fraud audits?

Report this document

For any questions or suggestions please email
cust-service@docsford.com