News

Management Anti-fraud Programs and Controls

By Mark Gardiner, CPA, CFE, Partner

The Fraud Task Force of the American Institute of Certified Public Accountants (AICPA) commissioned a study to provide guidance to help prevent and detect fraud. The AICPA, the Association of Certified Fraud Examiners, the Institute of Internal Auditors and other professional organizations sponsored the study. The overall message of this document is those organizations that take proactive steps to prevent and deter fraud will preserve their financial integrity, their reputation, and their future.

The study found that an organization must take three fundamental actions to mitigate fraud. They include creating a culture of honesty and high ethics, evaluating antifraud processes and controls, and developing an appropriate oversight process. The following are some of the highlights from the document. There are three main headings and 14 subheadings, with brief explanations following.

Creating a Culture of Honesty and High Ethics

  1. Setting the Tone at the Top Directors and Management of an organization set the “tone at the top” for ethical behavior. Research in moral development strongly suggests that honesty can be reinforced when a proper example is set.
  2. Creating a Positive Workplace Environment Research indicates that less wrongdoings occurs when employees have positive feelings about work.
  3. Hiring and Promoting Appropriate Employees If an organization is to be successful in preventing fraud, it must have effective policies that minimize the chance of hiring or promoting individuals with low levels of honesty, especially for positions of trust.
  4. Training New employees should be given training at the time of hiring covering the organization’s values and its code of conduct.
  5. Confirmation Management needs to clearly state that all employees will be held accountable to act within the organization’s code of conduct.
  6. Discipline The method an organization reacts to incidents of alleged or suspected fraud sends a strong deterrent message throughout the organization.

 

Evaluating Antifraud Processes and Controls

  1. Identifying and Measuring Fraud Risks Management had the primary responsibility for establish and monitoring all aspects of the organization’s fraud risk assessment and prevention activities
  2. Mitigating Fraud Risks It may be possible to reduce or eliminate certain fraud risks by making changes to the organization’s activities and processes.
  3. Implementing and Monitoring Appropriate Internal Controls Once a fraud risk assessment has taken place, the organization can identify the processes, controls, and other procedures that are needed to mitigate the identified risks.

 

Developing an Appropriate Oversight Process

  1. Audit Committee The Audit Committee should evaluate management’s identification of fraud risks, implementation of antifraud measures, and creation of the appropriate tone at the top. If the organization does not have an audit committee, then the board of directors should do the evaluation.
  2. Management Management is responsible for overseeing the activities carried out by employees, and does so by implementing and monitoring processes and controls, such as those discussed previously.
  3. Internal Auditors An effective internal audit team (if the organization has internal auditors) can be extremely helpful in performing aspects of the oversight function. Their knowledge about the organization may enable them to identify indicators that suggest fraud has been committed.
  4. Independent Auditors Independent auditors can assist management and the board of directors by providing an assessment of the organization’s process for assessing and responding to fraud risks. The board of directors should have an open and candid dialogue with the independent auditors regarding management’s risk assessment and the system of internal control.
  5. Certified Fraud Examiners Certified Fraud Examiners may assist the board of directors with aspects of the oversight process either directly or as a part of the team of internal auditors or independent auditors. In addition, they can assist the board of directors in evaluating the fraud risk assessment and fraud preventive measures implemented by management.