Management's Fraud-Related Responsibilities Flashcards
Which of the following factors should an organization consider when designing the components of its compliance and ethics program?
A. Recurrence of similar conduct
B. Organization size
C. Industry size and standards
D. All of the above
D. All of the above
(A. Recurrence of similar conduct
B. Organization size
C. Industry size and standards)
The U.S. Sentencing Guidelines (USSG) for organizations (the Organizational Guidelines) provide a benchmark and foundational guidance for organizations in all countries for developing an effective compliance program. These Organizational Guidelines state that organizations should consider the following factors when designing their compliance and ethics programs:
** Applicable industry size and practice—An organization’s failure to incorporate and follow industry practice or
the standards called for by any applicable government regulation adversely affects a finding that the
program is effective.
** Size of the organization—Large organizations are expected to devote more formal operations and greater
resources to meeting the requirements than are small organizations. For example, smaller organizations
may use available personnel rather than employ separate staff to carry out ethics and compliance.
*** Recurrence of similar misconduct—The recurrence of a similar event creates doubt as to whether the
organization took reasonable steps to meet the requirements.
See pages 4.406-4.407 in the Fraud Examiner’s Manual
In a public company, the chief executive officer (CEO) should be charged with having primary responsibility for the oversight of the company’s compliance program.
True/False
False!
If a board of directors exists, such as in a public company, the board must be knowledgeable about the content and operation of the compliance program and oversee its implementation. Accordingly, it is preferable for the board of directors or one of the board’s committees to control the organization’s compliance program. For instance, many companies place their compliance programs under the control of audit committees. There are four principal benefits to this practice:
** The involvement of the board of directors provides a sense of authority to the compliance program. It clearly
identifies the program as a matter of company policy.
** The involvement of a board committee provides oversight to the operation of the program by personnel who
are not involved in the program’s day-to-day operation.
** Efforts to implement an effective compliance program can be documented in the committee’s meeting minutes.
This documentation can prove useful if the company ever has to defend its actions and seek mitigation of a
criminal fine.
** The involvement of those board members who are on the audit committee will help ensure that the board is
knowledgeable about the content and operation of the compliance program.
See pages 4.409-4.410 in the Fraud Examiner’s Manual
Which of the following is NOT one of the principles involved in the risk assessment process, as laid out by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)?
A. Assessing changes that could significantly impact the internal control system
B. Setting clear organizational objectives
C. Conducting ongoing monitoring of the risk management strategy
D. Considering the potential for fraud
C. Conducting ongoing monitoring of the risk management strategy
According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Framework, “Every entity faces a variety of risks from external and internal sources. Risk is defined as the possibility that an event will occur and adversely affect the achievement of objectives.” Risk assessment involves the identification and assessment of the risks the entity faces in achieving its organizational objectives. This process is dynamic and iterative, and it forms the basis for determining how risks will be managed.
According to COSO, the risk assessment involves the following principles:
** The organization sets sufficiently clear objectives to enable the identification and assessment of risks relating to
the objectives.
** The organization identifies risks to the achievement of its objectives across the entity and analyzes these
risks as a basis for determining how the risks should be managed.
** The organization considers the potential for fraud in assessing risks to the achievement of objectives.
** The organization identifies and assesses changes that could significantly impact the system of internal
control.
See pages 4.404-4.405 in the Fraud Examiner’s Manual
Which of the following is part of management’s responsibilities for the anti-fraud program?
A. Setting the organization’s ethical tone
B. Responding to instances of fraud appropriately
C. Ensuring the effectiveness of the program
D. All of the above
D. All of the above
(A. Setting the organization’s ethical tone
B. Responding to instances of fraud appropriately
C. Ensuring the effectiveness of the program)
While many parties—including the board of directors, internal auditors, and external auditors—have an important role in combatting fraud, management is ultimately responsible for the prevention and detection of fraud within an organization. This means that it is management who holds the primary responsibility for:
- ** Designing, implementing, overseeing, and ensuring the effectiveness of the anti-fraud program
- ** Setting the organization’s ethical tone and reinforcing an anti-fraud culture
- ** Demonstrating that fraud will not be tolerated at any level
- ** Responding to instances of fraud appropriately
See pages 4.401 in the Fraud Examiner’s Manual
An organization’s board of directors does NOT have to be knowledgeable about the implementation of an organization’s compliance and ethics program if the board has delegated that responsibility to a compliance officer.
True/False
False!
A company’s governing authority must be knowledgeable about the content and operation of the compliance and ethics program and exercise reasonable oversight with respect to the program’s implementation and effectiveness. Governing authority is defined as the board of directors or, if the organization does not have a board of directors, the organization’s highest-level governing body. Although the program’s day-to-day operations can be delegated, the duties outlined above cannot.
See pages 4.409 in the Fraud Examiner’s Manual
For a corporate compliance program to be effective, the company must proactively monitor, audit, and evaluate the program’s components.
True/False
True!
The U.S. Sentencing Guidelines (USSG) for organizations (the Organizational Guidelines) provide a benchmark and foundational guidance for organizations in all countries for developing an effective compliance program. These Organizational Guidelines set forth the following seven factors that are minimally required for a corporate compliance program to be considered effective:
** Established standards and procedures to prevent and detect criminal conduct
** Proper assignment of responsibility and oversight for the compliance program
** Due diligence in the hiring process to ensure the ethics of individuals who exercise a substantial measure of
discretion in acting on behalf of an organization
** Periodic and practical communication of the compliance policy through effective training programs and other
means
** Steps to ensure program compliance through monitoring, auditing, periodically evaluating the program’s
effectiveness, and having a publicized reporting system
** Promotion and consistent enforcement of the program through appropriate incentives for compliance and
appropriate disciplinary measures for violations
*** Reasonable response to any discovered criminal conduct in order to prevent further similar criminal conduct,
including making any necessary modifications to the organization’s compliance and ethics program
See pages 4.407-4.408 in the Fraud Examiner’s Manual
For its compliance program to be effective, an organization must communicate the program to all its employees through training programs.
True/False
True!
The U.S. Sentencing Guidelines (USSG) for organizations (the Organizational Guidelines) provide a benchmark and foundational guidance for organizations in all countries for developing an effective compliance program. Under the Organizational Guidelines, organizations must conduct “effective training programs.” Organizations are also required to communicate the program’s compliance requirements and procedures to all employees affected by the program, including upper-level personnel, periodically and appropriately. These programs should be designed to inform employees about the company’s stance on corporate compliance. They should also inform employees about what kinds of acts and omissions are prohibited by the law and by the organization.
See pages 4.411 in the Fraud Examiner’s Manual
Which of the following is one of the interrelated components of a company’s internal control system, as laid out by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)?
A. Assurance function
B. Independent oversight
C. Ethical culture
D. Risk assessment
D. Risk assessment
The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework) identified five interrelated components of internal control: control environment, risk assessment, control activities, information and communication, and monitoring. The effectiveness of internal controls can be determined from an assessment of whether (1) each of these five components is in place and functioning effectively and (2) the five components are operating together in an integrated manner.
See pages 4.403-4.404 in the Fraud Examiner’s Manual
According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), an internal control system should be designed to provide reasonable assurance regarding the achievement of the organization’s objectives pertaining to which of the following?
A. The effectiveness and efficiency of the organization’s operations
B. The reporting of financial and nonfinancial information to internal and external parties
C. The organization’s adherence to the laws and regulations to which it is subject
D. All of the above
D. All of the above
(A. The effectiveness and efficiency of the organization’s operations
B. The reporting of financial and nonfinancial information to internal and external parties
C. The organization’s adherence to the laws and regulations to which it is subject)
In its Internal Control—Integrated Framework (the Framework), the Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines internal control as “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”
As noted in this definition, internal controls should be designed to assist management in meeting the following three categories of objectives:
** Operations objectives, which pertain to the effectiveness and efficiency of the organization’s operations
** Reporting objectives, which pertain to the reporting of financial and nonfinancial information to internal and
external parties
*** Compliance objectives, which pertain to the organization’s adherence to the laws and regulations to which it
is subject
See pages 4.403 in the Fraud Examiner’s Manual
Which of the following parties is ultimately responsible for the prevention and detection of fraud within an organization?
A. External auditors
B. Internal auditors
C. Board of directors
D. Management
D. Management
While many parties—including the board of directors, internal auditors, and external auditors—have an important role in combatting fraud, management is ultimately responsible for the prevention and detection of fraud within an organization. This means that it is management who holds the primary responsibility for:
- ** Designing, implementing, overseeing, and ensuring the effectiveness of the anti-fraud program
- ** Setting the organization’s ethical tone and reinforcing an anti-fraud culture
- ** Demonstrating that fraud will not be tolerated at any level
- ** Responding to instances of fraud appropriately
See pages 4.401 in the Fraud Examiner’s Manual
Which of the following is a principle pertaining to the information and communication component of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework)?
A. The organization internally communicates information—including objectives and responsibilities for internal
control—necessary to support the functioning of internal control
B. The organization communicates with external parties regarding matters affecting the functioning of internal
control
C. The organization obtains or generates and uses relevant, quality information to support the functioning of
internal control
D. All of the above
D. All of the above
(A. The organization internally communicates information—including objectives and responsibilities for internal
control—necessary to support the functioning of internal control
B. The organization communicates with external parties regarding matters affecting the functioning of internal
control
C. The organization obtains or generates and uses relevant, quality information to support the functioning of
internal control)
The information and communication component of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework) relates to the exchange of information in a way that allows employees to carry out their internal control responsibilities and achieve the organization’s objectives. According to COSO, the following principles pertain to this component:
** The organization obtains or generates and uses relevant, quality information to support the functioning of
internal control.
** The organization internally communicates information—including objectives and responsibilities for internal
control—necessary to support the functioning of internal control.
*** The organization communicates with external parties regarding matters affecting the functioning of internal
control.
See pages 4.405 in the Fraud Examiner’s Manual
According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the control environment of an organization:
A. Provides the foundation for the overall internal control system
B. Is established by directors and senior management
C. Sets the moral and ethical tone of the organization
D. All of the above
D. All of the above
(A. Provides the foundation for the overall internal control system
B. Is established by directors and senior management
C. Sets the moral and ethical tone of the organization)
The control environment provides the foundation for the internal control system throughout the entire organization. Established by the directors and senior management, it sets the moral and ethical tone of an organization, which reinforces the importance of internal controls and expected standards of conduct.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) provides five principles supporting the design and implementation of an effective control environment:
** Personnel at all levels demonstrate a commitment to integrity and ethical values.
** The board of directors is independent from management and oversees the development and performance of
internal control.
** With board oversight, management establishes the structures, reporting lines, and appropriate authorities
and responsibilities in the pursuit of organizational objectives.
** The organization demonstrates a commitment to attract, develop, and retain competent individuals in
alignment with objectives.
*** The organization holds individuals accountable for their internal control responsibilities in the pursuit of
objectives.
See pages 4.404 in the Fraud Examiner’s Manual
According to the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) internal control model, an organization should perform both ongoing evaluations and periodic, separate evaluations to ascertain whether the components of internal control are present and functioning.
True/False
True!
Monitoring is the process that assesses the effectiveness of a control system over time. This component of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework) should include both ongoing evaluations and periodic, separate evaluations, the findings of which should be evaluated against predefined criteria. The following are the Framework principles supporting this component:
** The organization selects, develops, and performs ongoing and separate evaluations to ascertain whether the
components of internal control are present and functioning.
** The organization evaluates and communicates internal control deficiencies in a timely manner to those parties
responsible for taking corrective action, including senior management and the board of directors, as
appropriate.
See pages 4.405-4.406 in the Fraud Examiner’s Manual
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) identified five interrelated components of _________________.
A. Ethical theories
B. Internal control
C. Fraud
D. Professional development
B. Internal control
The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework) identified five interrelated components of internal control: control environment, risk assessment, control activities, information and communication, and monitoring. The effectiveness of internal controls can be determined from an assessment of whether (1) each of these five components is in place and functioning effectively and (2) the five components are operating together in an integrated manner.
See pages 4.403-4.404 in the Fraud Examiner’s Manual
Which of the following elements is required for a corporate compliance program to be effective?
A. Appropriate incentives for compliance with the program
B. Consistent punishment for employees who violate the program
C. Due diligence in the hiring process
D. All of the above
D. All of the above
(A. Appropriate incentives for compliance with the program
B. Consistent punishment for employees who violate the program
C. Due diligence in the hiring process)
The U.S. Sentencing Guidelines (USSG) for organizations (the Organizational Guidelines) provide a benchmark and foundational guidance for organizations in all countries for developing an effective compliance program. These Organizational Guidelines set forth the following seven factors that are minimally required for a corporate compliance program to be considered effective:
** Established standards and procedures to prevent and detect criminal conduct
** Proper assignment of responsibility and oversight for the compliance program
** Due diligence in the hiring process to ensure the ethics of individuals who exercise a substantial measure of
discretion in acting on behalf of an organization
** Periodic and practical communication of the compliance policy through effective training programs and other
means
** Steps to ensure program compliance through monitoring, auditing, periodically evaluating the program’s
effectiveness, and having a publicized reporting system
** Promotion and consistent enforcement of the program through appropriate incentives for compliance and
appropriate disciplinary measures for violations
*** Reasonable response to any discovered criminal conduct in order to prevent further similar criminal conduct,
including making any necessary modifications to the organization’s compliance and ethics program
See pages 4.407-4.408 in the Fraud Examiner’s Manual
