Auditoria
Páginas: 9 (2216 palabras)
Publicado: 2 de mayo de 2010
FRAUD DETECTION AND DETERRENCE - AN INTERNAL AUDITOR'S PERSPECTIVE by Danny Ng
When a fraud comes to light, the typical reactions range from asking how it happened, what the loss is, who are involved, to why it had not been spotted earlier.
Public vs Auditors' Expectations in Fraud Detection
The public tends to expectauditors to detect frauds in the course of their work. Auditors however see it as unrealistic to expect them to scope their audits to detect fraud as well. They focus their work on areas with direct or indirect impact on a company's bottom line eg. plugging revenue leakages, recovering overpayments, improving internal controls, enhancing corporate governance practices, etc. Fraud discovery is mostlynot the focus of their procedures. They scope their work and review transactions based on samples. A fraud, particularly if it is not massive, might not be visible from samples and normal audit procedures. Auditors do not check every transaction. Even if they do, some clever collusive frauds (involving two or more persons, usually an employee and an outsider like a supplier) would probably goundetected.
Recent surveys have shown that the majority of frauds were committed by insiders. The management of an organization should therefore be vigilant that their operating environment is not conducive to fraud.
Environments Conducive to Fraud Activities
Environments that are conducive to fraud include the following:
High-growth, fast-paced organization
It is common to find that controls aresecondary where employees are under pressure to grow the business, especially that of its overseas locations. Often, in such an organization, systems and controls do not adequately keep pace with the organization's growth.
High incidence of management over-ride
Where over-ride of policies and procedures by a manager becomes rampant, the possibility of fraud and abuse increases because ofcompromise in internal controls. The attitude in such organizations towards internal controls is generally poor.
Employee highly protective of his or her areas of responsibility
The employee's tactic is usually to "put-off and intimidate" anyone prying into his or her areas of responsibility. The intention is to discourage further questions. There is normally an air of resistance and impatience whendealing with such an employee.
High concentration of control in one person
Even though it might appear that responsibilities of an area are split organizationally, there is, in reality, one central person who is in control. He is the chief who directs. The other employees merely perform their functions in a cursory manner. The other employees are reluctant to answer any queries and would refer tothe chief for answers.
General lack of segregation of duties
In today's IT-driven processes, it is common to find an employee performing what auditors describe as "conflicting or incompatible duties". A simple example is a human resource person who maintains employees' pay records also processs the payroll. While it might be more efficient (and cost-effective) to have the two functions done bythe same individual, it increases the risk of abuse by the employee concerned.
The obliging IT department
The IT department that earnestly obliges its internal customers might unwittingly end up helping a fraudster in his or her activities. In such incidents, the fraudster would ask for program and systems changes. In form, the changes are to help him or her to be more efficient and effective,but, in intention, the changes are to aid and cover-up his or her fraudulent activities.
Fraud Deterrence Measures
The starting point to mitigate the risk of fraud is to have stated organizational policies and procedures and build detective and preventive controls into the procedures.
The logic in fraud deterrence is that employees who perceive that they will be caught are less likely to commit...
When a fraud comes to light, the typical reactions range from asking how it happened, what the loss is, who are involved, to why it had not been spotted earlier.
Public vs Auditors' Expectations in Fraud Detection
The public tends to expectauditors to detect frauds in the course of their work. Auditors however see it as unrealistic to expect them to scope their audits to detect fraud as well. They focus their work on areas with direct or indirect impact on a company's bottom line eg. plugging revenue leakages, recovering overpayments, improving internal controls, enhancing corporate governance practices, etc. Fraud discovery is mostlynot the focus of their procedures. They scope their work and review transactions based on samples. A fraud, particularly if it is not massive, might not be visible from samples and normal audit procedures. Auditors do not check every transaction. Even if they do, some clever collusive frauds (involving two or more persons, usually an employee and an outsider like a supplier) would probably goundetected.
Recent surveys have shown that the majority of frauds were committed by insiders. The management of an organization should therefore be vigilant that their operating environment is not conducive to fraud.
Environments Conducive to Fraud Activities
Environments that are conducive to fraud include the following:
High-growth, fast-paced organization
It is common to find that controls aresecondary where employees are under pressure to grow the business, especially that of its overseas locations. Often, in such an organization, systems and controls do not adequately keep pace with the organization's growth.
High incidence of management over-ride
Where over-ride of policies and procedures by a manager becomes rampant, the possibility of fraud and abuse increases because ofcompromise in internal controls. The attitude in such organizations towards internal controls is generally poor.
Employee highly protective of his or her areas of responsibility
The employee's tactic is usually to "put-off and intimidate" anyone prying into his or her areas of responsibility. The intention is to discourage further questions. There is normally an air of resistance and impatience whendealing with such an employee.
High concentration of control in one person
Even though it might appear that responsibilities of an area are split organizationally, there is, in reality, one central person who is in control. He is the chief who directs. The other employees merely perform their functions in a cursory manner. The other employees are reluctant to answer any queries and would refer tothe chief for answers.
General lack of segregation of duties
In today's IT-driven processes, it is common to find an employee performing what auditors describe as "conflicting or incompatible duties". A simple example is a human resource person who maintains employees' pay records also processs the payroll. While it might be more efficient (and cost-effective) to have the two functions done bythe same individual, it increases the risk of abuse by the employee concerned.
The obliging IT department
The IT department that earnestly obliges its internal customers might unwittingly end up helping a fraudster in his or her activities. In such incidents, the fraudster would ask for program and systems changes. In form, the changes are to help him or her to be more efficient and effective,but, in intention, the changes are to aid and cover-up his or her fraudulent activities.
Fraud Deterrence Measures
The starting point to mitigate the risk of fraud is to have stated organizational policies and procedures and build detective and preventive controls into the procedures.
The logic in fraud deterrence is that employees who perceive that they will be caught are less likely to commit...
Leer documento completo
Regístrate para leer el documento completo.