Internal Control and Fraud Detection: A Practical Guide (Course Id 1493)

Auditing - Auditing for Course Id 1493

The introduction of the Sarbanes-Oxley (SOX) Act law fueled rapid growth in the organizational importance of internal control systems. Appropriate interpretation and implementation of the internal control framework are vital for every organization. This course incorporates and reflects up-to-date guidance from the PCAOB, the AICPA, the ACFE, and the principles of 2013 the COSO Framework as amended. The course not only addresses the theoretical concept of the internal control system but also provides readers with the practical guidance they need to assume a role in the design, implementation, maintenance and evaluation of a comprehensive framework of internal controls for their organizations.

Specifically, the course presents the principles of internal control to help readers understand the nature and context of control, such as the limitations of internal controls, the most recognized controls frameworks (e.g., COSO Framework, Green Book), and some common and important control procedures. It also includes steps on how to identify risks and controls, advice on how to assess the adequacy of controls, a discussion of how to reach a fair assessment, and documentation requirements for evidence of effective controls. In addition, the course discusses requirements related to performing an integrated audit: AS 2201 and AU-C Section 940.  Although these auditing rules are mandatory for external auditors and not for management, management should give consideration to following the approach described in these requirements.

No discussion of internal controls would be complete without an examination of fraud prevention and detection. All organizations are subject to fraud risks. Fraud is now so common that its occurrence is no longer remarkable, only its scale. The course offers the essential tools for designing and implementing programs and controls to prevent and detect fraud. It focuses on the causes of fraud, fraud risk factors, some of the more common types of fraud, fraud symptoms, and fraud preventive and detective techniques, along with recent cases of corporate fraud. It explains the differences between forensic accounting and auditing. It also includes the ACFE Fraud Prevention Checkup to help organizations identify major gaps and fix them before it is too late.

This course includes an illustration of potential internal control weaknesses involving accounting and financial reporting cycles, along with examples of compensating controls. It provides sample audit programs of key processes.  It also incorporates appendixes including an example of management internal control report, a SOX Section 404 management compliance checklist, financial reporting controls and information systems checklist for each key cycle (e.g., revenue, inventory, financing), and a computer applications checklist.

NASBA QAS - Text - Technical - NASBA Registry - 1493

Course Learning Objectives

• Identify the functions and limitations of internal control
• Recognize the COSO principles of internal control
• Identify some common and important control procedures
• Distinguish between the IT general controls and application controls
• Recognize the implication and significance of the Sarbanes-Oxley Act
• Recognize key procedures involved in identifying risks and controls
• Identify key considerations for identifying and evaluating control deficiencies
• Recognize the requirements of management documentation of controls
• Identify factors in assessing the maturity level of a company’s internal control struc-ture
• Identify the audit objectives, scope, and procedures applied to the integrated audit
• Recognize fraud considerations in a financial statement audit
• Identify the most common schemes and fraud symptoms
• Recognize techniques to prevent and detect fraud

Part II - Section 3 Review Questions

Part II - Management Assessment of Internal Controls - Section 4

Assessment of the Adequacy of Controls

Determining Key Controls

Evaluating the Effectiveness of Controls

The Design of Controls

The Operating Effectiveness of Controls

Evaluation of Control Deficiencies

Step 1: Understanding the Nature of the Deficiency

Step 2: Assessing the Misstatements

Step 3: Considering Compensating Controls

Step 4: Determining Classification of Deficiencies

Step 5: Reporting Assessment Results

Documentation of Evidence of Effective Controls

Identification of Control Gaps

Illustration of Potential Internal Control Weaknesses and Compensating Controls

Part II - Section 4 Review Questions

Part III - Integrated Audit Requirements - Section 5

Relevant Auditing Standards

The PCAOB

The AICPA

Audit Objectives and Applicability

Planning the Audit

Exhibit B: Sample Audit Programs for Financial Statement Accounts

Cash in Bank

Trade Accounts and Notes Receivable

Inventory

Fixed Assets

Prepaid Expenses and Deferred Charges

Accounts Payable

Stockholders’ Equity

Sales and Other Types of Income

Expense Items

Using a Top-Down Approach

Key Concepts

Significant Risk and Inherent Risk

The PCAOB

The AICPA

Likely Sources of Misstatement

Period-end Financial Reporting Process

Evaluation of the Components of ICFR

Control Environment

Risk Assessment

Control Activities Relevant to the ICFR Audit

Information and Communication

Monitoring Activities

Part III - Section 5 Review Questions

Part III - Integrated Audit Requirements - Section 6

Identifying and Assessing Fraud Risks

Characteristics of Fraud

Exhibit C: Circumstances That Indicate the Possibility of Fraud

Application of Professional Skepticism

Discussion with the Team

Interviews with Management and Employees

Documentation

Responding to Assessed Fraud Risks

Overall Responses

Audit Procedures

Responses to Assessed Fraud Risks Due to Fraudulent Financial Reporting

Revenue Recognition

Inventory Quantities

Management Estimates

Responses to Risks Related to Management Override of Controls

Exhibit D: Business Purpose for Significant Unusual Transactions

Identified Misstatements Due to Fraud

Testing Controls

Design and Operating Effectiveness

Relationship of Risk to the Evidence Obtained

Evaluating Control Deficiencies

Illustrations: Significant Deficiencies and Material Weaknesses

Scenario A – Significant Deficiency

Scenario B – Material Weakness

Communicating Certain Matters

ICFR-Related Matters

Exhibit E: Illustrative Written Communication of Significant Deficiencies and Material Weaknesses

Fraud-Related Matters

Reporting Audit Results

Types of Audit Opinions

Audit Matters

Critical Audit Matters

Exhibit E: Walmart - Critical Audit Matters

Key Audit Matters

Other Considerations

Smaller, Less Complex Entities

Financial Information Systems

Management Written Representations

Use of the Work of Internal Auditors or Others

Part III - Section 6 Review Questions

Part IV - Fraud Prevention and Detection - Section 7

Fraud Awareness

Basics of Fraud

Definition of Fraud

Fraud Triangle

Opportunity

Incentive/Pressure

Attitudes/Rationalization

The Evolution of Fraud

Types of Fraud

Occupational (Corporate) Fraud

Corruption

Asset Misappropriation

Risk Factors Relating to Misstatements Arising from Misappropriate of Assets

Financial Statement Fraud

Risk Factors Relating to Misstatements Arising from Fraudulent Financial Reporting

Procurement and Contractor Frauds

Part IV - Section 7 Review Questions

Part IV - Fraud Prevention and Detection - Section 8

Forensic Accounting and Auditing

Fraud and Perpetrators

The Fraud Symptoms

Indicators of Financial Crime

Red Flags of Employee Behavior

Red Flags of Organizational Behavior

Real-World Cases

Accounting Fraud: Executives of Network Infrastructure Company

Years-Long Accounting Scheme: Executives of The Kraft Heinz Company

Fraud Prevention and Detection

Fraud Risk Assessment

Fraud Prevention Techniques

The ACFE Fraud Prevention Checkup

Fraud Detection Techniques

Data Mining

Forensic Computing

Fraud Response Plan

Part IV - Section 8 Review Questions

Appendix A: Example of Management Report

Appendix B: Section 404 Management Compliance Checklist

Appendix C: Financial Reporting Controls and Information Systems Checklist - Medium to Large Business

Part 1. Internal Control Assessment Questionnaires

Control Environment

Significant Transaction Cycles

Revenue Cycle

Revenue and Accounts Receivable

Cash Receipts

Purchasing Cycle

Purchases and Accounts Payable

Cash Disbursements

Inventory

Financing

Investments

Debt

Property, Plant, and Equipment

Payroll Cycle

Part 2. Financial Information System Checklist

End-User Computing

Procedures and Controls over End-User Computing

Information Processed by Outside Computer Service Organizations

Part 3. Assessing Segregation of Duties and the Risk of Management Override

Lack of Segregation of Duties

Management Override

Part 4. Interpret Results

Appendix D: Computer Applications Checklist - Medium to Large Business

Computer Hardware

Computer Software

Computer Control Environment

Outside Computer Service Organizations

Glossary