QUESTION & ANSWER

Creating a fraud risk assessment policy

By Editorial staff 17 Jan 2008 | SearchFinancialSecurity.com

Digg This!     StumbleUpon     Del.icio.us

We are performing a security and fraud risk assessment. Are there any methodologies you recommend?

Shon Harris: First, it's important to understand that the audit committee's primary role is to address fraud risk levels, determine the level of risk posed by management if they override internal controls, and ultimately prevent this type of behavior.

The following are common types of management fraud:

1. Premature revenue recognition or the creation of fictitious revenue.
2. Overstating assets
3. Misrepresenting expenses and liabilities

Below is a checklist containing questions that relate to factors that can increase management risk levels: incentives, opportunities and attitude. Understanding these factors can help auditors develop ways to prevent and respond to management override of internal controls.

Questions to ask regarding incentives, to gauge the level of pressure management may be under that would lead them to override internal controls.

1. Is the organization financially stable or is the profitability threatened by conditions in the industry, economy or operating practices?
2. Do outside parties pressure management to meet requirements connected to reporting negative financial results? Do they pressure management to provide information that is contrary to the scenarios the organization faces?
3. Is their personal financial situation affected by the financial strength and performance of the organization? Is their personal financial situation affected or contingent upon achieving target goals?
4. Are they pressured to meet target goals including, profitability, budgets or publicized projections?
5. Are earnings expected to be handled in a manner that places pressure on lower level personnel to meet the expectations of those above them?
6. Do lower level personnel believe there will be consequences if they fail to reach target goals?

Opportunities that can be exploited by management

1. Is there an inherent opportunity in the way the organization conducts its operations that could be contusive to fraudulent behavior?
2. Are unrealistic statistics used in lieu of actual results to create and report financial projections?
3. Have monitoring management activities been ineffective? Does the complexity of the organization lead to a convoluted structure that creates instabilities?
4. Does inadequate monitoring result in deficient internal controls?
5. Have the apparent skill sets and capabilities of the accounting and finance units lead you to believe that they need improvement?

Attitudes exhibited by management

1. Is it apparent that management is not upholding ethical standards?
2. Is non-financial management excessively involved with determining accounting principles and projections in a manner that would create significant estimates?
3. Has there been a known history of disregard or violation of laws?
4. Have they demonstrated an excessive interest in increasing the organization's stock price?
5. Does the management have a trend of committing to the goals of creditors, analysts or other third parties to achieve their unrealistic goals or aggressive forecasts?
6. Have they failed to correct reportable conditions in a timely basis, either in the past or during this current yearly audit?
7. Does management use inappropriate means to minimize reported earnings for tax-related reasons?
8. Have they tried to justify inappropriate accounting?
9. Have relations between auditors been strained as a result of frequent disputes, demands or restrictions?
10. Have they failed to identify business risks in a timely and appropriate manner?
11. Do they hesitate to address issues that result from potentially adjusted financial statements?
12. Is a less than professional attitude pervasive among management, independent auditors and internal auditors when discussing internal controls?

Tags: Risk management frameworks, metrics and strategy,  Risk assessments,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Risk management frameworks, metrics and strategy Controls monitoring helps with governance, risk and compliance An advancement in GRC Advocacy group looks to foster trust in foreign service providers Using an information security council Information security governance using a risk-based approach Security on the street with SearchFinancialSecurity.com: Risk management Strategic metrics for information security at financial services firms Metrics don't truly quantify information risk Rethinking risk management for financial services firms Outlining governance frameworks Risk assessments Risk assessments: Internal vs. external For insurance firms, security risk assessments demand good policy GLBA risk assessment steps to success Risk assessments for the real world: Tools even I can use

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary