1. General control: apply to all systems components, processes, and data for a given organization or systems environment. (including policies, standards, organization and management, physical and environmental control, systems software controls and system development controls) Application controls pertain to the scope of individual business processes or application systems. 2. The purpose of logical access control : provide security over software and information imbedded in the system, and include such things as firewalls, encryptions, login IDs, passwords, authorization tables and computer activity logs. 3. Frauds are more likely to be detected by a tip than by audits, control, or other means. Therefore, it is important for an organization to establish a reporting system to facilitate and encourage reporting of potential fraud incidents. 4. Once an allegation has been received, there must be a structured process for evaluating and investigating the incident. In fact, establishing a sound investigation process can improve an organization’s chances of recovering losses and may also minimize exposure to litigation. Having a formal, structured approach to conducting and reporting on the results of investigations will help an organization complete an investigation timely and develop and maintain the support necessary to facilitate corrective actions. 5. Fraud risk assessment (Form: interviews, surveys and facilitated meetings) * Fraud risk identification – brainstorming(elements for brainstorming:) Incentives, pressures and opportunities
Risk of management’s override of controls
Population of fraud risks
Fraudulent financial reporting
Misappropriation of assets- this element begins with identifying what assets belongs to the organization that might be valued by employees or outsider.(tangible or intangible asstes) Corruption
* Assessment of impact and likelihood of fraud risks
* Responds to fraud risk
6. Fraud prevention - Also need to think about the cost of preventing fraud * One of the most important forms of prevention relates to organizational awareness. * Performing background investigations
* Providing anti-fraud training
* Evaluating performance and compensation programs
* Conducting exit interviews for employees who leave
* Authority limits.- By establishing boundaries of authority, potential fraudulent transactions can be prevented over the established authority limits. E.g. prohibiting wire transfers of funds over a certain amount without the approval of two individuals * Transaction level procedures
* Antifraud control activities should occur throughout the organization, at all levels and in all functions * Authorization
* Segregation of duties
* Physical and logical protection of tangible and information assets
7. How to prevent payroll fraud
A payroll check increased the hourly pay rate of a friend and shared the resulting overpayment with the friend. which of following controls would have the best served to prevent this fraud? Limiting the ability to make changes in payroll system personnel info to authorized human source department supervisors. 8. Red flags :
* Exhibit a lifestyle that appears to be well beyond their current means * Are experiencing extreme financial problems and /or have overwhelming personal debts * Have an unusual propensity to spend money
* Are suffering fom depression or other emotional problems * Appear to have a gambling obsession
* Have a need or craving for status, and believe money can buy that status.
9. the CAE has the responsibility to “report periodically to senior management and the board on the internal audit activity’s purpose, authority, responsibility, and performance relative to it’s plan. Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by...
Risk of management’s override of controls
Population of fraud risks
Fraudulent financial reporting
Misappropriation of assets- this element begins with identifying what assets belongs to the organization that might be valued by employees or outsider.(tangible or intangible asstes) Corruption
* Assessment of impact and likelihood of fraud risks
* Responds to fraud risk
6. Fraud prevention - Also need to think about the cost of preventing fraud * One of the most important forms of prevention relates to organizational awareness. * Performing background investigations
* Providing anti-fraud training
* Evaluating performance and compensation programs
* Conducting exit interviews for employees who leave
* Authority limits.- By establishing boundaries of authority, potential fraudulent transactions can be prevented over the established authority limits. E.g. prohibiting wire transfers of funds over a certain amount without the approval of two individuals * Transaction level procedures
* Antifraud control activities should occur throughout the organization, at all levels and in all functions * Authorization
* Segregation of duties
* Physical and logical protection of tangible and information assets
7. How to prevent payroll fraud
A payroll check increased the hourly pay rate of a friend and shared the resulting overpayment with the friend. which of following controls would have the best served to prevent this fraud? Limiting the ability to make changes in payroll system personnel info to authorized human source department supervisors. 8. Red flags :
* Exhibit a lifestyle that appears to be well beyond their current means * Are experiencing extreme financial problems and /or have overwhelming personal debts * Have an unusual propensity to spend money
* Are suffering fom depression or other emotional problems * Appear to have a gambling obsession
* Have a need or craving for status, and believe money can buy that status.
9. the CAE has the responsibility to “report periodically to senior management and the board on the internal audit activity’s purpose, authority, responsibility, and performance relative to it’s plan. Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by...
Continue Reading
Please join StudyMode to read the full document