1. General control: apply to all systems components, processes, and data for a given organization or systems environment. (including policies, standards, organization and management, physical and environmental control, systems software controls and system development controls) Application controls pertain to the scope of individual business processes or application systems. 2. The purpose of logical access control : provide security over software and information imbedded in the system, and include such things as firewalls, encryptions, login IDs, passwords, authorization tables and computer activity logs. 3. Frauds are more likely to be detected by a tip than by audits, control, or other means. Therefore, it is important for an organization to establish a reporting system to facilitate and encourage reporting of potential fraud incidents. 4. Once an allegation has been received, there must be a structured process for evaluating and investigating the incident. In fact, establishing a sound investigation process can improve an organization’s chances of recovering losses and may also minimize exposure to litigation. Having a formal, structured approach to conducting and reporting on the results of investigations will help an organization complete an investigation timely and develop and maintain the support necessary to facilitate corrective actions. 5. Fraud risk assessment (Form: interviews, surveys and facilitated meetings) * Fraud risk identification – brainstorming(elements for brainstorming:) Incentives, pressures and opportunities
Risk of management’s override of controls
Population of fraud risks
Fraudulent financial reporting
Misappropriation of assets- this element begins with identifying what assets belongs to the organization that might be valued by employees or outsider.(tangible or intangible asstes) Corruption
* Assessment of impact and likelihood of fraud risks
* Responds to fraud risk
6. Fraud prevention - Also need...