Fraud Risk Management Flashcards
What is fraud?
INTENTIONAL ACT. INTENTIONAL OMMISSION. DONE WITH AN INTENT TO DECEIVE. VICTIM SUFFERS FROM A LOSS.
What are categories of fraud?
Reporting fraud
Reporting fraud- Non-financial
Misappropriation of assets
Other illegal acts and corruption
What is reporting fraud?
Intentional misstatement of accounting information
Goal is to improve financial results
May be trying to avoid taxes
Evening things out- smoothing earnings
Examples: Improper revenue recognition.
What is non-financial reporting fraud?
Manipulating reports that are not financial.
- Enviornmental report
- Health report
Known misstatement on a non-financial report
Occurs from unrealistic targets
What is misappropriation of assets?
Stealing. Misuse of tangible assets.
could be customers, vendors, employees
Vendor: Sending fictitious invoices
Customer: Claims for damaged goods
Employees: Stealing time or actual assets
Is illegal acts considered fraud?
Yes!
Violations of laws or regs that have a material impact on the f/s is fraud
Bribes, kickbacks, gift giving
Can IT facilitate fraud?
YES!
- A good accounting system is key to detecting fraud. Bad is an invitation to fraud
Example: Hackers or employees could gain access to accounting applications. They could override safe guards
How does CONTROL ENVIRONMENT relate to fraud?
Establish and communicate a fraud risk management program that demonstrates.
- Expectations of BOD and senior management
- Commitment to high integrity and ethical values in managing fraud risk
- Map fraud risk to organizations goals
- Establish risk governance roles
- Document the program
How does RISK ASSESSMENT relate to fraud?
Implement a comprehensive fraud risk assessment that
- Identify fraud risks
- Assess their likelihood and significant
- Evaluate fraud control activity
- Implement actions to mitigate risk
Focal point:
- Include appropriate management levels
- Data analytics to assessment risks and evaluate response
- Periodically reassess fraud risk
- Document risk assessment
- Analyze internal and external risk
- Consider distinct types of fraud (see four categories)
- Assess the fraud risk triangle
- Identify controls in place and additional risk responses
How does CONTROL ACTIVITIES relate to fraud?
- Select develop and deploy preventative and detective fraud control activities to reduce the risk of fraud events occurring or not being detected.
Focal points:
- Promote fraud deterrence
Consider:
- Organization
- Controls at differing organizational levels
- Risk of management override of controls
- Integration with fraud risk assessments
- Proactive data analytics
- Control through policies and procedures
How does INFORMATION AND COMMUNICATION relate to fraud?
- Establish a communication process to obtain information about potential fraud
- Coordinate approach to investigation and corrective action to address fraud
FOCAL POINTS:
- Create fraud investigation and response protocols
- Conduct and document investigations
- Communicate investigation results
- Implement corrective actions
- Evaluate investigation performance
How does MONITORING ACTIVITIES relate to fraud?
Select, develop, and perform ongoing evaluations to ascertain functioning of five principles of fraud
Communicate fraud risk management program deficiencies in a timely manner to responsible parties for corrective action
FOCAL POINTS:
- Ongoing and separate evaluation
- Influences on scope and frequency of monitoring
- Known and emerging fraud cases
- Establish appropriate management criteria
- Evaluate, communicate, and remediate deficiencies monitoring
How can data analytics be used to address fraud triangle?
1) Incentive and pressure- can use to identify management practices and business processes. Which managers might have incentive to commit more fraud.
2) Opportunity- data analytics through monitoring (i.e. confirmation of) key controls
3) Attitudes and rationalization- less fraud because employees know there is more fraud monitoring
How do you design data analytics to a fraud management plan?
Analytics design- must map risks to data sources and availability to create a work plan, timeline and deliverables
- Data Collection: Map data to planned analytic test, validate data.
- Organize data and calculation- Execute work plan, adapt analytics to available data, use advanced methods
What is fluctuation analysis?
Detect anomalies (unusual transactions, missing by expected transactions)
