INTERNAL AUDIT

AND FRAUD RISK

CHAPTER 8
 INTRODUCTION
“Not all crooks roam the streets of the
nation’s cities.”
Many spend their time as employees in
businesses.
Disguised as honest citizens, they pilfer
whatever comes to hand, and often
tamper with records to cover up their
thefts.
WHAT IS FRAUD
Fraud is deceit;
its trickery;
its cheating;
its committed to
cause a person or
organization to give up
property or some
lawful right.
DEFINING FRAUD

Per Black’s Law Dictionary – “… all multifarious means which

human ingenuity can devise, and which are resorted to by one
individual to get an
advantage over another by false suggestions or suppression of the
truth.It includes all surprise, trick, cunning or dissembling, and
any unfair way by which another is cheated.”
Basically fraud
is
INTENTIONAL
DECEPTION
for the purpose
of financial gain
FRAUD
◦ Fraud always uses deception as its principal method of operation
◦ Four elements:

􀂄 Material false statement

􀂄 Knowledge that the statement was false
when it was made
􀂄 Reliance on the statement by victim
􀂄 Damages
􀂄 Under state law, generally must also prove intent
DEFINING ABUSE
◦ A deceitful act
◦ A corrupt practice or custom
◦ Examples:
◦ “Borrow” company equipment
◦ Use sick leave when not sick
◦ Slow or sloppy work
◦ Surf the Net at work
◦ Work under influence of drugs/alcohol
Occupational Fraud
and Abuse
 DEFINING ABUSE
A deceitful act
 A corrupt practice or custom
 Examples:
 “Borrow” company equipment
 Use sick leave when not sick
 Slow or sloppy work
 Surf the Net at work
 Work under influence of drugs/alcohol
 WHAT IS OCCUPATIONAL FRAUD
AND ABUSE?
◦ Use of occupation
◦ For personal enrichment
◦ Through deliberate misuse or
misapplication
of employer’s resources/assets
 WHITE-COLLAR CRIME
First defined “white-collar crime”
 Criminal acts of corporations
 Individuals in corporate capacity
 Theory of differential association
 Crime is learned
 Not genetic
 Learned from intimate personal groups
OCCUPATIONAL FRAUD AND ABUSE
Asset Fraudulent
Corruption
Misappropriations Statements

Conflicts
of Interest Cash Financial

Bribery Inventory &

All Other Assets Nonfinancial

Illegal
Gratuities

Economic
Extortion 12
 Opportunity

Fraud
Triangle

Pressure Rationalization 23
Pressure/Motivation
◦ Corporate Pressures
Bonus, compensation & recognition based on
financial results
 Budget and goal achievement
Fear of failure or negative sanctions
associated with failure
Pressure/Motivation
◦ Individual Employee Pressures
􀂄 Corporate Problems
􀂄 Resentment, jealousy, retaliation or revenge
􀂄 For the “good of the team”
􀂄 Personal Problems
􀂄 Living beyond one’s means
􀂄 High personal debt
􀂄 Pay not commensurate with job
􀂄 Gambling problems
􀂄 Alcohol, drugs or illicit relationships
􀂄 Death, divorce, illness
􀂄 Family and/or peer pressure
Opportunity
◦ Generally due to internal control weaknesses
􀂄 Lack of segregation of duties
􀂄 Lack of effective review and approvals
􀂄 Ineffective Control Environment
􀂄 No fraud prevention culture
􀂄 Lack of emphasis on integrity
􀂄 Lack of effective executive example
􀂄 At management levels, it is often due to override of controls
Rationalization
◦ perpetrator that committing fraud is reasonable under the circumstances
􀂄 “I’m just borrowing the money and I intend to pay it back.”
􀂄 “The company is cheating me by not paying me what I’m worth.”
􀂄 “Everyone is a little dishonest.”
􀂄 “The company is cheating our customers, so they deserve to get fleeced.”
􀂄 “I’m a shareholder/partner, so the money is really mine anyway.”
􀂄 This is the match that lights the fuse to fraud!
EMPLOYEE FRAUD AND CORPORATE
CULTURE
◦ The following factors in corporate culture can contribute to
pressure:
Poor employee compensation
Excessive pressure to perform
Hostile work environment
Corporate financial troubles
Negative examples set by top management
 RED FLAGS
A red flag is a set of circumstances that are
unusual in nature or vary from the normal activity.
It is a signal that something is out of the ordinary
and may need to be investigated further.
 Remember that red flags do not indicate guilt or
innocence but merely provide possible warning
signs of fraud.
 Financial Statement Fraud Categories and Red
Flags
◦ Overstated revenues.
◦ Management estimates.
◦ Pro formas can mislead.
◦ Earnings problems: masking reduced cash flow.
◦ Earnings before interest, tax, depreciation, and amortization
(EBITDA).
◦ Excessive debt.
◦ Inventory problems.
Forensic and Investigative Accounting Chapter 4 32
 Roles Of An Internal Auditor’s Role In Investigating Fraud
• Needs to be defined in the internal audit charter,
• In the fraud policies and procedures.
• Act as a resource for the investigation
• Refrain from any involvement in the investigation.- responsible for assessing the
effectiveness of the investigation or because it lacks the appropriate resources to be involved
in investigation.
• Advicing management
• Monitoring the investigation process to help the organization follow relevant policies,
procedures and applicable laws and statutes.
• Support the organization in the legal proceedings, insurance claims or any other recovery
actions.
• Evaluate and monitor the organisation’s internal and external post investigation reporting and
communication plans and practices.
• Internal auditors can also monitor the implementation of the recommended control
enhancement.
SARBANES-OXLEY ACT
◦ Was approved by the Congress in 2002
◦ Also known as
Public Company Reform and Investor Protection
Act
Corporate and Criminal Fraud Accountability Act
White Collar Crime Penalty Enhancement Act
TITLE 8 – CORPORATE AND CRIMINAL
FRAUD ACCOUNTABILITY
◦This section protects the whistle-blowers
and prescribes serious prison terms for
those who obstruct justice or defraud
shareholders
◦Contains S802 – S807
SOX REGULATORY FRAMEWORK
PURPOSE OF SARBANES-OXLEY ACT
◦ To improve the quality and transparency in Financial reporting
and independent audits and accounting services for public
companies
◦ Enhance the standard setting process for accounting practice
◦ Strengthen the independence of firm that audits public companies
◦ Increase corporate responsibility and the usefulness of corporate
financial disclosure
◦ Protect the objectivity and independence of securities analyst
◦ To improve Securities and Exchange Commission resource and
SARBANES OXLEY ACT
◦ Contains 11 titles and each title comprises multiple sections
1.Public Company Accounting Oversight Board
2.Auditor Independence
3.Corporate Responsibility
4.Enhanced Financial Disclosure
5.Analyst Conflicts Of Interest
6 & 7 Commission Resources and Authority and Studies and Report
8.Corporate and Criminal Fraud Accountability
9.White Collar Crime Penalty Enhancement
10.Corporate Tax Returns
11.Corporate Fraud and Accountability
TITLE 3 – CORPORATE RESPONSIBILITY
◦ Contains 8 numbered sections
◦ S301 – Public Company Audit Committees
◦ S302 – Corporate Responsibility For
Financial Reports
◦ S303 – Unlawful for executive/directors to influence audit firms in course of audit
◦ S304 – requires CEO to disgorge themselves from any profit from the sale of companies
securities
◦ S305- grants the SEC the authority to permanently bar executives who violate securities laws
◦ S306- prevents insider trading during certain blackout periods related to pension plans
◦ S307 – requires attorneys to report evidence of a material violation of sercurities law
◦ S308 – Fair funds to investors
TITLE 4 – ENHANCED FINANCIAL
DISCLOSURES
◦ Contains 9 number sections – S401-S409
◦ Purpose of this section is to forbid certain personal
loan and to mandate certain financial disclosure
TITLE 8 – CORPORATE AND CRIMINAL
FRAUD ACCOUNTABILITY
◦This section protects the whistle-blowers
and prescribes serious prison terms for
those who obstruct justice or defraud
shareholders
◦Contains S802 – S807
TITLE 9 – WHITE COLLAR CRIME
PENALTY ENHANCEMENT
◦ This provision distinguishes between acts that are
done knowingly versus those that are done both
knowingly and willfully
◦ Increases maximum prison sentence for mail, wire
fraud and violation of Employee Retirement Income
Scheme
TITLE 11 – CORPORATE FRAUD
◦ Establishes potential prison term for anyone who alters, destory, mulilates or
conceal records, document or other objects
◦ Empowers the SEC to petition federal courts for temporary injunctions to
freeze pending extraordinary payments
◦ Increase the penalty for the violations of S.32(a) of the Securities and
Exchange Act
◦ Empowers the SEC to bar from serving as corporate officers any individual
who commit fraudulent transactions
SOX COMPLIANCE
◦ SOX Rules, Regulations, and Standards (SOX involves an ongoing rulemaking and regulatory
process)
◦ The Federal Criminal Sentencing Guidelines (point system with mitigation for ethics and control
processes)
◦ The COSO Reports
◦ Focus on basic control processes and risk management
◦ The COBIT Standard
◦ Contains high-level and detailed control objectives, audit guidelines, and management guidelines
◦ ISO 27002
◦ Contains 11 major topics, with over 5,000 controls in total
◦ Comparison of the Various Models for Control Practices
SOX AND SMALL PUBLIC COMPANIES
◦ Sox 404 Compliance with Small Public Companies
◦ Leadership involvement and effective boards of directors
◦ Compensating for limited segregation of duties by management reviews
◦ Compensating for limited IT by using ASPs

◦ How Small Public Companies Can Achieve Efficiency in Internal Control Processes
◦ Apply a risk-based approach
◦ Focus on changes
◦ Manage reporting objectives
◦ Right-sizing documentation