Internal Controls and Fraud

8/3/2019 Internal Controls and Fraud

http://slidepdf.com/reader/full/internal-controls-and-fraud 1/15

Module 9:

Internal Controls

& Fraud

Prof. Dr. Avo Schönbohm

Advanced Managerial

Accounting

www.avoschoenbohm.de

http://www.hwr-berlin.de/



Prof. Dr. Avo Schönbohm 2

Learning landscape for today

Repetition

Student Risk Maps

Internal ControlsGreat Plains Energy

Case Study

Internal Controls

Exercises

1

2

3

5

4





Course Outline – Schedule

# Date Topic Case1 2011-10-05 Advanced Managerial Accounting - An Introduction

2 2011-10-12 Strategic Management Accounting - Striving for Superior Performance

3 2011-10-26 Value Based Management & Cash Control Missouri Solvents

4 2011-11-02 Design of Management Control Systems & Excellence Programs Apple 2010

5 2011-11-09 Cost Accounting Review Dow Chemical

6 2011-11-16 Budgeting and & Variance Analysis

7 2011-11-23 Beyond Budgeting and Rolling Forecasts ING

8 2011-11-30 Enterprise Risk Management

9 2011-12-07 Internal Controls & Forensinc Accounting Great Plaines

10 2011-12-14 Behavioral Accounting and Negotiation Skills for Controllers

11 2011-12-21 Sustainability Accounting and Value Generation SocGen

12 2012-01-04 Repetition and Discussion

13 2012-01-11 Capital Budgeting and Business Modelling ENEL

14 2012-01-18 Exercises & Group Assignments VC Investment

15 2012-01-25 Final Session and Questions

No cla ss on 2011-10-19





Learning Objectives After studying this module you should be able to:

1. Define internal controls and understand the importance of internal controls

2. Improve the internal control system in various situations

" Let our advance worrying become advance thinking and planning”

Winston Churchill





Internal Control FrameworkDefinition

Internal control is a process, effected by an entity’s board of directors,

management and other personnel, designed to provide reasonable

assurance regarding the achievement of objectives in the following

categories:

– Effectiveness and efficiency of operations

– Reliability of financial reporting

– Compliance with applicable

laws and regulations





Internal control is a process. It's a means to an end, not an end in

itself.

Internal control is effected by people. It's not merely policy manuals

and forms, but people at every level of an organization.

Internal control can be expected to provide only reasonable assurance,

not absolute assurance, to an entity's management and board.

Internal controls are established to further strengthen:

The reliability and integrity of information.

Compliance with policies, plans, procedures, laws and regulations. The safeguarding of assets.

The economical and efficient use of resources.

The accomplishment of established objectives and goals for operations or

programs.

Internal Controls DefinitionDiscussion of the “older” COSO definition



http://slidepdf.com/reader/full/internal-controls-and-fraud 7/15Prof. Dr. Avo Schönbohm 7

MYTHS:

Internal control starts with a strong set of

policies and procedures.

Internal control: That’s why we have internal

auditors!

Internal control is a finance thing.

Internal controls are essentially negative, like

a list of “thou-shalt-nots.”

Internal controls take time away from our

core activities of making products, selling,

and serving customers.

FACTS:

Internal control starts with a strong control

environment.

While internal auditors play a key role in the

system of control, management is the primary

owner of internal control.

Internal control is integral to every aspect of

business.

Internal control makes the right things happen

the first time.

Internal controls should be built “into,” not

“onto” business processes.

Source: Institute of Internal Auditors, 2003





Monitoring:

•Monthly reviews of

performance reports

•Internal audit function

Control Activities:

Purchasing limits

Approvals

SecurityReconciliations

Specific policies

Risk Assessment:

Monthly Risk Control

meetings

Internal audit risk

assessment

Control Environment:

Tone from the top

Corporate Policies

Organizational authority

Information & Communication:

Vision and values survey

Issue resolution calls

Reporting

Corporate communications

(e-mail, meetings)

MONITORING

INFORMATION AND

COMMUNICATION

CONTROL ACTIVITIES

RISK ASSESSMENT

CONTROL ENVIRONMENT

Internal Control FrameworkIn everyday business life





are designed to provide reasonable assurance that only valid transactions are recognized,approved and submitted for processing. Therefore, many of the preventive techniques

are applied before the processing activity occurs. In most situations, preventive

techniques are likely to be more effective in a strong control environment, when

management authorization criteria are well-defined and properly communicated.

Control type definitions: Preventive – Manual // Preventive – System

Segregation of duties (Preventive-Manual)

Business systems integrity and continuity controls, e.g., application design standards,

change controls, security controls, systems backup and recovery (Preventive –

System) Physical safeguard and access restriction controls (human, financial, physical and

information assets) (Preventive-Manual)

Effective planning/budgeting process (Preventive-Manual)

Effective "whistle blowing" processes (Preventive-Manual)

Types of Internal ControlPrevention techniques





are designed to provide reasonable assurance that errors and irregularities are discovered and corrected on

a timely basis. Detection techniques normally are performed after processing has been completed. They

are particularly important in an environment that has relatively weak preventive techniques. That is, when

front-end approval and processing techniques do not provide reasonable assurance that unacceptable

transactions are prevented from being processed or do not assure that all approved transactions are

processed accurately. In this case, after-the-fact techniques become more important in detecting and

correcting processing errors.

Control type definitions: Detective – Manual // Detective - System

Reconciliation of batch balance reports to control logs maintained by originating

departments. (Detective – Manual)

Reconciliation of cycle inventory counts with perpetual records. (Detective – Manual)

Review and approval of reference file maintenance (“was-is”) reports. (Detective –Manual)

Comparison of reported results with plans and budgets. (Detective – Manual)

Reconciliation of subsidiary ledger balances with the general ledger. (Detective – Manual)

Reconciliation of interface amounts exiting one system and entering another. (Detective –

System)

Review of on-line access and transaction logs. (Detective – System)

Types of Internal ControlDetection techniques





The Limitations of Internal Control

Most internal control measures can be circumvented or overcome.

Collusion is when two or more employees work as a team with thepurpose to defraud the firm.





The Fraud TriangleIntroduction

The term "Fraud Triangle" was coined in the 1950s by Donald

Cressey. Cressey was one of the nation’s leading experts on the sociology

of crime. Cressey stated all frauds need three elements to take place:

opportunity, pressure and rationalization. Business owners can limit

opportunity to some extent but pressure and rationalization are not easily

contained.

2. What are some easy ways to limit the opportunity to commit fraud?

http://youtu.be/BEppB2ZG1eM








The Fraud Triangleand how to break it





Risk Management and Internal ControlConclusive Remarks

Spectacular Fraud Stories of the recent past raised the profile and

importance of risk management and internal controls

Management Accountants often work in the sphere of influence of fraudand internal controls

A reflected handling of risk management and internal control system

should be natural for any trained management accountant





Thank you for your

attention!


Documents

Internal Controls and Fraud