Fraud and Internal Control Chapter 7 Fraud Internal Control and Cash Fraud Fraud a dishonest act by an employee that results in personal benefit to the employee at a cost to the employer Fraud occurs because there are three main factors that contribute to fraudulent activity Can occur when a workplace lacks sufficient controls to deter and detect fraud 1 Opportunity Workplace environment must provide opportunities that an employee can take advantage of 2 Financial Pressure Employees commit fraud because of personal financial problems caused by too much debt or because they want to lead a lifestyle that they cannot afford with their current salary 3 Rationalization Employees rationalize their dishonest actions The Sarbanes Oxley Act Sarbanes Oxley Act SOX was passed in order to prevent or detect fraud easier Under SOX all US corporations are required to maintain an adequate system of internal control Independent outside auditors must attest to the adequacy of the internal control system SOX also created the Public Accounting Oversight Board PCAOB to establish auditing standards and regulate auditor activity Internal Control Internal Control consists of all the related methods and measures adopted within an organization to safeguard its assets enhance the reliability of its accounting records increase efficiency of operations and ensure compliance with laws and regulations 5 primary components 1 A Control Environment Management must make it clear that the organization values integrity and that unethical activity will not be tolerated 2 Risk Assessment Companies must identify and analyze the various factors that create risk for the business and determine how to manage the risks 3 Control Activities To reduce the occurrence of fraud management must design policies and procedures to address the specific risks faced by a company 4 Information and Communication System must capture and communicate all pertinent information both down and up the organization as well as communicate information to appropriate external parties 5 Monitoring Must be monitored periodically for their adequacy Deficiencies must be reported Principles of Internal Control Activities Six principles of control activities 1 Establishment of Responsibility Assign responsibility to specific employees Control is most effective when only one person is responsible for a given task Establishing responsibility requires limiting access only to authorized personnel and then identifying those personnel By doing this it is easier to identify the source of the issues like if money is missing from a register and there was only 1 person operating it it has to be them 2 Segregation of Duties Two common applications of this principle 1 Different individuals should be responsible for related activities Making one individual responsible for related activities increases the potential for errors and irregularities Companies should assign purchasing activities to different individuals Ex People who order merchandise approve orders receiving goods authorizing payment etc should be separated Companies should assign sales activities to different individuals Ex People who make a sale ship goods to a consumer receive payment etc should be separated 2 The responsibility for record keeping for an asset should be separate from the physical custody of that asset Custodian of the asset should not maintain or have access to the accounting records Custodian of the asset is not likely to convert the asset to personal use when one employee maintains the record and another has physical custody Chapter 7 Pg 1 The work of one employee should without a duplication of effort provide a reliable basis for evaluating the work of another employee If the same person is doing all the work it is easy for that one person to put systems in effect that allow them to get away with fraud 3 Documentation of Procedures Documents provide evidence that transactions and events have occurred Companies can identify the individuals responsible for the transaction or event if they sign the documents Companies should use Prenumbered documents and all documents should be accounted for Control system should require that employees promptly forward source documents for accounting entries to the accounting department This helps to ensure timely recording of the transaction 4 Physical Controls Physical Controls relate to the safeguarding of assets and enhance the accuracy and reliability of the accounting records 5 Independent Internal Verification Ex Safes vaults locked warehouses alarms etc Involves the review of data prepared by employees 3 ways to obtain maximum benefit 1 Companies should verify records periodically or on a surprise basis 2 An employee who is independent of the personnel responsible for the information should make the verification 3 Discrepancies and exceptions should be reported to a management level that can take appropriate corrective action Especially useful when comparing recorded accountability with existing assets Internal Auditors are company employees who continuously evaluate the effectiveness of the company s internal control systems Review activities of departments and individuals to determine whether prescribed internal controls 6 Human Resource Controls are being followed Human resource control activities include the following 1 Bond employees who handle cash Bonding involves obtaining insurance protection against theft by employees Contributes to the safeguarding of cash in two ways Insurance screens all individuals before adding them to the policy and may reject risky applicants Bonded employees know that the insurance company will vigorously prosecute all offenders 2 Rotate employees duties and require employees to take vacations Deter employees from attempting thefts since they will not be able to permanently conceal their improper actions 3 Conduct thorough background checks Check to see whether job applicants actually graduated from the schools they list Never use the telephone numbers for previous employers given on the reference sheet look them up yourself Limitations of Internal Control accounting records Companies design their systems to provide reasonable assurance of proper safeguarding of assets and reliability of the Costs of establishing control procedures should not exceed their expected benefit Human element means that people can ruin good systems because of fatigue carelessness or indifference Two or more individuals may work