CFE - Fraud Prevention and Deterrence

What is positive reinforcement?

Presenting a positive stimulus in exchange for the desired response

What is negative reinforcement?

Withdrawing a negative stimulus in exchange for the desired response

What is the routine activities theory of crime causation?

The theory that both the motivation to commit crime and the supply of offenders is constant and that the activities and circumstances of potential victims are the determining factors in crime

3 elements that influence crime according to the routine activities theory of crime causation

The availability of suitable targets

The absence of capable guardians

The presence of motivated offenders

What is punishment?

Either applying a negative stimulus or withdrawing a positive stimulus when presented with undesired behavior

What is the rational choice theory of crime causation?

The theory that the decision to commit a crime is a rational and careful choice on the perpetrator’s part with the goal of an intended benefit

2 ways crime can be deterred according to the rational choice theory of crime causation

• Reduce opportunities for criminal activity

• Increase personal risk to the perpetrator

What is the theory of differential association?

People learn the values, attitudes, techniques, and motives for criminal behavior by communicating with and participating in intimate personal groups in a way that results in an excess of conclusions favorable to violation of the law over conclusions unfavorable to violation of the law

What is the social control theory of crime causation?

The stronger a person’s bond of affection for other law-abiding people is, the more likely the person is to consider that factor and to be deterred from committing a criminal act

What are the components of classical criminology?

People have free will

Criminal behavior is more attractive when the gains are estimated to be greater than the loss

Swift and severe penalties to crime are more likely to deter criminal behavior

According to behaviorism, what is the least effective method of changing criminal behavior?

Punishment

According to the differential reinforcement theory, when is behavior reinforced?

When rewards are gained (positive reinforcement)

When punishment is avoided (negative reinforcement)

According to the differential reinforcement theory, when is behavior weakened?

When negative stimuli (punishment are present)

When rewards are lost (punishment)

What is white-collar crime?

Crime that involves the use of an individual's legitimate position of power, influence, or trust for the purpose of illegal gain

3 approaches used to control corporate crime

• Voluntary change in corporate attitudes and structure

• Strong intervention by the government to force changes in corporate structure

• Consumer action

Most common organizational-environment motivating factor for fraud in Albrecht study

Placing too much trust in key employees

Most common personal characteristics among fraudsters in Albrecht study

Living beyond one’s means

How are most frauds detected according to the ACFE’s Occupational Fraud 2024: A Report to the Nations?

By tip(s)

What is organizational crime?

Crime that is committed by businesses and the goverment

4 categories of occupational crime

• Crimes for the benefit of an employing organization

• Crimes by officials through exercise of their government-based authority

• Crimes by professionals in their capacity as professionals

• Crimes by individuals as individuals

What is occupational crime?

Crime that is committed by individuals during their occupation

3 side of the Fraud Triangle

• Perceived non-shareable financial need (motivation or pressure)

• Perceived opportunity

• Rationalization

Who is responsible for the hypothesis of the Fraud Triangle?

Donald R. Cressey

2 primary strategies to control corporate criminal behavior

Compliance

Deterrence

What is compliance as it relates to combating crime?

Efforts to achieve conformity to the law without having to detect, process, or penalize violators, such as:

• Providing economic incentives for voluntary compliance

• Using administrative efforts to control violations before they occur

What is deterrence as it relates to combating crime?

Efforts to achieve conformity to the law through the threat of criminal sanctions

4 ways businesses rationalize illegal conduct according to Silk and Vogel

Compliance with gov regulation is too costly

Regulation is unnecessary

Damage is so spread among a large number of consumers that, individually, there is little loss

Violation are caused by economic necessity

3 variables that motivate occupational fraud according to the Fraud Scale

Situation pressures

Perceived opportunities

Personal integrity

What does it mean for an organization to be criminogenic?

Prone to committing crime

Most common category of occupational fraud according to the ACFE’s Occupational Fraud 2024: A Report to the Nations

Asset misappropriation

Most costly category of occupational fraud according to the ACFE’s Occupational Fraud 2024: A Report to the Nations

Financial statement fraud

Primary purpose of a company’s board of directors

To serve as the intermediary between the corporation's shareholders and those executing its activities (i.e., management) and act as guardian of the organization's resources and assets

Primary responsibilty of a corporation’s management

To make the daily decisions that affect company performance

What is corporate governance?

The oversight responsibilities of different parties for an organization's direction, operations, and performance

Purpose of corporate governance

To encourage the efficient use of organizational resources and accountability for the stewardship of those resources

4 general core principles or values of corporate governance

Accountability

Transparency

Fairness

Responsibility

Treadway Commission's 4 recommendations to reduce fraud in financial reports

• Mandatory independent audit committee

• Written charter for audit committee

• Adequate resources and authority for the audit committee to execute its responsibilities

• Informed, vigilant, and effective audit committee members

Purpose of the Treadway Commission

To define the responsibility of the auditor in preventing and detecting fraud

6 areas of G20/OECD Principles of Corporate Governance

• Request for governments to have an effective legal, regulatory, and institutional framework to support good corporate governance practices

• Call for a corporate governance framework that protects the exercise of shareholders’ rights and supports the equal treatment of all shareholders

• Guidance regarding the effect of institutional investors and other intermediaries in stock markets and the resulting corporate governance implications

• Emphasis on the importance of timely, accurate, and transparent disclosure mechanisms

• Guidance regarding appropriate board structures, responsibilities, and procedures

• Recognition of the need to integrate sustainability and resilience into the corporate governance framework through incentives for companies and investors

3 factors to consider in designing complaince programs

Industry size and practice

Organization size

Recurrence of similiar conduct

What is the control enviornment of an organization?

The foundation for the internal control system throughout the entire organization

COSO's 5 principles for an effective control environment

• Personnel at all levels demonstrate integrity

• The board is independent from management

• With board oversight, management establishes structures, reporting lines, and responsibilities

• The organization is committed to attracting, developing, and retaining competent individuals

• The organization holds individuals accountable for their internal control responsibilities

What is the risk assessment component of COSO's internal control framework?

The identification and assessment of the risks the entity faces in achieving its organizational objectives

COSO's 4 principles for the risk assessment component of internal control

• The organization sets sufficiently clear objectives

• The organization identifies risks to the achievement of its objectives

• The organization considers the potential for fraud in assessing risks

• The organization identifies and assesses changes that could significantly impact the system of internal control

What are control activities?

The policies and procedure that enforce management’s directives intended to mitigate risk

COSO’s 3 principles for effective control activities

• The organization selects and develops control activities that mitigate risks to acceptable levels

• The organization selects and develops general control activities over technology

• The organization deploys control activities through policies that establish what is expected and procedures that put polices into action

What is the information and communication component of COSO's internal control framework?

The exchange of information in a way that allows employees to carry out their internal control responsibilities and achieve the organization’s objectives

COSO's 3 principles for effective information and communication

• The organization obtains or generates and uses relevant, quality information to support the functioning of internal control

• The organization internally communicates information necessary to support the functioning of internal control

• The organization communicates with external parties regarding matters affecting the functioning of internal control

What is the monitoring component of COSO's internal control framework?

The process that assesses the effectiveness of a control system over time

COSO's 2 principles for effective monitoring

• The organization selects, develops, and performs ongoing and/or separate evaluations of internal controls

• The organization evaluates and communicates internal control deficiencies in a timely manner to parties responsible for taking corrective action

5 components of internal control according to COSO

• Control environment

• Risk assessment

• Control activities

• Information and communication

• Monitoring

What is COSO's definition of internal control?

A process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance

3 categories of internal control objectives

• Operations objectives (the effectiveness and efficiency of the organization's operations)

• Reporting objectives (the reporting of financial and nonfinancial information to internal and external parties)

• Compliance objectives (the organization's adherence to the laws and the regulations to which it is subject)

Who holds ultimate responsibility for fraud prevention and detection?

Management

7 elements of an effective corporate compliance program

1. Standards and procedures to prevent and detect criminal conduct

2. Responsibility and oversight for the compliance program

3. Due diligence in the hiring process

4. Communication of the compliance policy through training programs and other means

5. Steps to ensure program compliance, and having a publicized reporting system

6. Appropriate incentives for compliance and appropriate disciplinary measures for violations

7. Reasonable response to any discovered criminal conduct

2 types of misstatements relevant for audit purposes under ISA 240

Misstatements resulting from fraudulent financial reporting

Misstatements resulting from the misappropriation of assets

What is the quantitative materiality threshold?

The amount by which financial statements must be misstated to be considered materially misstated

What is professional skepticism?

An attitude that includes a questioning mind and a critical assessment of evidence

Topics external auditors should include in their discussion on the financial statements' susceptibility to fraud

• How and where the financial statements might be susceptible to fraud

• How management could perpetrate and conceal fraudulent financial reporting

• How assets could be misappropriated

• Known internal and external factors that might provide the pressure, opportunity, or rationalization for fraud

Audit aspects affected by auditors’ assessment of the risk of material misstatement due to fraud

• Assignment and supervision of engagement personnel

• Evaluation of the selection and application of accounting policies

• Incorporation of an element of unpredictability into selected audit procedures

Internal auditors’ fraud-related responsibilities

• Evaluate the organization’s structures and process for fraud risk governance

• Perform an assessment of the organization’s fraud risks

• Evaluate the design and operationalization of the fraud risk management program

• Provide insight and advice to senior management and the board on opportunities to improve the organization’s fraud risk management

• Contribute to the organizational fraud risk awareness and training at the request of senior management

Internal audit plan considerations related to an organization’s risk management and control processes

The reliability and integrity of financial and operational information

The effectiveness and efficiency of operations and programs

The safeguarding of assets

Compliance with laws and or regulations

Audit procedures to obtain information for use in identifying the risks of material misstatement due to fraud

• Make inquiries of management and others within the entity

• Evaluate unusual or unexpected relationships identified during analytical procedures

• Evaluate whether one or more fraud risk factors are present

• Consider whether other information obtained indicates risks of material misstatement due to fraud

Purpose of ISA 240

To establish standards and provide guidance on the auditor’s responsibility to consider fraud in a financial statement audit

What is retaliation in the context of whistleblowing?

When an employer takes any adverse action against an employee that would dissuade a reasonable person from raising a concern about a possible violation

What is typically regarded as the most effective fraud prevention method?

Increasing the perception of detection

What does increasing the perception of detection mean?

Letting all staff know that warning signs of fraud are being actively looked for

4 proactive audit procedure designed to look for fraud

• Analytical review procedures

• Data and transaction monitoring and analysis

• Fraud assessment questioning

• Surprise audits

What is fraud assessment questioning?

A non-accusatory interview technique that assesses employees’ general attitudes about fraud

Topics to be covered during employee anti-fraud training

• What fraud is and what it is not

• How fraud hurts the organization and its employees

• Who perpetrates fraud

• How to identify fraud

• How to report fraud

• The punishment for dishonest acts

What is tone at the top?

The environment management creates by communicating clear expectations to employees, leading by example, and encouraging ethical behavior

Types of background checks for potential employees

• Past employment verification

• Criminal conviction checks

• Drug screening

• Reference checks

• Education and certification verification

Points to emphasize about a company reporting program

• Fraud, waste, and abuse occur in nearly all companies

• Such conduct costs the company jobs and profits

• The company actively encourages any employee with information to be able to disclose it

• Employees can provide good-faith information anonymously and without fear of retaliation

• There is an exact method for reporting an incident

• The report need not be made to one's immediate superiors

Mechanisms that can alleviate pressure to commit fraud

• Open-door management policies

• Fair and equitably applied personnel policies and procedures

• Measures to boost employee morale

• Employee support programs

Components of a comprehensive ethics program

Focus on ethical leadership Vision statement Values statement Code of ethics Designated ethics official Ethics task force or committee Ethics communication strategy

Ethics training Ethics help and fraud reporting hotline Ethical behavior rewards and sanctions Comprehensive system to monitor and track ethics data Periodic evaluation of ethics efforts and data

What is fraud risk?

The vulnerability that an organization encounters from individuals capable of combining all 3 elements of the Fraud Triangle

What is inherent fraud risk?

Risks present before the effect of internal controls

What is residual fraud risk?

Risks remaining after the affect of internal controls

What is the objective of anti-fraud controls?

To reduce the residual fraud risk to a level that is significantly lower than the inherent fraud risk

What factors influence an organization's fraud risk?

The nature of the business in which it is engaged

The environment in which it operates

The effectiveness of its anti-fraud controls

The ethics and values of the company and its employees

4 approaches management can use to respond to residual fraud risks

Avoid the risk

Transfer the risk

Mitigate the risk

Assume the risk

What does it mean to avoid fraud risk?

To eliminate an asset or discontinue an activity that is the source of the risk

What does it mean to transfer fraud risk?

To purchase insurance or a fidelity bond so that the risk of loss is covered by the insurance company

What does it mean to mitigate fraud risk?

To implement countermeasures against potential fraud, such as prevention and detection controls

What does it mean to assume fraud risk?

To accept the risk rather than implement any responsive measuresTo accept the risk rather than implement any responsive measures

What are preventive controls?

Manual or automate processes that stop something bad from happening before it occurs

What are detective controls?

Controls designed to identify something bad that has already occurred

What is a fraud risk assessment?

A process aimed at proactively identifying and addressing an organizations vulnerabilities to internal and external fraud

Fraud risks related to fraudulent financial reporting

• Inappropriately reported revenues, expenses, or both

• Inappropriately valued balance sheet amounts, including reserves

• Inappropriately improved or masked disclosures

• Concealed misappropriation of assets

• Concealed unauthorized receipts, expenditures, or both

• Concealed unauthorized acquisition, use, or disposition of assets

Fraud risks related to asset misappropriations

• Misappropriation of tangible assets

• Misappropriation of intangible assets

• Misappropriation of proprietary business opportunities

Fraud risks related to corruption

• Payment of bribes or illegal gratuities to companies, private individuals, or public officials

• Receipt of bribes, kickbacks, or illegal gratuities by employees or agents of the company

• Aiding and abetting of fraud by outside parties, such as customers or vendors

Fraud risks related to external fraud

• Fraud committed by customers (e.g., fraudulent customer payments)

• Fraud committed by vendors (e.g., overbilling or collusion)

• Fraud committed by competitors (e.g., corporate espionage)

• Fraud committed by unrelated third parties (e.g., hacking)

What is risk management?

The identification, prioritization, treatment, and monitoring of risks that threaten an organization's ability to provide value to its stakeholders

5 components of COSO's Enterprise Risk Management—Integrating with Strategy and Performance

• Governance and culture

• Strategy and objective-setting

• Performance

• Review and revision

• Information, communication, and reporting

3 levels of customer due diligence procedures

• Simplified customer due diligence

• Standard customer due diligence

• Enhanced customer due diligenceFactors that prompt enhanced customer due diligence

Factors that prompt enhanced customer due diligence

• High-profile customers

• Large-value transactions

• Foreign business dealings in countries known for corruption

Who is responsible for the deterrence, prevention, and detection of fraud?

Personnel at all levels of the organization

Board of directors' responsibilities for fraud risk management

• Set an appropriate tone

• Gain knowledge of the organization's activities and operating environment

• Raise awareness of fraud risks

• Develop a strategy to address fraud risks

• Oversee the organization's fraud risk management

• Maintain open communications with senior management and others

Audit committee's responsibilities for fraud risk management

• Receive regular reports on the status of reported or alleged fraud

• Be aware of fraud risks common to the organization's industry

• Meet regularly with key internal parties to discuss fraud risks

• Understand how audit strategies address fraud risk

• Demonstrate a commitment to fraud risk management to the external auditors

• Discuss known or suspected frauds with the external auditors

• Seek the advice of legal counsel when dealing with fraud allegations

Senior management's responsibilities for fraud risk management

• Be familiar with the organization's fraud risks

• Ensure adequacy of internal controls

• Set the tone at the top

• Clearly communicate that fraud is not tolerated

• Investigate any fraud allegations

• Punish perpetrators of fraud

• Remediate weaknesses that allowed fraud to occur

• Report regularly to the board of directors regarding the fraud risk management program's effectiveness