FRAUD PREVENTION

Question 1

corporations and other organisations may also be held liable for the criminal acts of their employees if

Answer 1

those acts are done in the course and scope of their employment and for the ostensible purpose of benefiting the corporation

Question 2

An employee’s acts are considered to be

in the course and scope of employment if

Answer 2

the employee has actual authority or apparent authority to engage in those acts

Question 3

Apparent authority means that

Answer 3

a third-party would reasonably believe the employee is authorised to perform the act on behalf of the company.

Question 4

legal principle of “conscious avoidance”

Answer 4

establishes liability by showing

that the employer knew there was a high probability the fact existed and consciously avoided confirming the fact

Question 5

A company cannot seek to avoid vicarious liability for the acts of its employees by simply claiming that it did not know what was going on.

Answer 5

Legally speaking, an organisation is deemed to have knowledge of all facts known by its officers and employees

Question 6

if the government can prove that an officer or employee knew of conduct that raised a question as to the company’s liability, and the government can show that the company wilfully failed to act to correct the situation

Answer 6

then the company may be held liable, even if senior management had no knowledge or suspicion of the wrongdoing.

Question 7

The corporation can be held criminally responsible even

Answer 7

if those in management had no knowledge or participation in the underlying criminal events and even if there were specific policies or instructions prohibiting the activity undertaken by the employees.

Question 8

In fact, a corporation can be criminally responsible for the collective knowledge of several of its employees even

Answer 8

if no single employee intended to commit an offence

Question 9

The Treadway Commission made several major recommendations that, in combination with other measures, are designed to reduce the probability of fraud in financial reports:

Answer 9

• A mandatory independent audit committee made up of outside directors.
• A written charter that sets forth the duties and responsibilities of the audit committee.
• The audit committee should have adequate resources and authority to carry out its responsibilities.
• The audit committee should be informed, vigilant, and effective.

Question 10

The COSO report recommended that public companies’ management reports include

Answer 10

an
acknowledgment for responsibility for internal controls and an assessment of effectiveness in meeting those responsibilities

Question 11

Internal Control is (The COSO report)

Answer 11

a broadly defined process … designed to provide reasonable assurance regarding the
achievement of objectives in the following categories:
− Reliability of financial reporting
− Effectiveness and efficiency of operations
− Compliance with applicable laws and regulations

Question 12

Control Environment (The COSO report)

Answer 12

The control environment sets the moral tone of an organisation, influencing the control
consciousness of the organisation and providing a foundation for all other control
components.

Question 13

There are several actions that management can take to establish the proper control environment for an organisation. (The COSO report)

Answer 13

• The establishment of a code of ethics for the organisation.
• Careful screening of job applicants.
• Proper assignment of authority and responsibility.
• Effective disciplinary measures.

Question 14

According to COSO, risk assessment is a three-step process:

Answer 14

• Set objectives for the organisation.
• Analyse potential risks of violations
• Develop a strategy to manage risks.

Question 15

COSO divides risks into two categories:

Answer 15

external risks and internal risks.

Question 16

External risks include things like

Answer 16

increased competition, changes in

technology, shifting economic conditions, and new legislation.

Question 17

Internal risks are factors such as

Answer 17

personnel changes, availability of funds for organisational projects, new operating systems, and the development of new products

Question 18

Control activities are (The COSO report)

Answer 18

the policies and procedures that enforce management’s directives

Question 19

Information and Communication (The COSO report)

Answer 19

This component relates to the exchange of information in a way that allows employees to carry out their responsibilities

Question 20

A proper information system will

accomplish the following:

Answer 20

• Assimilate important financial, operational, and compliance information.
• Pass on pertinent information to those who need it.
• Provide for upstream communication

Question 21

Monitoring is (The COSO report)

Answer 21

the process that assesses the quality of a control environment over time

Question 22

Corporate Sentencing Guidelines provide for the substantial reduction of fines for corporations that

Answer 22

have vigorous fraud prevention programs

Question 23

Corporations in the U.S. that wish to take advantage of the mitigation provisions of the
guidelines must

Answer 23

implement a “corporate compliance program.”

Question 24

As provided by the Guidelines, to have an “effective compliance and ethics program,” the organisation shall:

Answer 24

• Exercise due diligence to prevent and detect criminal conduct; and
• Otherwise promote an organisational culture that encourages ethical conduct and a commitment to compliance with the law.

Question 25

In designing “effective compliance and ethics program,”, certain factors must be considered by each organisation:

Answer 25

1. Applicable industry size and practice – An organisation’s failure to incorporate and follow industry practice or the standards called for by any applicable government regulation weighs against a finding that the program is effective. 2. Size of the organisation – Large organisations are expected to devote more formal operations and greater resources to meeting the requirements than are small organisations. For example, smaller organisations may use available personnel rather than employ separate staff to carry out ethics and compliance. 3. Recurrence of similar misconduct – The recurrence of a similar event creates doubt as to whether the organisation took reasonable steps to meet the requirements.

Question 26

To meet the two requirements of due diligence and promotion of an ethical culture, section 8B2.1 (b) sets forth the seven factors that are minimally required for such a program to be considered effective:

Answer 26

1. The organisation must have established standards and procedures to prevent and detect criminal conduct. 2. Item 2 has three specific subparts: a. The organisation’s governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to implementation and effectiveness of the compliance and ethics program. b. High-level personnel shall ensure that the organisation has an effective compliance and ethics program, and specific individual(s) within the organisation shall be assigned overall responsibility for the compliance and ethics program. c. Specific individual(s) within the organisation shall be delegated day-to-day operational responsibility for the compliance and ethics program. These individuals shall report periodically to high-level personnel and, as appropriate, to the governing authority (or a subgroup thereof) on the effectiveness of the program. It is also required that these specific individuals be given adequate resources and authority to accomplish their responsibilities and be given direct access to the governing authority. 3. The organisation shall use reasonable efforts not to include within the substantial authority personnel any individual whom the organisation knew, or should have known, has engaged in illegal activities or other conducts inconsistent with an effective compliance and ethics program. 4. Item 4 has two subparts: a. The organisation shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subpart (b) below by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities. b. The individuals referred to in subpart (a) above are the 1) members of the governing authority, 2) high-level personnel, 3) substantial authority personnel, 4) the organisation’s employees, and as appropriate, the 5) organisation’s agents. 5. The organisation shall take reasonable steps to accomplish the following: a. Ensure that the organisation’s compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct; b. Evaluate periodically the effectiveness of the organisation’s compliance and ethics program; and c. Have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organisation’s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation. 6. The organisation’s compliance and ethics program shall be promoted and enforced consistently throughout the organisation through (a) appropriate incentives to perform in accordance with the program; and (b) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct. 7. After criminal conduct has been detected, the organisation shall take reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organisation’s compliance and ethics program.

Question 27

Proactive Fraud Policies

Answer 27

A proactive policy means that the organisation will aggressively seek out possible fraudulent conduct, instead of waiting for instances to come to their attention. This can be accomplished by several means, including the use of analytical review, fraud assessment questioning, mandatory vacations, job rotation, and surprise audits where possible.

Question 28

Fraud Assessment Questioning

Answer 28

a nonaccusatory interview technique used as a part of a normal audit. It operates on the theory that employees’ attitudes are a good indicator of potential problems, and that one of the most effective ways to deal with fraud is to ask about it.

Question 29

Enforcement of Mandatory Vacations

Answer 29

Many internal frauds require manual intervention, and are therefore discovered when the perpetrator is away on vacation.

Question 30

Job Rotation

Answer 30

Some frauds are detected during sickness or unexpected absences of the perpetrator, because they require continuous, manual intervention.

Question 31

Surprise Audits Where Possible

Answer 31

All too many fraud perpetrators know when auditors are coming, and therefore have time to alter, destroy, or misplace records and other evidence.

Question 32

Management Oversight

Answer 32

It is most common for employees who steal to use the proceeds for lifestyle improvements. Some examples include more expensive cars, extravagant vacations, expensive clothing, new or remodelled homes, expensive recreational property, and outside investments. Managers should be educated to be observant of these signs.

Question 33

Increasing the Perception of Detection

Answer 33

this means letting employees, managers, and executives know that auditors are actively seeking out information concerning internal theft.

Question 34

Increasing the Perception of Detection This can be accomplished in several ways

Answer 34

Employee Education

Question 35

Employee Education

Answer 35

The goal is to make others within the company your eyes and ears.

Question 36

Minimise Employee Pressures

Answer 36

Companies can take steps to assist an employee who might be having difficult times

Question 37

Open-Door Policies

Answer 37

If employees and others can speak freely, many managers will understand the pressures and might be able to eliminate them before they become acute.

Question 38

Employee Support Programs

Answer 38

Many progressive companies and agencies have realised the benefit of employee support programs. Some kinds of support programs include alcohol and drug assistance, and counselling for gambling, abortion, marital problems, and financial difficulties.

Question 39

Management Climate

Answer 39

If the style of management is conducted by objective measures rather than by subjective measures, then employees will not manufacture or imagine the performance criteria employed by management. In addition, it is obvious that management that is perceived to be dishonest will beget dishonest employees.

Question 40

Monitoring Systems

Answer 40

Confidential hotlines are one of the best ways for an organisation to monitor compliance.

Question 41

A reporting program should emphasise that:

Answer 41

• Fraud, waste, and abuse occur in nearly all companies. • Such conduct costs the company jobs and profits. • The company actively encourages any employee with information to come forward. • The employee can come forward and provide information anonymously and without fear of recrimination for good-faith reporting. • There is an exact method for reporting, i.e., a telephone number, name, or other information. • The report need not be made to one’s immediate superiors.

Question 42

Hotlines. PART-TIME, IN-HOUSE

Answer 42

are assigned to an employee with other duties. The main disadvantage is that the hotline is not staffed full-time, which can discourage calls. Also, some people might be reluctant to report to the company.

Question 43

Hotlines. FULL-TIME, IN-HOUSE

Answer 43

The advantage is that people can make reports at any time, day or night, and talk to a person. The disadvantage is cost, and like the part-time line, some people might be reluctant to report directly to the company.

Question 44

Hotlines. THIRD-PARTY

Answer 44

The advantages are cost, efficiency, and anonymity. Their disadvantage is that the operation is beyond the company’s control.

Question 45

REWARDS

Answer 45

If a reward policy exists, strict criteria should establish reward payments, and such proposed policies should be reviewed and approved by counsel.

Question 46

Fraud Prevention Policy

Answer 46

specifically spells out who in an organisation handles varying fraud matters under differing circumstances.

Question 47

Fraud Policy Objectives

Answer 47

reasonable assurance that: • Financial and operating information is accurate and reliable. • Policies, procedures, plans, laws, and regulations are complied with. • Assets are safeguarded against loss and theft. • Resources are used economically and efficiently. • Established program/operating goals and objectives are met.

Question 48

Management might not support fraud prevention for one of several reasons:

Answer 48

* Management’s concerns are often elsewhere than audit or fraud. They don’t typically understand that fraud is hidden and that losses go undetected. They also might refuse to believe that their own workers are capable of stealing even when studies suggest a third of us might do such a thing. * Because of the hidden nature of fraud, managers are understandably reluctant to believe in the presence of fraud. And if one employee is caught committing fraud, management might too often claim that this is an isolated problem and not worth additional consideration. Management must understand that when instances of fraud are detected, it is too late to do anything about it. * Management sometimes unreasonably feels that bringing up the issue will alienate the work force. This problem can be addressed by reminding management that the rank- and-file workers appreciate working for an honest company. It is also helpful to point out to management what the losses might be.

Question 49

Some of the following suggestions might be helpful in “selling” fraud prevention to management:

Answer 49

The Impact on the Bottom Line | The Impact of Publicity

Question 50

Policy Statement

Answer 50

The policy statement sets forth that management is responsible for fraud, and each member of the management team should be familiar with the types of signals present within his scope of responsibilities. The policy statement also designates who is in charge of investigating suspected irregularities.

Question 51

Scope of Policy

Answer 51

This area of the fraud policy statement covers what constitutes an irregularity and the fact that the policy covers everyone from management to worker.

Question 52

Actions Constituting Fraud

Answer 52

* Any dishonest or fraudulent act * Forgery or alteration of documents * Misapplication of funds or assets * Impropriety with respect to reporting financial transactions * Profiting on insider knowledge * Disclosing securities transactions to others * Accepting gifts from vendors * Destruction or disappearance of records or assets * Any similar or related irregularity

Question 53

Nonfraud Irregularities

Answer 53

This section covers allegations of personal improprieties or irregularities and states that they should be resolved by management and not an auditor.

Question 54

Investigation Responsibilities

Answer 54

This part deals with who will investigate suspected irregularities as well as to whom these irregularities will be reported (management, law enforcement, or legal counsel).

Question 55

Confidentiality

Answer 55

Under this section, the confidential nature of the investigation is set forth. It states that the investigation will not be disclosed to outsiders except as required.

Question 56

Authorisation for Investigation

Answer 56

This delineates that whoever is in charge of the investigation has the authority to take control of and examine records.

Question 57

Reporting Procedures

Answer 57

This part states that anyone suspecting fraud should report it and not attempt an investigation. It also states that management and others should not make statements regarding the alleged guilt of the perpetrator

Question 58

Termination

Answer 58

This section states that any recommendations to terminate employees should be reviewed by counsel and management.

Question 59

Communicating the Fraud Policy

Answer 59

During initial employee orientation An interoffice memorandum from the chief executive officer Posters

Question 60

Employee Morale

Answer 60

If an employee is properly instructed, communication of a fraud policy can have a positive impact on morale.

Question 61

Legal Considerations

Answer 61

One of the most important legal | considerations is to ensure everyone and every allegation is handled in a uniform manner

Question 62

The collection of a person’s beliefs and morals makes up a set of principles known as

Answer 62

Ethics

Question 63

Ethics are

Answer 63

the judgments about right and wrong or, more specifically, a person’s moral obligations to society that determine a person’s actions

Question 64

There are four factors that generally affect the ethical decisions of employees:

Answer 64

* The law and other government regulations * Industry and organisational ethical codes * Social pressures * Tension between personal standards and organisational needs

Question 65

Identifying key organisational characteristics and issues is a start to development of an ethics program. These items include:

Answer 65

• Understanding of why good people can commit unethical acts • Defining current as well as desired organisational values • Determining if organisational values have been properly communicated • Producing written ethics policies, procedures, or structures • Ascertaining how board members, stockholders, management, employees, and any other pertinent members of the organisation define success • Determining if ethics is a leadership issue in the organisation

Question 66

The following 12 components are necessary to develop, implement, and manage a comprehensive ethics program:

Answer 66

* Focus on ethical leadership * Vision statement * Values statement * Code of ethics * Designated ethics official * Ethics task force or committee * Ethics communication strategy * Ethics training * Ethics help and fraud report telephone line * Ethical behaviour rewards and sanctions * Comprehensive system to monitor and track ethics data * Periodic evaluation of ethics efforts and data