Fraud Prevention / Deterrence Flashcards
The two whistleblower protections established by SOX
- Establishes civil liability for retaliation against a whistleblower at a publicly traded company
- Establishes criminal sanctions for retaliating when the whistleblower provides information regarding an alleged federal offense to a law enforcement officer
The four items that must be addressed in an internal control report within a Company’s annual report
1- A statement that management is responsible for establishing and maintaining adequate internal control over financial reporting (ICOFR)
2- A statement identifying the framework used by management in performing the assessment of the effectiveness of ICOFR
3- Management’s assessment of the effectiveness of the company’s ICOFR
4- A statement that the independent auditor has issued an attestation report on the effectiveness of the company’s ICOFR
The five fraud risk management principles described in Fraud Risk Management Guide
1- risk governance [establish communicate program]
2- risk assessment [identify specific schemes/risks]
3- control activities
4- investigation and corrective action
5- risk management monitoring [ongoing evaluations]
Government Accountability Office’s (GAO) Yellow Book standards apply to which types of engagements?
Standards provide guidance to auditors of government entities and entities that receive government awards.
The Social Control Theory
States that the more important that social relationships are to a person, the less likely it is that the person will commit crimes
eg, “what will my mom think if she finds out?”
The three key objectives of a Fraud Risk Management Program
1- Prevent fraud (assess risks, remediate risks)
2- Detect fraud (identify occurrences and limit damage)
3- Respond to identified fraud (punish perp, rebuild stakeholder confidence)
To condone
To accept, allow or approve of
Who derived the Fraud Triangle hypothesis?
Donald Cressey
What’s the most effective way to assess an organization’s corporate culture?
It’s outcome (not checklist items)
Enterprise Risk Management
the culture, capabilities, and practices, integrated with strategy-setting and its performance, that organizations rely on to manage risk in creating, preserving, and realizing value
The two types of anti-fraud controls
1- preventative (eg, separation of duties, hiring policies)
2- detective (eg, continuous auditing, hotline)
Punishment
a behavioral response that involves withdrawing a positive stimulus or applying a negative stimulus in response to an undesired behavior
The three categories of objectives for an internal control system According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO)
1- Operations ( effectiveness and efficiency of the organization’s operations)
2- Reporting (reporting of financial and nonfinancial information to internal and external parties)
3- Compliance ( adherence to the laws and regulations)
Differential Reinforcement Theory
States that people learn social behavior by operant conditioning
Behavior is reinforced when positive rewards are gained (positive reinforcement) or punishment is avoided (negative reinforcement). It is weakened by negative stimuli (punishment) and loss of reward (negative punishment)
Most experts agree that it is much easier to ___ fraud than it is to ___ it.
Easier to PREVENT fraud than it is to DETECT it
In an ideal situation, the ideal sponsor of a fraud risk assessment would be…..
an independent board director or audit committee member
-want someone senior enough to command respect and will have a commitment to learning the truth about the company is vulnerable
Who holds holds the primary responsibility for designing, implementing, monitoring, and improving the fraud risk management program?
Senior management
-the board is responsible for developing the organization’s fraud risk management strategy
Inherent risks
Risks that are present before the effect of internal controls
Residual risks
risks that remain after the effect of internal controls
Cressey’s two components of the perceived opportunity to commit fraud
1- General information about how the company might be defrauded
2- technical skill needed to commit the violation
Under SOX, what does the “independence” of audit committee members mean?
1- that they receive fees only for their service on the board and cannot be paid by the company for any other consulting or advisory work
2- no “affiliation” with the company, meaning that they are not an executive or owner of over 10% of voting stock
According to Fraud Risk Management Guide, a joint publication by COSO and the ACFE, who has responsibility for managing fraud risk?
Personnel at all levels of the organization
“Avoiding the risk”
when, in a fraud risk assessment, management decides to discontinue an activity because the control measures required to protect the organization against the identified threat are too expensive
Under USSG, how much can a corporate policy towards fraud impact the culpability of a base fine?
If bad, can increase by as much as 400%
if good, can decrease by as much as 95%
According to criminologist Charles McCaghy, _____________ is the single most compelling factor behind deviance by organizations.
profit pressure
What was the purpose of establishing the Treadway Commission?
to define the responsibility of the auditor in preventing and detecting fraud.
White-collar defendants are ___ likely to insist on a trial than other offenders.
More
Not as much of a need to plead guilty, avoiding the expense and effort of a trial.
The Private Securities Litigation Reform Act
Sets forth responsibilities for independent auditors of public companies
Requires procedures designed to provide reasonable assurance of detecting illegal acts that would have a direct and material effect on the determination of financial statement amounts.
Basis for Diane Vaughan’s fraud theories
that organizations can be criminogenic because they encourage loyalty.
the three legs of Cressey’s fraud triangle
1- perceived non-sharable financial need
2- perceived opportunity
3- rationalization
The standards for a response to an indicator of fraud for the auditor in a government performance audit
Deemed significant -> extend audit steps to determine if fraud is likely to have occurred
Deemed significant AND likely to have occurred -> extend audit steps to determine effect on audit findings
Deemed insignificant -> perform additional work as a separate engagement or refer matter to authorities
The three effective responses for addressing the risk of material misstatement due to fraud during a financial statement audit
Assigning specialists to assist regarding a particularly technical issues
Using differing sampling methods when collecting data for audit testing
Implementing auditing procedures on an unannounced basis
The 4 principles involved in the risk assessment process, as laid out by the Committee of Sponsoring Organizations of the Treadway Commission
C-Clear objectives
R- Risk identification to achieving objectives
A- Assessing impact of changes on internal controls
P- potential for fraud
The 5 interrelated components of a company’s internal control system, as laid out by the Treadway Commission
M- Monitoring A- Activities (for controls) R -Risk Assessment I- Information and communication E- Environment (for controls)
The 5 components of the enterprise risk management (ERM) framework under the Treadway Commission
Goal - come to “GRIPS” with the org risk portfolio
G- governance/ culture R- review/ revision I - information/communication P- performance S - strategy/ objective setting
Crimogenic
prone to committing crime
The two primary strategies to control corporate criminal behavior
Compliance - stop violations before they can occur
Detection - detect and punish violations
According to Dr. Steve Albrecht’s Fraud Scale model, the variables that drive the occurrence of occupational fraud include
P- personal integrity
O -opportunities
S -situational pressures
The theory of differential association
states that criminal behavior is learned and acquired through participation with intimate personal groups
The 4 core principles of sound corporate governance
F- Fairness
A- accountability
R- responsibility
T- transparency
