© copyright 2012 pearson education. all rights reserved. chapter 10 fraud & internal control...

© Copyright 2012 Pearson Education. All Rights Reserved.

Chapter 10Chapter 10Fraud & Internal ControlFraud & Internal Control

ACCOUNTING INFORMATION SYSTEMSACCOUNTING INFORMATION SYSTEMSThe Crossroads of Accounting & ITThe Crossroads of Accounting & IT

Why Does Fraud Occur?

Top two reasons given for why executive fraud occurs:

1. Pressure to meet goals: 81%

2. Personal gain: 72%


Fraud: What Will I Tell my MOM?


Sarbanes-Oxley Act of 2002

Section 404. Management Assessment of Internal Controls. The public accounting firm that audits the financial statements of the company must issue an attestation report regarding the effectiveness of the company’s internal control.

Section 302. Corporate Responsibility for Financial Reports. Section 302 requires the chief executive officer and chief financial officer to certify in each annual or quarterly report that the signing officer reviewed the report and that the report does not contain any untrue or omission of material fact that make the statements misleading.


Sarbanes-Oxley Act of 2002

Section 806. Protection for Employees of Publicly Traded Companies Who Provide Evidence of Fraud. Known as Whistleblower Protection for Employees of Publicly Traded Companies. Section 806 provides for protection against retaliation for employees, such as company accountants, who provide information in fraud cases of publicly traded companies.

Section 906. Corporate Responsibility for Financial Reports. Section 906 requires corporate management to certify reports filed with the SEC, such as the annual 10-K and quarterly 10-Q. Provides for criminal penalties of up to $5 million or 20 years imprisonment.


Audit & Internal Control

Types of Audits:

Audit of internal control: tests of controls to obtain evidence that internal control over financial reporting has operated effectively.

Audit of financial statements: tests of controls to assess control risk. Substantive procedures collect evidence regarding accuracy, completeness, and validity of data produced by the accounting system.

IT audit: tests of IT to understand how IT affects internal control over financial reporting. PCAOB expects auditors to understand how IT affects the audit and integrate IT into the audit.

Integrated audit: required by Auditing Standard No. 5, integrates the audit of internal control with the audit of financial statements.


Controls Over Financial Reporting

Preventive controls: The objective of preventive controls is to prevent errors or fraud that could result in a misstatement of the financial statements.

Detective controls: The objective of detective controls is to detect errors or fraud that has occurred and that could result in a misstatement of the financial statements.

Corrective controls: The objective of corrective controls is to remedy problems that have occurred by identifying the cause, correcting the resulting errors and modifying the system to prevent future problems of this sort.


Effective System of Internal Controls

An effective system of internal controls should exist in all organizations to:

•Help them achieve their missions and goals.

•Minimize surprises.


COBITControl Objectives for Information & Related

Technology


Enterprise Goals Drive IT GoalsCOBIT IT Related Goals

Alignment of IT and business strategy

Compliance with external laws and regulations

Managed IT related business risk

Realized benefits from IT investments, while being transparent about those investments and related risks

IT services are in-line with business requirements, and enable and support the business processes through the use of IT

IT investments deliver benefits on-time and on-budget

IT assets, processing and information are secure

Reliable and useful information for decision-making is available where and when needed


IT Controls


Purchasing Cycle: Application Control Objectives


Sales Cycle: Application Control Objectives


Payroll Cycle: Application Control Objectives


Banking/Cash: Application Control Objectives


Financial Cycle: Application Control Objectives


Reporting Control Objectives


Managing the Risk of FraudFive principles for establishing an environment to effectively manage

fraud risk:

Principle 1: Fraud Risk Governance. There should be a written policy to convey the expectation of the board of directors and top management regarding managing fraud risk.

Principle 2: Fraud Risk Assessment. Fraud risk exposure should be assessed periodically to identify potential events the organization should mitigate.

Principle 3: Fraud Prevention. Prevention techniques should be established to avoid fraud risk events and mitigate impact on the organization.

Principle 4: Fraud Detection. Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized.

Principle 5: Fraud Investigation and Corrective Action. A reporting process should be in place to solicit input on potential fraud. Take corrective action including identify the cause, correct the resulting errors and modify the system to prevent future similar problems.


How Do I Document Control HotSpots?

1.Build a DFD.

2.Identify risks.

3.Document controls.

4.Document control HotSpots.


Step 1: Build DFD


Documenting Process Risks

1.Customer Identify-

• Customer is not authenticated prior to logging-in

2.Items Ordered-

• Incorrect or incomplete item number is entered

• Items ordered are out-of-stock or no longer available for purchase

3.Customer Credit-

• Orders are processed for customers who are not credit-worthy

4.Order Information-

• Sales order and sales order line totals don’t reconcile

• Customer returns item(s) for a refund© Copyright 2012 Pearson Education. All Rights Reserved.

Step 2: Document Controls


Step 3: Document Control HotSpots


© copyright 2012 pearson education. all rights reserved. chapter 10 fraud & internal control...

Documents