Fraud Risk Checklist - filecache.drivetheweb.com

1 Fraud Risk Checklist : A Guide for Assessing the Risk of Internal Fraud Fraud Risk Checklist : A Guide for Assessing the Risk of Internal Fraud Gary A. Rubin Director of Finance Accretive Health, Inc. the source for financial solutions 200 Campus Drive Box 674. Florham Park, New Jersey 07932-0674. an affiliate of financial executives international Fraud Risk Checklist : A Guide for Assessing the Risk of Internal Fraud TABLE OF CONTENTS. Purpose 1. Introduction 1. Sources and Acknowledgements 3. Identifying potential risk factors for misstatements arising from fraudulent financial reporting 4.

2 Items No. 1 to 48. Identifying potential risk factors for misappropriation of assets 14. Items No. 1 to 15. About the Author and Financial Executives Research Foundation, Inc. 16. Fraud Risk Checklist : A Guide for Assessing the Risk of Internal Fraud Purpose The purpose of this Checklist is to provide both the board of directors and management with a series of questions to ask that can help in assessing the risk of Fraud . It also provides a possible structure for management to use in documenting its thought process and conclusions. INTRODUCTION.

3 An integral part of complying with the requirements of Section 404 of the Sarbanes- Oxley Act of 2002 is evaluating whether a company has developed sufficient internal controls associated with Fraud and management override. The evaluation of the potential for Fraud is specifically included within the COSO. framework of internal control. The first part of any efficient evaluation of internal control is the assessment of the relative exposures or risks of a situation occurring. While this type of risk assessment is a routine skill for auditors, many members of management are not familiar with the concept.

4 This Checklist provides both the board of directors and management with a series of questions to ask that can help in assessing the risk of Fraud . It also provides a possible structure for management to use in documenting its thought process and conclusions. The questions included in this Checklist were developed by reviewing readily available literature on the subject of financial Fraud . The principal source documents include those listed under Sources and Acknowledgements.. The broad definition of Fraud is an intentional act to gain an unfair or unlawful advantage or gain.

5 Fraud can include: fraudulent financial reporting - Many fraudulent financial reporting schemes arise from improper revenue recognition. Other frauds typically involve an overstatement of assets or an understatement of liabilities. Misappropriation of assets - External and internal schemes, such as embezzlement, payroll Fraud and theft. Revenues or assets gained by illegal or unethical acts Over-billing customers, or deceptive sales practices. Expenditures for improper purpose - Commercial and public bribery, as well as other improper payment schemes.

6 Fraudulently obtained revenue or inappropriately avoided expenses - Schemes where an entity commits a Fraud against its employees or third parties, or when an entity improperly avoids expenses, such as income or sales taxes. 1. Frauds against the company Producing counterfeit products or knowingly violating intellectual property rights. fraudulent financial reporting is a primary focus of the Sarbanes-Oxley Act. However, the definition of internal control over financial reporting also encompasses the preservation of assets. Therefore, this Checklist focuses only on these two types of Fraud .

7 While the other categories of Fraud can be equally damaging to a company's reputation, and could invoke significant negative financial consequences, they are outside the scope of this Checklist . To be most effective, the Fraud risk assessment should be conducted by individuals with significant business experience and a broad understanding of the entity and its operations. Assessments are often most effective when completed by a multi-functional team. Furthermore, it is often beneficial if the evaluation is completed at different levels within an organization.

8 For example, the board of directors may want the chief internal auditor to evaluate the risks at an overall company level. On the other hand, the corporate controller may be interested in completing an evaluation on a particular subsidiary or operating group. In such situations, the term company should be construed to refer to the subsidiary, division or operating entity being evaluated. 2. SOURCES AND ACKNOWLEDGEMENTS. The principal source for the information included in the foregoing discussion was publicly available information included on the internet, particularly on the web sites of the following organizations: Deloitte Touche Tohmatsu PricewaterhouseCoopers KPMG, LLP and its affiliate, The 404 Institute Ernst & Young Crowe Chizek and Company, LLC.

9 The American Institute of Certified Public Accountants The Committee of Sponsoring Organizations of the Treadway Commission Parsons Consulting Protiviti Marsh & McLennan Companies Resources Global Professionals Specific documents that listed individual risk factors include: Management Override of Internal Controls the Achilles' Heel of Fraud Prevention; The American Institute of Certified Public Accountants Management Anti- Fraud Programs and Controls, an excerpt of Statement of Auditing Standards No. 99; The American Institute of Certified Public Accountants.

10 Fraud Risk Assessments A Common Sense Approach; Marsh and McLennan Companies The Good Practice Guidelines for Assessing the Risk of fraudulent Financial Reporting; The National Commission on fraudulent Financial Reporting Key Elements of Anti- Fraud Programs and Controls;. PricewaterhouseCoopers Excerpts from The CPA's Handbook of Fraud and Commercial Crime Prevention; The American Institute of Certified Public Accountants Anti- Fraud Programs and Controls; Deloitte & Touche Identifying fraudulent Financial Transactions; W. Steven Albrecht, , CPA, CIA, CFE, Brigham Young University Auditing for Internal Fraud ; Michael Connelley, CFE, CPA.