Deck 10: Fraud and Internal Control

What three things must a perpetrator have to commit fraud? Include a brief description of each.

The perpetrator must have motive - reason for committing the fraud, such as financial difficulties.
The perpetrator must have opportunity - access to the asset or financial statements in order to carry out the fraud.
The perpetrator must have the means to carry out the fraud - knowledge or skills that permit the perpetrator to commit the crime.

List the three fraud and abuse categories. Provide examples.

1. Corruption, such as bribery
2. Misappropriation of assets, including theft of cash, fraudulent disbursements, or stealing merchandise
3. Fraudulent financial reporting, such as misstating financial statements in order to meet earnings targets (acfe.com, 2009)

Tips are the most likely means of detecting fraud.

What are the elements required to prove fraud?

The typical fraud lasts three years before it is detected.

The Sarbanes-Oxley Act of 2002, which would become known as SOX, created the ________ to oversee and regulate public companies and their auditors.

List and describe the principles for establishing an environment to effectively manage fraud risk.

The SOX legislation basically requires management of privately held companies must assess and report on the effectiveness of internal controls for financial reporting using a recognized framework.

Accounting professionals often refer to the fraud triangle as incentive/opportunity/rationalization.

Most occupational frauds are committed by the accounting department or upper management.

If the internal audit revealed any significant deficiencies, it is not required to be disclosed by the signing officers of the company.

Substantive procedures collect evidence regarding the accuracy, completeness, and validity of data produced by the accounting system.

________ techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization.

________ focuses on managing when revenues and expenses are recorded in order to favorably reflect a company's financial performance in a legal manner.

________ techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized.

In a(n)________, the auditor performs tests of controls and substantive procedures.

It is not possible for a material weakness in internal control over financial reporting to exist even though the financial statements are not materially misstated.

To comply with SOX, companies must use a framework for evaluating internal control.

A(n)________ over financial reporting requires the auditor to conduct tests of controls to obtain evidence that internal control over financial reporting has operated effectively.

In control activities, ________ ensure appropriate information processing, authorization, and data integrity.

When investigating fraud, ________ enables auditors to extract, analyze, and interpret evidence to detect unusual patterns and irregularities.

What does Auditing Standard No. 5, an Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements, require the auditor to understand about IT?

The COSO ________ provides a blueprint for implementing an internal control system to assist in ensuring the reliability of financial statements and compliance with Sarbanes-Oxley legislation.

In control activities, ________ divide authorization, recording, and asset custody among different individuals.

What are the objectives of internal control?

Increasingly, the PCAOB is expecting auditors to understand how IT affects the audit and integrating IT into the audit.

Physical controls ensure appropriate information processing, authorization, and data integrity.

A(n)________, as required by Auditing Standard No. 5, integrates an audit of internal control with an audit of financial statements.

What factors are part of the control environment?

Increasingly the expectation is that the auditor and the IT professional learn more about the other's field.

Internal controls for the accounting system are incomplete without IT controls.

Application controls ensure completeness and accuracy of transaction processing, authorization, and validity.

IT general controls have a pervasive effect on all internal controls.

While COSO is a broad framework for internal control in general, COBIT provides the detailed IT processes necessary to provide IT controls for monitoring and evaluating the IT environment.

List and describe the IT resources categories as defined by COBIT.

________ controls include IT governance at top management levels where strategic business objectives are set and policies are established.

COBIT provides high-level strategic guidance for meeting overall internal control objectives.

What are the five essential components of an effective internal control system listed in COSO Internal Control-Integrated Framework?

List and describe the control activities for mitigating financial, operational, and compliance controls risks.

________ controls support application controls to provide a reliable operating environment.

Input controls ensure data is processed properly.

List and describe the 10 generally accepted privacy principles.

Control ________ are control weaknesses.

What are the three major objectives of an IT audit?

Internal controls are an integral part of business processes and the accompanying accounting transaction cycles.

What are the three phases for documenting control HotSpots?

What are the steps for building a HotSpot DFD?

Application controls for business processes cannot be documented using DFDs.

What do the audit committee's responsibilities include?

Document the preventive and detective controls on the Books Ga'Lore! shipping DFD.

Books Ga'Lore! Shipping DFD
Using the Books Ga'Lore! shipping DFD, create an event-agent-datastore-control table.