Fraud & Internal Control

Frank M. Klaus, CPA

Fraud Definition

Fraud is the misappropriation of assets for the benefit of an individual.

“Willful misrepresentation by one person of a fact inflicting damage on another person.”

“Any act involving the use of deception to obtain an illegal advantage.” ISACA

Fraud in operations.

Association of Certified Fraud Examiners

2006 Report to the Nation on Occupational Fraud and Abuse

The median government and not-for-profit frauds were around $100,000.

SAS No. 55 “Fraud is an intentional act the results in a

material misstatement in financial statements that are the subject of an audit.”

SAS No. 82 “Consideration of Fraud in a Financial

Statement Audit”

Adopted in 1997

Purpose: To clarify the auditor’s responsibility to detect fraud.

Revised as SAS No. 99

SAS No. 99 Effective December 2002

Same title as SAS No,. 82

Time period of:

Post Enron

SOX 2002

SAS No. 99 (Continued) Issued in response to the past ineffectiveness

of risk assessment process during audit.

Requires auditor to gauge the exposure of the entity to the risk of fraud.

“Brainstorming” requirement.

What does fraud include? Fraud includes:

Balance Sheet Misstatement

Theft of Assets

The Fraud Triangle

The three elements required for FRAUD:

The three side of the FRAUD triangle. 1. Opportunity

2. Rationalization

3. Pressure

Internal Control Issues The importance of good policies and

procedures.

Communicate

Publish

Update

Segregation of Duties

The importance of “segregation of duties” to the internal control process.

Yellow Book The role of the “Yellow Book” in the internal

control process.

The role of the government auditor.

The importance of review and approval by supervisors.

Yellow Book Update Government Auditing Standards

GAGAS: Generally Accepted Government Auditing Standards

Provides a framework for conducting high quality audits with competence, integrity, objectivity, and independence.

2007 Yellow Book Current Edition

Superseded by the 2011 Yellow Book

2011 Yellow Book Effective for financial audits and attestation

engagements for periods ending on or after December 15, 2012,

And for performance audits beginning on or after December 15, 2011.

Early implementation is not permitted.

Resources Electronic version of document available.

GAO’s Yellow Book Web Page

http://www.gao.gov/yellowbook

Not subject to copyright protection.

The Role of the Client. The client has a responsibility to:

Cooperate with the auditor

Keep the auditor informed of status updates.

Participate in activities such as

Flowcharting

Narratives

The Client Conference The final conference is in addition

communication during the audit process.

Client sign-off at the conclusion of the audit.

Who should attend the final conference?

Follow-up, if required.

Timing

Management’s Responsibility Set the Proper Tone at the Top of the

Organization.

Develop and implement policies and procedures.

Communicate importance and seriousness of issue.

Management’s Responsibility (Cont’d) Demonstrate by actions

Not just lip service

Importance of ATTITUDE.

COSO Framework Committee of Sponsoring Organizations

AAA AICPA IIA IMA FEI

COSO Formed by Treadway Commission to develop a

framework in which organizations could understand and improve their internal controls.

In 1992 issued Internal Control—Integrated Framework

Congress mandated controls reporting for public companies in 1992.

COSO Update

2006: Internal Controls over Financial Reporting—Guidance for Smaller Public Companies

2007: New auditing standards provide further support for the COSO Standards.

Five Components of COSO 1. Control environment

Sets the overall controls tone of an organization.

Foundation for all other components of internal control.

Five Components of COSO 2. Risk Assessment

Entity’s identification and analysis of risks in the achievement of its objectives.

Risks should be identified and managed.

Five Components of COSO 3. Information and Communication

Relates to the systems and reports that enable management and employees to carry out their objectives.

Five Components of COSO 4. Control Activities

Processes, Policies, and Procedures

Help ensure that management directives are carried out.

Consist of controls over the process.

Five Components of COSO 5. Monitoring

Process that oversees internal control performance.

COBIT

Published by the IT Governance Institute.

COBIT: Control Objectives for Information and related Technologies

Provides good practices across a domain and process framework and presents activities in a manageable and logical structure.

Business Orientation of COBIT

The business orientation of COBIT consists of linking business goals to IT goals.

Management Information

Dashboard Scorecard Benchmarking

Common Fraud Risk Areas

Sales and Cash Receipts

Purchasing and Cash Disbursements

Payroll

Equipment, Inventory and Anything Not Bolted Down

Antifraud Controls & Programs 1. Culture

Tone at the Top Workplace Environment Hiring & Promotion Training Disciplinary Action

Antifraud Controls & Programs 2, Evaluating Antifraud Processes and

Controls ID Risk Mitigate Risks Implement Controls Monitor Controls

Antifraud Controls & Programs 3. Oversight

Audit Committee Inspector General Internal Auditor Independent External Auditor Certified Fraud Examiner

Antifraud Controls & Programs 4. Miscellaneous

AICPA ISACA ACFE International Standards of Auditing

Conclusion 1. Fraud can occur in any organization.

2. Management must set the tone at the top.

3. Everyone should be cognizant of the organization’s internal control policies and procedures.

4. Policies and procedures must be monitored and enforced.

Final Thought

“The best fraud is no fraud.”

Contact Information Frank M. Klaus, CPA Cleveland State University Department of Accounting 2121 Euclid Avenue Cleveland, OH 44115

F.Klaus@csuohio.edu