FRAUD-RELATED INTERNAL CONTROLS

Transcription

1 GLOBAL HEADQUARTERS THE GREGOR BUILDING 716 WEST AVE AUSTIN, TX USA

2 TABLE OF CONTENTS I. THE NEED FOR INTERNAL CONTROLS Example... 1 Threats to an Organization s Internal Control Environment... 2 Why Threats Are Increasing... 4 How Internal Controls Curb Threats... 5 Overview of Internal Controls... 5 Types of Internal Controls... 6 Internal Control Requirements Under Anti-Corruption Laws... 8 The Sarbanes-Oxley Act... 9 Public Company Accounting Oversight Board... 9 Rules for Auditors Roles for Audit Committees Rules for Management Management Assessment of Internal Controls Requirement Powers Granted to the SEC Criminal Penalties Foreign Public Accounting Firms Whistleblower Protection Consideration by Appropriate State Regulatory Authorities Internal Control Over Financial Reporting Management s Assessment of Internal Control Management s Report on Internal Control PCAOB Auditing Standard No PCAOB Auditing Standard No AU Standard AU Standard Summary Review Questions II. THE COSO INTERNAL CONTROL INTEGRATED FRAMEWORK Understanding the Framework Achievement of Objectives A Process Affected by People Reasonable Assurance Adaptability to Entity Structure Objectives Operations Objectives Reporting Objectives Compliance Objectives Components and Principles of Internal Control Control Environment Component Risk Assessment Component Control Activities Component Transaction Types Examples of Authorization Functions i

3 II. THE COSO INTERNAL CONTROL INTEGRATED FRAMEWORK (CONT.) Information and Communication Component Monitoring Activities Component Limitations of Internal Controls Preconditions of Internal Control Judgment External Events Breakdowns Management Override Collusion Outsource Service Providers Interactions with External Parties Smaller Entities Challenges Cost-Effective Internal Controls Summary Case Illustration: Springer s Northwest Lumber & Supply Case Conclusion Review Questions III. COMPUTER-BASED CONTROLS: GENERAL CONTROLS Developing a Security Plan Segregation of Duties Within the System Project Development Controls Physical Access Controls Logical Access Controls Passwords Physical Possession Identification Biometric Identification Compatibility Tests Data Transmission Controls Data Encryption (Cryptography) Routing Verification Procedures Parity Message Acknowledgment Techniques Data Transmission Controls for EDI and EFT Protect Telephone Lines Documentation Standards Minimizing System Downtime Disaster Recovery Plans Priorities for the Recovery Process Backup Data and Program Files Specific Assignments Complete Documentation Backup Computer and Telecommunications Facilities Protection of Desktop Personal Computers and Client/Server Networks Protection of Laptops and Mobile Devices Cybercrime ii

4 III. COMPUTER-BASED CONTROLS: GENERAL CONTROLS (CONT.) Internet Controls Prosecution of Computer Fraud Perpetrators Improving Fraud Detection Methods Conduct Frequent Audits Set Up a Fraud Hotline Use Computer Consultants Monitor System Activities Use Certified Fraud Examiners and Forensic Accountants Use Fraud Detection Software Utilize Human Resources Summary Integrative Case: Seattle Paper Products (SPP) Case Conclusion Review Questions IV. COMPUTER-BASED CONTROLS: APPLICATION CONTROLS Introduction Input Processor Computer Instructions Data Output Source Data Controls Input Validation Routines Online Data Entry Controls Program Development, Acquisition, and Modification Controls Data Storage Controls Data Processing and File Maintenance Controls Processing Test Data Concurrent Audit Techniques Analysis of Program Logic Computer Audit Software Output Controls Application Controls: An Online Processing Example Data Entry File Updating Preparing and Distributing Output Application Controls: A Batch Processing Example Integrative Case: Northwest Industries Case Conclusion Computer Audit Software Integrative Case: Seattle Paper Products Case Conclusion Review Questions V. FRAUD SCHEMES: ASSET MISAPPROPRIATION Fraud Scheme Classifications Cash Receipts (Skimming) Fraud iii

5 V. FRAUD SCHEMES: ASSET MISAPPROPRIATION (CONT.) Unrecorded Sales Stealing Mail Receipts Understated Sales and Receivables Theft of Cash Theft of Cash from the Register Theft of Cash from a Deposit Theft and Misuse of Assets Other Than Cash Review Questions VI. FRAUD SCHEMES: DISBURSEMENT FRAUD Introduction Disbursement Fraud Schemes Register Disbursement Fraud Payroll Fraud Expense Reimbursement Fraud False Billing Fraud Review Questions VII. FRAUD SCHEMES: CHECK TAMPERING Introduction Check Tampering Schemes Forged Maker and Concealed Check Schemes Authorized Maker Schemes Intercepted Check Schemes Review Questions VIII. FRAUD SCHEMES: CORRUPTION Introduction Bribery, Economic Extortion, and Illegal Gratuities Kickback Schemes Bid-Rigging Schemes Conflict of Interest Commit Conceal and Convert Catch Control Review Questions IX. FINANCIAL STATEMENT FRAUD Introduction Categories of Fraudulent Financial Statement Fraud Fictitious Revenues Timing Differences Concealed Liabilities and Expenses Improper Disclosures Improper Asset Valuation Concealment of Fraudulent Financial Statement Fraud iv

6 IX. FINANCIAL STATEMENT FRAUD (CONT.) Conversion Process in Financial Statement Frauds Catching Financial Statement Fraud Controlling Fraudulent Financial Reporting Fraud Financial Statement Analysis Techniques Interviewing Company Personnel Interviewing Techniques Interview Questions Conclusion Review Questions X. PRACTICAL PROBLEMS Practical Problem Practical Problem Practical Problem Practical Problem Practical Problem Practical Problem XI. SOLUTIONS TO REVIEW QUESTIONS I. The Need for Internal Controls II. The COSO Internal Control Model III. Computer-Based Controls: General Controls IV. Computer-Based Controls: Application Controls VI. Fraud Schemes: Disbursement Fraud VII. Fraud Schemes: Check Tampering VIII. Fraud Schemes: Corruption IX. Financial Statement Fraud XII. SOLUTIONS TO PRACTICAL PROBLEMS Practical Problem Practical Problem Practical Problem Practical Problem Practical Problem Practical Problem XIII. FINAL EXAMINATION... E-1 XIV. INDEX... I-1 v