AKPIS EDU PVT LTD

CONTROLS
ON FRAUD

BY Amanpreet Kaur
 Fraud Management
Program
The components of an
effective fraud management
program include the
following:
1) Company ethics policy
2) Fraud awareness
3) Fraud risk assessment
4) Ongoing reviews
5) Prevention and detection
6) Investigation
 Company’s ethics Policy

Should any allegation of fraud,

corruption or theft be
substantiated, the Company will
thoroughly investigate the case
and disciplinary action will be
taken where appropriate. The
Company reserves the right to
report any criminal offences to
appropriate legal authorities.
1. Company ethics policy:
A company establishes a comprehensive
ethics policy outlining expected behaviors,
standards of conduct, and consequences
for unethical behavior.
The policy is communicated to all
employees through employee handbooks,
training sessions, and regular reminders.
2. Fraud awareness:
Regular training sessions are conducted to
educate employees about the various forms
of fraud, including examples and warning
signs.
Employees are encouraged to report any
suspicions or concerns about fraudulent
activities through designated channels
such as anonymous hotlines or
whistleblower programs.
Fraud awareness is having an understanding of
the nature, causes, and characteristics of
fraud.
1) Fraud awareness is developed through periodic
fraud risk assessments, training of
1. employees, and communications between
management and employees.
2. b. Employee training about fraud should be
tailored to each organization’s fraud risks.
3. )Training typically covers the organization’s
values and code of conduct, types
of fraud, and employee roles and responsibilities
to report violations of ethical
behavior.

Fraud essentially is the falsification of

transactions. Thus, an auditor’s examination of
transactions for fraud tests the existence
assertion.
FRAUD
AWARENESS
3)Fraud risk assessment:
The company conducts a thorough
assessment of its operations to
identify potential areas of
vulnerability to fraud.
Risks are evaluated based on
factors such as access to sensitive
information, lack of internal
controls, and historical incidents of
fraud.
4)Ongoing reviews:
Regular reviews and evaluations of
internal controls, financial
processes, and employee behavior
are conducted to detect any
anomalies or irregularities.
Management periodically assesses
the effectiveness of fraud
prevention measures and makes
adjustments as necessary.
 Preventive
Measures
Adequacy of Internal
controls

Ongoing
Reviews

Make
adjustments
A fraud risk assessment generally
includes the following:
a) Identifying and prioritizing fraud
risk factors and fraud schemes
b) Determining whether existing
controls apply to potential fraud
schemes and
identifying gaps
c) Testing operating effectiveness
of fraud prevention and detection
controls
d) Documenting and reporting the
fraud risk assessment
 5) Prevention and detection:
The company implements preventive measures such as segregation of duties,
dual authorization for financial transactions, and regular reconciliations.
Automated monitoring systems are employed to detect suspicious activities, such
as unusual transactions or patterns.

6) Investigation:
A designated team or department is responsible for investigating allegations of
fraud promptly and thoroughly.
Investigations follow established protocols and procedures to preserve evidence,
maintain confidentiality, and ensure legal compliance.
By integrating these components into a cohesive fraud management program,
companies can better protect themselves against fraud and minimize potential losses.
 Control is the principal
The COSO Internal Control means of managing fraud
Framework can and ensuring the
be applied in the fraud context to components of the
fraud management program
promote an environment in
are present and functioning.
which fraud is effectively
managed.
1) The control environment
includes such elements as a code
of conduct, ethics
policy, or fraud policy to set the
appropriate tone at the top;
hiring and promotion
guidelines and practices; and
board oversight.
Control activities are policies and procedures for
business processes that include
authority limits and segregation of duties.
4) Fraud-related information and
communication practices promote the fraud risk
management program and the organization’s
position on risk. The means used
include fraud awareness training and confirming
that employees comply with the
organization’s policies.
5) Monitoring evaluates antifraud controls
through independent evaluations of the fraud
risk management program and use of it.

c. Preventing fraud. Essential elements in

preventing fraud are setting the correct tone at
the top and instilling a strong ethical culture.
d. Detecting fraud. An essential element in
detecting fraud is employee feedback, as fraud
tips from employees is the most common way to
detect fraud. Sources of employee
feedback include a whistleblower hotline, exit
interviews, and employee surveys.
 Responsibility for
Controls Management is primarily responsible
for establishing and maintaining
control.

Internal auditors must assist the organization by

evaluating the effectiveness and
efficiency of controls and promoting continuous
Internal Auditors improvement
Responsibility for
Controls
Internal auditors acting in a consulting
role can help management identify
and assess risk and determine the
adequacy of the control environment.
a) Internal auditors also are in a unique
position within the organization to
recommend changes to improve the
control environment.
Segregation of duties divides responsibility for recording
of the transaction,
authorization, and custody of the assets associated with
the transaction. The effect is to minimize
the opportunities for a person to be able to perpetrate
and conceal fraud or error.
Examples:
Separate contract negotiation from approval of
invoices for payment.
Person(s) responsible for signing checks or approving
electronic payments verify that a service or product
was received.
Separate contract negotiation, approval of invoices for
payment, and budget preparation.
Separate vendor setup responsibility from the
purchasing function.
Separate employee and contractor setup from the
position responsible for processing payroll and
contractor payments.
Prepare an Accounts Payable signature authorization
list showing the signatures for authorized individuals
who may initiate and approve purchase orders.
Persons authorized to initiate or approve purchase
orders have full responsibility for ensuring that each
purchase, including the price, specifications, quality,
and quantity, is appropriate.
Purchases can only be transacted by approved
vendors or evidenced by approved contracts.
A policy prohibits receipt of kickbacks, gifts, and other
items of value from vendors.
Expenditures transacted via credit or debit cards and
electronic payments (Venmo, PayPal, Zelle, Square,
etc.) are subject to expense-type code restrictions.
Separation of duties between the ordering and
receiving of merchandise.
Receiving department does not accept goods unless
it has a blind copy of a properly approved purchase
order for the items.
Credit card charges are subject to the expenditure
controls used on purchases transacted through the
accounts payable process cycle.
Receiving reports and vendor invoices are required to
Programmers do not have access to
programs used in
processing.
Lists of authorized persons are
maintained online and
should constantly be updated after
personnel changes
(e.g., promotion or resignation).
Use a device authorization table to grant access only
to those physical devices that should logically need
access.
Restrict the ability of employees to gain access to and
change sensitive information.
Encrypt data so that only authorized users can decode
(decipher) the information.