Internal Control and Fraud Detection: A Practical Guide (Course Id 1493)

Auditing - Auditing for Course Id 1493

The introduction of Sarbanes-Oxley (SOX) Act law fueled rapid growth in the organizational importance of internal control systems. Appropriate interpretation and implementation of the internal control framework is vital for every organization. This course incorporates and reflects up-to-date guidance from the PCAOB, the AICPA, the ACFE, and the principles of 2013 COSO Framework. The course not only addresses the theoretical concept of the internal control systems but also provides readers with the practical guidance they need to assume a role in the design, implementation, maintenance and evaluation of a comprehensive framework of internal controls for their organizations.

Specifically, the course presents the principles of internal control to help readers understand the nature and context of control, such as limitations of internal controls, the most recognized controls frameworks (e.g. COSO Framework, Green Book), and some common and important control procedures. It also includes steps on how to identify risks and controls, advice on how to assess the adequacy of controls, a discussion of how to reach a fair assessment, and documentation requirements for evidences of effective controls. In addition, the course discusses requirements related to performing an integrated audit: SAS 130 and AS No. 2201.  Although these auditing rules are mandatory for external auditors and not for management, management should give consideration to following the approach described in these requirements.

No discussion of internal controls would be complete without an examination of fraud prevention and detection. All organizations are subject to fraud risks. Fraud is now so common that its occurrence is no longer remarkable, only its scale. The course offers the essential tools for designing and implementing programs and controls to prevent and detect fraud. It focuses on the causes of fraud, fraud risk factors, some of the more common types of fraud, fraud symptoms, and fraud preventive and detective techniques, along with some recent cases in corporate fraud. It explains the differences between forensic accounting and auditing. It also includes the ACFE Fraud Prevention Checkup to help organizations identify major gaps and fix them before it is too late.

This course includes an illustration of potential internal controls weaknesses involving accounting and financial reporting cycles, along with examples of compensating controls. It provides sample audit programs of key processes.  It also incorporates appendixes including: an example of management internal control report, a SOX Section 404 management compliance checklist, financial reporting controls and information systems checklist for each key cycle (e.g. revenue, inventory, financing), and a computer applications checklist. 

NASBA QAS - NASBA Registry - 1493

Course Learning Objectives

• Identify the functions and limitations of internal control
• Cite the COSO principles of internal control
• Identify some common and important control procedures
• Distinguish between the IT general controls and application controls
• Recognize the implication and significance of the Sarbanes-Oxley Act
• Recognize key procedures involved in identifying risks and controls
• Cite key considerations for identifying and evaluating control deficiencies
• Recognize the requirements of management documentation of controls
• Identify factors in assessing the maturity level of a company’s internal control structure
• Identify the audit objectives, scope, and procedures applied to the integrated audit
• Cite fraud considerations in a financial statement audit
• Identify the most common schemes and fraud symptoms
• Recognize techniques to prevent and detect fraud

Course Learning Objectives

Introduction

Part I - The Principles of Internal Control - Section 1

Internal Control Systems

The Definition of Internal Control

Limitations of Internal Controls

Internal Control Frameworks

2013 COSO Framework

Overview

Components of Internal Control

The Control Environment

Risk Assessment

Identify Risks

Assess Risks

Respond to Risks

Relevance to Sarbanes-Oxley Compliance

Control Activities

Information & Communication Systems Support

Monitoring

The GAO Green Book

Overview

Framework Principles

Control Framework - 17 Principles

Control Framework with GAO’s Attributes

Part I - Section 1 Review Questions

Part I - The Principles of Internal Control - Section 2

Types of Controls

Directive Controls

Preventive Controls

Detective Controls

Corrective Controls

The Concepts of ICFR

Integrating Controls over Information Systems

IT General Controls

IT Application Controls

Considerations Specific to Smaller Entities

Cost-Benefit Relationships

Benefit-Cost Analysis

Cost-Effectiveness Analysis

Part I - Section 2 Review Questions

Part II - Management Assessment of Internal Controls - Section 3

Understanding the Sarbanes-Oxley Act Rules

Enhanced Financial Disclosures (Section 404)

Overview

Management’s Internal Control Report

The Role of Independent Public Accountant

Corporate Responsibility (Section 302)

Other Key Principles

Auditor Independence

The Role of Audit Committee

Disclosures in Periodic Reports

Corporate and Criminal Fraud Accountability

Identification of Risks and Controls

Step 1: Selecting the Control Framework

Step 2: Defining Control Objectives

Step 3: Addressing and Monitoring Risks

General Concerns

Anti-Fraud Considerations

Assessment Criteria

Step 4: Establishing Controls

Part II - Section 3 Review Questions

Part II - Management Assessment of Internal Controls - Section 4

Assessment of the Adequacy of Controls

Determining Key Controls

Evaluating the Effectiveness of Controls

The Design of Controls

The Operating Effectiveness of Controls

Evaluation of Control Deficiencies

Step 1: Understanding the Nature of the Deficiency

Step 2: Assessing the Likelihood of Misstatements

Step 3: Considering Compensating Controls

Step 4: Determining Classification of Deficiencies

Step 5: Reporting Assessment Results

Documentation of Effective Controls

Identification of Control Gaps

Illustration of Potential Internal Control Weaknesses and Compensating Controls: Accounting and Financial Reporting

Part II - Section 4 Review Questions

Part III - Audit of ICFR Integrated with Audit of Financial Statements - Section 5

Audit Objectives and Scope

Relevant Standards

Auditing Standard No. 2201

Statement on Auditing Standards 130

Planning the Audit

Part III - Section 5 Review Questions

Part III - Audit of ICFR Integrated with Audit of Financial Statements - Section 6

Using a Top-Down Approach

The Key Concepts

Sample Audit Programs

Cash in Bank

Trade Accounts and Notes Receivable

Inventory

Fixed Assets

Prepaid Expenses and Deferred Charges

Accounts Payable

Stockholders’ Equity

Sales and Other Types of Income

Expense Items

Assessing the Risk of Fraud

Characteristics of Financial Statement Fraud

Types of Fraud

Fraud Risk Factors

Brainstorming Sessions

Fraud Risk Assessment

Collect Information

Identify and Assess Fraud Risks

Respond to the Fraud Risk Assessment

Testing Controls

Testing Design Effectiveness

Testing Operating Effectiveness

Relationship of Risk to the Evidence to be Obtained

Evaluating Control Deficiencies

Examples of Significant Deficiencies and Material Weaknesses

Scenario A – Significant Deficiency

Scenario B – Material Weakness

Responding to Misstatements Caused by Fraud

Reporting Audit Results

Other Considerations

Considerations Specific to Smaller, Less Complex Entities

Considerations of Financial Information Systems

Management Written Representations

Communication of Certain Matters

Use of the Work of Internal Auditors or Others

Part III - Section 6 Review Questions

Part IV - Fraud Prevention and Detection - Section 7

Fraud Awareness

Basics of Fraud

Definition of Fraud

Fraud Triangle

Opportunity

Pressure/Incentive

Rationalization

The Evolution of Fraud

Types of Fraud

Occupational (Corporate) Fraud

Corruption

Asset Misappropriation

Risk Factors Relating to Misstatements Arising from Misappropriate of Assets

Financial Statement Fraud

Risk Factors Relating to Misstatements Arising from Fraudulent Financial Reporting

Procurement and Contractor Frauds

False Claims and False Statements

Part IV - Section 7 Review Questions

Part IV - Fraud Prevention and Detection - Section 8

Forensic Accounting and Auditing

Fraud and Perpetrators

The Fraud Symptoms

Indicators of Financial Crime

Red Flags of Employee Behavior

Red Flags of Organizational Behavior

Recent Cases in Corporate Fraud

Fraud Prevention and Detection

Fraud Risk Assessment

Techniques for Fraud Prevention

The ACFE Fraud Prevention Checkup

Interpreting the Entity’s Score

The Use of Technology for Fraud Detection

Data Mining

Forensic Computing

Part IV - Section 8 Review Questions

Appendix A: Example of Management Report

Appendix B: Section 404 Management Compliance Checklist

Appendix C: Financial Reporting Controls and Information Systems Checklist - Medium to Large Business

Part 1. Internal Control Assessment Questionnaires

Control Environment

Significant Account Balances and Transaction Cycles

Revenue Cycle

Revenue and Accounts Receivable

Cash Receipts

Purchasing Cycle

Purchases and Accounts Payable

Cash Disbursements

Inventory

Financing

Investments

Debt

Property, Plant, and Equipment

Payroll Cycle

Part 2. Financial Information System Checklist

End-User Computing

Procedures and Controls over End-User Computing

Information Processed by Outside Computer Service Organizations

Part 3. Assessing Segregation of Duties and the Risk of Management Override

Lack of Segregation of Duties

Management Override

Part 4. Interpret Results

Appendix D: Computer Applications Checklist - Medium to Large Business

Computer Hardware

Computer Software

Computer Control Environment

Outside Computer Service Organizations

Glossary