Fraud Risk Management Flashcards
Management must assign a quantitative measure to its risk appetite so that it can accurately measure the fraud risk management program’s effectiveness. T/F
False
Management can choose whether to use a quantitative measure or a qualitative one to express risk appetite. An important component in defining the objective of the fraud risk management program is determining management’s risk appetite. Risk appetite should be expressed in a manner that is appropriate for the organization’s culture and operations, whether qualitatively—low, medium, or high, for example—or quantitatively, using a numeric scale. For example, a company’s management might decide that it prefers to reduce the residual risk of fraud down to a “low” level, implying a desire for strong controls and monitoring of such controls over a particular area of the business. Another company might decide that any risk rated three or higher (on a risk scale of one to five) is unacceptable. Risk appetite can also be broken down into specific types or sources of fraud, which allows for prioritization of fraud risk management strategies based on the assessed components.
Which of the following is NOT one of the components of COSO’s Enterprise Risk Management—Integrated Framework?
A. Internal environment
B. Corporate compliance
C. Monitoring
D. Risk assessment
B. Corporate compliance
COSO’s Enterprise Risk Management—Integrated Framework builds upon the five components first identified as part of COSO’s Internal Controls—Integrated Framework, and includes an additional three components. The eight components of the ERM Framework are: • Internal environment • Objective setting • Event identification • Risk assessment • Risk response • Control activities • Information and communication • Monitoring
Which of the following is among the audit committee’s responsibilities for fraud risk management?
A. Monitoring and proactively improving the fraud risk management program
B. Receiving regular reports on the status of reported or alleged fraud
C. Performing and regularly updating the fraud risk assessment
D. All of the above
B. Receiving regular reports on the status of reported or alleged fraud
As a sub-group of the board of directors, the audit committee is often delegated oversight of the organization’s financial, accounting, and audit matters. As part of this responsibility, the committee must take an active role in overseeing the assessment and monitoring of the organization’s fraud risks. This involves:
• Receiving regular reports on the status of reported or alleged fraud
• Meeting regularly with key internal parties (such as the chief audit executive or other senior financial persons) to discuss identified fraud risks and the steps being taken to prevent and detect fraud
• Understanding how internal and external audit strategies address fraud risk
• Providing external auditors with evidence that the audit committee is dedicated to effective fraud risk management
• Engaging in open conversations with external auditors about any known or suspected fraud
Monitoring and improving the fraud risk management program and performing and maintaining the fraud risk assessment are both part of management’s responsibilities for addressing fraud risk
By law, all organizations must have an affirmation process as part of their fraud risk management program. T/F
False
An affirmation process is an important component in a fraud risk management program, though not a legally necessary one. Such a process requires directors, employees, and contractors to state explicitly that they have read, understood, and complied with the organization’s code of conduct, fraud control policy, and other such documentation that supports the fraud risk management program. In determining whether to enact an affirmation process, management must weigh any potential legal issues involved with having such a process with the increased fraud risk of not having one.
If an affirmation process is enacted, it should include consistent sanctions for individuals who refuse to sign off on the acknowledgement. Additionally, the affirmation process might include requiring individuals to acknowledge that they have a fiduciary duty to report any known instances of fraud.
According to COSO, _________ is a process that is designed to identify potential events that may affect the entity and manage risk to be within its risk appetite in order to provide reasonable assurance regarding the achievement of the entity’s objectives.
A. Internal control
B. Corporate governance
C. Enterprise risk management
D. Fraud prevention
C. Enterprise risk management
Among the numerous available definitions of risk management, perhaps the most broadly recognized is that provided by the Committee of Sponsoring Organizations (COSO) for enterprise risk management: “a process . . . designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
The board of directors holds the primary responsibility for designing, implementing, monitoring, and improving the fraud risk management program. t/f
f
The board of directors is responsible for developing and supporting the organization’s underlying fraud risk management strategy. However, the primary responsibility for designing, implementing, monitoring, and improving the fraud risk management program is held by management. As part of this responsibility, management must:
Be intimately familiar with the organization’s fraud risks.
Ensure that the organization has specific and effective internal controls in place to prevent and detect fraud.
Set a tone at the top and monitor the company culture to ensure it appropriately supports the organization’s fraud prevention and detection strategies. Senior management must exude ethics for staff to be inspired and feel obligated to follow suit.
Clearly communicate—both in words and actions—that fraud is not tolerated.
Take seriously all reports of fraud and undertake investigations for any such reports deemed reliable.
Punish perpetrators of discovered fraud appropriately. Punishing perpetrators reinforces the culture of ethics and the fact that fraud will not be tolerated.
Take any steps necessary to remediate weaknesses that allowed frauds to occur.
Which of the following is NOT one of the components of COSO’s Enterprise Risk Management—Integrated Framework? A. Monitoring B. Corporate compliance C. Risk assessment D. Internal environment
B
Which of the following is among the board of directors’ responsibilities pertaining to fraud risk management?
A. Raising awareness of the risks of fraud throughout the organization
B. Overseeing the organization’s fraud risk management activities
C. Setting realistic expectations of management to enforce an anti-fraud culture
D. All of the above
D
