Fraud Risk Management Textbook Notes Flashcards
What are COSO’s Four Categories of Fraud?
- Reporting Fraud: Financial
- Reporting Fraud: Non-Financial
- Misappropriation of assets
- Other Illegal Acts and Corruption
What is reporting fraud: financial?
An intentional misstatement of accounting information. Goal is to improve financial results by overstating income or assets or understating losses/expenses, or misleading disclosures.
What is reporting fraud: non-financial?
Manipulating non-financial reports. These include: environmental, health, safety, production, quality, or consumer reports.
What is misappropriation of assets?
Theft or misuse of tangible or intangible assets by employees, customers, vendors, etc.
What are examples of illegal acts and corruption?
Bribes, kickbacks, gratuities (gifts to purchasing agents)
What is the first principle (Control Environment) of COSO’s Five Fraud Risk Management Principles?
Principle 1: Establish and communicate a fraud risk management program. This should demonstrate expectation of directors and senior management. As well as commitment to high integrity and ethical values in managing fraud risk.
What are some focal points of principle one (Control Environment)?
- Map fraud risk management to organization’s goals and risks
- Establish fraud risk governance roles and responsibilities throughout an organization
- Document the program and communicate throughout the organization.
What is the second principle (Risk Assessment) of COSO’s Five Fraud Risk Management Principles?
Implement a comprehensive fraud risk assessment. This should identify fraud risks, assess their likelihood and significance, evaluate fraud control activities, and implement actions to mitigate residual fraud risks.
What are some focal points of principle two (Risk Assessment)?
- Involve appropriate management including all organizational management levels and functions
- Data analytics to assessment risks and evaluate responses
- Periodically reassess fraud risk
- Document risk assessment
- Identify existing fraud controls and their effectiveness
- Determine risk responses
What are the elements of the fraud triangle?
- Opportunity
- Incentives and Pressures
- Attitudes or rationalizations
What is the third principle (Control Activities) of COSO’s Five Fraud Risk Management Principles?
Select, develop, and deploy preventative and detective fraud control activities to reduce risk of fraud events occurring or not being detected in a timely manner.
What are some focal points of principle three (Control Activities)?
Promote fraud deterrence through preventative & detective controls. Things to consider: organization/industry specific risks, controls at differing organizational levels, risk of management override of controls, integration w/ fraud risk assessment.
What is the fourth principle (Information & Communication) of COSO’s Five Fraud Risk Management Principles?
Establish communication process to obtain information about potential fraud. Coordinated approach to investigation and corrective action to address fraud.
What are some focal points of principle four (Information & Communication)?
- Create fraud investigation & response protocols
- Conduct & document investigations
- Communicate investigation results
- Implement corrective actions
- Evaluate investigation performance
What is the fifth principle (Monitoring) of COSO’s Five Fraud Risk Management Principles?
Select, develop, and perform ongoing evaluations to ascertain functioning of five principles of fraud risk management. Communicate fraud risk management program deficiencies in a timely manner to responsible parties for corrective action.
