Embed Size (px)
DESCRIPTION
TCU Dr. Olvera Risks and Controls
Citation preview
Chapter 7: Controls & AISHealthSouth FraudFraud in FWISD
Learning ObjectivesExplain basic control concepts and explain why internal control and security are importantDefine and explain COBIT, COSO and ERM control frameworks. This means understanding the COSO and ERM cubesUnderstand segregation of duties (including segregation of systems duties)Understand regulation instated to increase investor confidence
FCPASections 302 and 404 of SOXDodd-Frank Act
Understand the elements of a fraud triangleBe able to relate Chapter 7 content to the HealthSouth Fraud and to Fraud in FWISD
Internal Control DefinedInternal controls are the processes implemented to provide reasonable assurance that control objectives such as the following are met:
Safeguarding assetsMaintaining records in sufficient detail to report company assets accurately and fairlyProvide accurate and reliable informationPrepare financial reports in accordance with established criteriaPromote and provide operational efficiencyEncourage adherence to prescribed managerial policiesComply with applicable laws and regulation
Internal Controlsfunctions
PreventativeDetectiveCorrective
categories
General controlsApplication controls
Internal Control Frameworks
COBIT
“It’s the leading framework for the governance and management of enterprise IT”
Management benchmarkAssure usersProvide auditors with benchmark
COSO
5 components & 17 principles of COSO internal control model
COBIT
COSO
ERM
Risk Assessment• Reduce• Accept• Share• Avoid
Control ActivitiesSegregation of
Duties
AuthorizationRecordingCustody
Segregation of systems duties
System administrationNetwork managementSecurity managementChange managementUsersSystems analysisProgrammingComputer operationsInformation system libraryData control
HealthSouth FraudFinancial Statement Fraud
Aaron Beam• https://
www.youtube.com/watch?v=Ds-BL8lzXuk
Richard Scrushyhttps://www.youtube.com/watch?v=gkyLIzq5nvo
People InvolvedCEO, Richard ScrushyCFO, Weston SmithCFO, Aaron BeamMichael Vines (attempted whistleblower)
Weston Smith’s articleWeston Smith identifies critical lessons…what are these lessons? What is a form 10-K and why is it important to the c-suite? What are “Wall Street Expectations”What is the purpose of SOX?What is a whistleblower?
HealthSouth Background
A leading provider of rehabilitation servicesA publically traded company
HLS (currently trading at…..$40.05 a share (close of market yesterday)Listed on New York Stock Exchange
RegulationFCPA:
Foreign Corrupt Practices ActPrevent companies from bribing foreign officials to obtain businessRequired companies to maintain a system of good internal control
Sarbanes-Oxley Act of 2002 (SOX)Intended to:
Prevent financial statement fraudMake financial reports more transparentProvide protection to investorsStrengthen internal controls at public companiesPunish executives who perpetrate fraud
SOX Section 302Principles officers sign and certify quarterly and annual reports
Signing means: 1. The officer has reviewed the report2. The statements are not misleading3. The financial statements present fairly in all material respects the
financial condition of the company4. The signing officers are:
1. Responsible for internal controls2. Have internal controls that require effective communication of
subordinates regarding financial information3. The signing officer has evaluated internal controls within 90 days &
have presented a report to that effect5. The signing officers have disclosed to the auditors and AC any fraud
or material weaknesses
6. There were no significant changes to internal control
SOX Enforcement(c) CRIMINAL PENALTIES- Whoever--
`(1) certifies any statement as set forth in subsections (a) and (b) of this section knowing that the periodic report accompanying the statement does not comport with all the requirements set forth in this section shall be fined not more than $1,000,000 or imprisoned not more than 10 years, or both; or
`(2) willfully certifies any statement as set forth in subsections (a) and (b) of this section knowing that the periodic report accompanying the statement does not comport with all the requirements set forth in this section shall be fined not more than $5,000,000, or imprisoned not more than 20 years, or both.'.
Dodd-Frank Act14,000 pages of legislationGoal of ending the “too big to fail” mentality of public companiesProvides incentive for whistleblowers
Fraud In FWISDEmbezzlement
Q&AWho were the main persons involved in the case? What are the 5 components of the COSO Framework?Identify a weakness for each component of the COSO framework
Fraud in the newsWhat are some stories of fraud in our current news?
Final ThoughBased on our two cases discussed this week, why are internal controls important?
