Presentation on theme: "1 Fraud Risk Assessment Chapter 14. 2 Describe the factors that influence an organization’s vulnerability to fraud. Explain the difference between preventive."— Presentation transcript:
1 Fraud Risk Assessment Chapter 14
2 Describe the factors that influence an organization’s vulnerability to fraud. Explain the difference between preventive and detective controls. Understand the objective of a fraud risk assessment. Discuss why organizations should conduct fraud risk assessments. Understand the characteristics of a good fraud risk assessment. Describe considerations for developing an effective fraud risk assessment. Learning Objectives
3 List actions that should be taken to prepare a company for a fraud risk assessment. Understand the steps involved in conducting a fraud risk assessment and how to apply a framework to them. Describe approaches to responding to an organization’s residual fraud risks. Name important considerations when reporting the results of a fraud risk assessment. List actions management should take using the results of a fraud risk assessment. Explain how a fraud risk assessment can inform and influence the audit process. Learning Objectives
4 What Is Fraud Risk? Vulnerability an organization has to overcoming the interrelated elements that enable someone to commit fraud. Fraud triangle –Non-sharable financial need –Opportunity –Ability to rationalize
5 Why Be Concerned About Fraud Risk? No organization is immune. Awareness of weaknesses is one key to establishing mechanisms to reduce risk. Risks can be internal or external.
6 Factors That Influence Fraud Risk Nature of the business Operating environment Effectiveness of internal controls Ethics and values of the company and the people within it
7 What Is a Fraud Risk Assessment? Fraud risk assessment: A process aimed at proactively identifying and addressing an organization’s vulnerabilities to internal and external fraud. Objective—To help an organization recognize what makes it most vulnerable to fraud so that it can take proactive measures to reduce its exposure.
8 Why Should Organizations Conduct Fraud Risk Assessments? Improve communication about and awareness of fraud Identify what activities are the most vulnerable to fraud Know who puts the organization at the greatest risk of fraud Develop plans to mitigate fraud risk Develop techniques to determine if fraud has occurred in high-risk areas
9 Why Should Organizations Conduct Fraud Risk Assessments? (Cont’d) Assess internal controls: –Controls eliminated during restructuring –Controls eroded over time –Lack of controls in a vulnerable area –Nonperformance of control procedures –Inherent limitations of controls Comply with regulations and professional standards: –PCAOB Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements
10 What Makes a Good Fraud Risk Assessment? Collaborative effort of management and auditors The right sponsor Independence and objectivity of the people leading and conducting the work A good working knowledge of the business Access to people at all levels of the organization Engendered trust The ability to think the unthinkable A plan to keep it alive and relevant
11 Considerations for Developing an Effective Fraud Risk Assessment Packaging it right –Tailor the communication approach to the organization. –Be mindful of terminology used. One size does not fit all –Adapt the framework to the business model, culture, and language of the organization. Keeping it simple –Focus on areas that are most at risk for fraud.
12 Preparing the Company for the Fraud Risk Assessment Assembling the right team –Accounting and finance personnel –Personnel who have knowledge of day-to-day operations –Risk management personnel –General counsel or other members of the legal department –Members of ethics or compliance functions –Internal auditors –External consultants with fraud and risk expertise
13 Preparing the Company for the Fraud Risk Assessment (Cont’d) Determining the best techniques to use –Interviews –Focus groups –Surveys –Anonymous feedback mechanisms Obtaining the sponsor’s agreement on the work to be performed –Scope –Methods –Participants –Form of output Educating the organization and openly promoting the process
14 Executing the Fraud Risk Assessment Identifying potential inherent fraud risks –Incentives, pressures, and opportunities to commit fraud Position Incentives Performance pressures Weak internal controls Highly complex business transactions Collusion opportunities –Risk of management’s override of controls Management knows the controls and standard operating procedures in place to prevent fraud Knowledge of controls can be used to conceal fraud
15 Executing the Fraud Risk Assessment (Cont’d) Identifying potential inherent fraud risks (cont’d) –Population of fraud risks Fraudulent financial reporting Asset misappropriation Collusion opportunities –Regulatory and legal misconduct –Reputation risk –Risk to information technology
16 Executing the Fraud Risk Assessment (Cont’d) Assessing the likelihood of occurrence of identified fraud risks –Past instances of a particular fraud –Prevalence of fraud in the industry –Internal control environment –Available resources –Support of management –Ethical standards –Transaction volume –Complexity of the fraud risk –Unexplained losses –Complaints by customers or vendors
17 Executing the Fraud Risk Assessment (Cont’d) Assessing the significance of the fraud risks to the organization –Financial statement and monetary significance –Financial condition of the organization –Value of the threatened assets –Criticality of the threatened assets –Revenue generated by the threatened assets –Significance to the organization’s operations, brand value, and reputation –Criminal, civil, and regulatory liabilities
18 Executing the Fraud Risk Assessment (Cont’d) Evaluating which people and departments are most likely to commit fraud and identifying the methods they are likely to use Identifying and mapping existing preventive and detective controls to the relevant fraud –Preventive controls –Detective controls
19 Executing the Fraud Risk Assessment (Cont’d) Evaluating whether the identified controls are operating effectively and efficiently –Review accounting policies and procedures. –Consider risk of management’s override of controls. –Interview management and employees. –Observe control activities. –Perform sample testing of controls compliance. –Review previous audit reports. –Review previous reports on fraud incidents, shrinkage, and unexplained shortages.
20 Executing the Fraud Risk Assessment (Cont’d) Identifying and evaluating residual fraud risks resulting from ineffective or nonexistent controls –Lack of appropriate prevention and detection controls –Noncompliance with established prevention and control measures
21 Addressing the Identified Fraud Risks Establishing an acceptable level of risk Responding to residual fraud risks –Avoid the risk –Transfer the risk –Mitigate the risk –Assume the risk –Combination approach
22 Reporting the Results Report objective—not subject—results. Keep it simple. Focus on what really matters. Identify actions that are clear and measurable.
23 Making an Impact Begin a dialog across the company to promote awareness, education, and action planning. Look for fraud in high-risk areas. Hold responsible parties accountable for progress. Keep the assessment alive and relevant.
24 Fraud Risk Assessment and the Audit Process Auditors should validate that the organization is managing the moderate-to-high fraud risks. –Evaluate whether controls are operating effectively and efficiently. –Identify whether there is a moderate-to-high risk of management override of internal controls. –Develop and deliver reports that incorporate the results of validation and testing of controls.