CFE - Fraud Prevention

positive reinforcement

presenting a positive stimulus in exchange for the desired response

negative reinforcement

withdrawing a negative stimulus in exchange for the desired response

punishment

either applying a negative stimulus or withdrawing a positive stimulus when presented with undesired behavior

routine activities theory of crime causation

the theory that both the motivation to commit crime and the supply of offenders is constant and that the activities and circumstances of potential victims are the determining factors in crime

3 elements that influence crime according to the routine activities theory of crime causation

-the availability of suitable targets

-the absence of capable guardians

-the presence of motivated offenders

rational choice theory of crime causation

the theory that the decision to commit a crime is a rational and careful choice on the perpetrator’s part with the goal of an intended benefit

2 ways crime can be deterred according to the rational choice theory of crime causation

-reduce opportunities for criminal activity

-increase personal risk to the perpetrator

theory of differential association

people learn the values, attitudes, techniques, and motives for criminal behavior by communicating with and participating in intimate personal groups in a way that results in an excess of conclusions favorable to violation of the law over conclusions unfavorable to violation of the law

social control theory of crime causation

the stronger a person's bond of affection for other law-abiding people is, the more likely the person is to consider that factor and to be deterred from committing a criminal act

according to behaviorism, what is the least effective method of changing criminal behavior

punishment

components of classical criminology

-people have free will

-criminal behavior is more attractive when the gains are estimated to be greater than the losses

-swift and severe penalties to crime are more likely to deter criminal behavior

according to the differential reinforcement theory, when is behavior reinforced

-when rewards are gained (positive reinforcement)

-when punishment is avoided (negative reinforcement)

according to the differential reinforcement theory, when is behavior weakened

-when negative stimuli (punishment) are presented

-when rewards are lost (punishment)

white-collar crime

crime that involves the use of an individual's legitimate position of power, influence, or trust for the purpose of illegal gain

3 approaches used to control corporate crime

-voluntary change in corporate attitudes and structure

-strong intervention by the government to force changes in corporate structure

-consumer action

most common organizational-environment motivating factor for fraud in Albrecht study

placing too much trust in key employees

most common personal characteristics among fraudsters in Albrecht study

living beyond one's means

how most frauds are detected according to the ACFE’s Occupational Fraud 2024: A Report to the Nations

by tip

organizational crime

crime that is committed by businesses and the government

4 categories of occupational crime

-crimes for the benefit of an employing organization

-crimes by officials through exercise of their government-based authority

-crimes by professionals in their capacity as professionals

-crimes by individuals as individuals

occupational crime

crime that is committed by individuals during their occupation

3 sides of the Fraud Triangle

-perceived non-shareable financial need (motivation or pressure)

-perceived opportunity

-rationalization

who is responsible for the hypothesis of the Fraud Triangle

Donald R. Cressey

2 primary strategies to control corporate criminal behavior

-compliance

-deterrence

what is compliance as it relates to combating crime

efforts to achieve conformity to the law without having to detect, process, or penalize violators, such as:

-providing economic incentives for voluntary compliance

-using administrative efforts to control violations before they occur

what is deterrence as it relates to combating crime

efforts to achieve conformity to the law through the threat of criminal sanctions

4 ways businesses rationalize illegal conduct according to Silk and Vogel

-compliance with government regulation is too costly

-regulation is unnecessary

-damage is so spread among a large number of consumers that, individually, there is little loss

-violations are caused by economic necessity

3 variables that motivate occupational fraud according to the Fraud Scale

-situational pressures

-perceived opportunities

-personal integrity

what it means for an organization to be criminogenic

prone to committing crime

most common category of occupational fraud according to the ACFE’s Occupational Fraud 2024: A Report to the Nations

asset misappropriation

most costly category of occupational fraud according to the ACFE’s Occupational Fraud 2024: A Report to the Nations

financial statement fraud

primary purpose of a company's board of directors

to serve as the intermediary between the corporation's shareholders and those executing its activities (i.e., management) and act as guardian of the organization's resources and assets

primary responsibility of a corporation's management

to make the daily decisions that affect company performance

corporate governance

the oversight responsibilities of different parties for an organization's direction, operations, and performance

purpose of corporate governance

to encourage the efficient use of organizational resources and accountability for the stewardship of those resources

4 general core principles or values of corporate governance

-accountability

-transparency

-fairness

-responsibility

Treadway Commission's 4 recommendations to reduce fraud in financial reports

-mandatory independent audit committee

-written charter for audit committee

-adequate resources and authority for the audit committee to execute its responsibilities

-informed, vigilant, and effective audit committee members

purpose of the Treadway Commission

to define the responsibility of the auditor in preventing and detecting fraud

6 areas of G20/OECD Principles of Corporate Governance

-request for governments to have an effective legal, regulatory, and institutional framework to support good corporate governance practices

-call for a corporate governance framework that protects the exercise of shareholders’ rights and supports the equal treatment of all shareholders

-guidance regarding the effect of institutional investors and other intermediaries in stock markets and the resulting corporate governance implications

-emphasis on the importance of timely, accurate, and transparent disclosure mechanisms

-guidance regarding appropriate board structures, responsibilities, and procedures

-recognition of the need to integrate sustainability and resilience into the corporate governance framework through incentives for companies and investors

3 factors to consider in designing compliance programs

-industry size and practice

-organization size

-recurrence of similar conduct

control environment of an organization

the foundation for the internal control system throughout the entire organization

COSO's 5 principles for an effective control environment

-personnel at all levels demonstrate integrity

-the board is independent from management

-with board oversight, management establishes structures, reporting lines, and responsibilities

-the organization is committed to attracting, developing, and retaining competent individuals

-the organization holds individuals accountable for their internal control responsibilities

risk assessment component of COSO's internal control framework

the identification and assessment of the risks the entity faces in achieving its organizational objectives

COSO's 4 principles for the risk assessment component of internal control

-the organization sets sufficiently clear objectives

-the organization identifies risks to the achievement of its objectives

-the organization considers the potential for fraud in assessing risks

-the organization identifies and assesses changes that could significantly impact the system of internal control

control activities

the policies and procedures that enforce management's directives intended to mitigate risk

COSO's 3 principles for effective control activities

-the organization selects and develops control activities that mitigate risks to acceptable levels

-the organization selects and develops general control activities over technology

-the organization deploys control activities through policies that establish what is expected and procedures that put polices into action

information and communication component of COSO's internal control framework

the exchange of information in a way that allows employees to carry out their internal control responsibilities and achieve the organization's objectives

COSO's 3 principles for effective information and communication

-the organization obtains or generates and uses relevant, quality information to support the functioning of internal control

-the organization internally communicates information necessary to support the functioning of internal control

-the organization communicates with external parties regarding matters affecting the functioning of internal control

monitoring component of COSO's internal control framework

the process that assesses the effectiveness of a control system over time

COSO's 2 principles for effective monitoring

-the organization selects, develops, and performs ongoing and/or separate evaluations of internal controls

-the organization evaluates and communicates internal control deficiencies in a timely manner to parties responsible for taking corrective action

5 components of internal control according to COSO

-control environment

-risk assessment

-control activities

-information and communication

-monitoring

COSO's definition of internal control

a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance

3 categories of internal control objectives

-operations objectives (the effectiveness and efficiency of the organization's operations)

-reporting objectives (the reporting of financial and nonfinancial information to internal and external parties)

-compliance objectives (the organization's adherence to the laws and the regulations to which it is subject)

who holds ultimate responsibility for fraud prevention and detection

management

7 elements of an effective corporate compliance program

1. standards and procedures to prevent and detect criminal conduct

2. responsibility and oversight for the compliance program

3. due diligence in the hiring process

4. communication of the compliance policy through training programs and other means

5. steps to ensure program compliance, and having a publicized reporting system

6. appropriate incentives for compliance and appropriate disciplinary measures for violations

7. reasonable response to any discovered criminal conduct

2 types of misstatements relevant for audit purposes under ISA 240

-misstatements resulting from fraudulent financial reporting

-misstatements resulting from the misappropriation of assets

quantitative materiality threshold

the amount by which financial statements must be misstated to be considered materially misstated

professional skepticism

an attitude that includes a questioning mind and a critical assessment of evidence

topics external auditors should include in their discussion on the financial statements' susceptibility to fraud

-how and where the financial statements might be susceptible to fraud

-how management could perpetrate and conceal fraudulent financial reporting

-how assets could be misappropriated

-known internal and external factors that might provide the pressure, opportunity, or rationalization for fraud

audit aspects affected by auditors' assessment of the risk of material misstatement due to fraud

-assignment and supervision of engagement personnel

-evaluation of the selection and application of accounting policies

-incorporation of an element of unpredictability into selected audit procedures

internal auditors’ fraud-related responsibilities

-evaluate the organization’s structures and process for fraud risk governance

-perform an assessment of the organization’s fraud risks

-evaluate the design and operationalization of the fraud risk management program

-provide insight and advice to senior management and the board on opportunities to improve the organization’s fraud risk management

-contribute to the organizational fraud risk awareness and training at the request of senior management

internal audit plan considerations related to an organization’s risk management and control processes

-the reliability and integrity of financial and operational information

-the effectiveness and efficiency of operations and programs

-the safeguarding of assets

-compliance with laws and/or regulations

audit procedures to obtain information for use in identifying the risks of material misstatement due to fraud

-make inquiries of management and others within the entity

-evaluate unusual or unexpected relationships identified during analytical procedures

-evaluate whether one or more fraud risk factors are present

-consider whether other information obtained indicates risks of material misstatement due to fraud

purpose of ISA 240

to establish standards and provide guidance on the auditor's responsibility to consider fraud in a financial statement audit

retaliation in the context of whistleblowing

when an employer takes any adverse action against an employee that would dissuade a reasonable person from raising a concern about a possible violation

what is typically regarded as the most effective fraud prevention method

increasing the perception of detection

what increasing the perception of detection means

letting all staff know that warning signs of fraud are being actively looked for

4 proactive audit procedures designed to look for fraud

-analytical review procedures

-data and transaction monitoring and analysis

-fraud assessment questioning

-surprise audits

fraud assessment questioning

a non-accusatory interview technique that assesses employees' general attitudes about fraud

topics to be covered during employee anti-fraud training

-what fraud is and what it is not

-how fraud hurts the organization and its employees

-who perpetrates fraud

-how to identify fraud

-how to report fraud

-the punishment for dishonest acts

tone at the top

the environment management creates by communicating clear expectations to employees, leading by example, and encouraging ethical behavior

types of background checks for potential employees

-past employment verification

-criminal conviction checks

-drug screening

-reference checks

-education and certification verification

points to emphasize about a company reporting program

-fraud, waste, and abuse occur in nearly all companies

-such conduct costs the company jobs and profits

-the company actively encourages any employee with information to be able to disclose it

-employees can provide good-faith information anonymously and without fear of retaliation

-there is an exact method for reporting an incident

-the report need not be made to one's immediate superiors

mechanisms that can alleviate pressure to commit fraud

-open-door management policies

-fair and equitably applied personnel policies and procedures

-measures to boost employee morale

-employee support programs

components of a comprehensive ethics program

-focus on ethical leadership

-vision statement

-values statement

-code of ethics

-designated ethics official

-ethics task force or committee

-ethics communication strategy

-ethics training

-ethics help and fraud reporting hotline

-ethical behavior rewards and sanctions

-comprehensive system to monitor and track ethics data

-periodic evaluation of ethics efforts and data

fraud risk

the vulnerability that an organization encounters from individuals capable of combining all 3 elements of the Fraud Triangle

inherent fraud risk

risks present before the effect of internal controls (including targeted anti-fraud controls)

residual fraud risk

risks remaining after the effect of internal controls (including targeted anti-fraud controls)

objective of anti-fraud controls

to reduce the residual fraud risk to a level that is significantly lower than the inherent fraud risk

factors that influence an organization’s fraud risk

-the nature of the business in which it is engaged

-the environment in which it operates

-the effectiveness of its anti-fraud controls

-the ethics and values of the company and its employees

4 approaches management can use to respond to residual fraud risks

-avoid the risk

-transfer the risk

-mitigate the risk

-assume the risk

avoid fraud risk

to eliminate an asset or discontinue an activity that is the source of the risk

transfer fraud risk

to purchase insurance or a fidelity bond so that the risk of loss is covered by the insurance company

mitigate fraud risk

to implement countermeasures against potential fraud, such as prevention and detection controls

assume fraud risk

to accept the risk rather than implement any responsive measures

preventive controls

manual or automated processes that stop something bad from happening before it occurs

detective controls

controls designed to identify something bad that has already occurred

fraud risk assessment

a process aimed at proactively identifying and addressing an organization's vulnerabilities to internal and external fraud

fraud risks related to fraudulent financial reporting

-inappropriately reported revenues, expenses, or both

-inappropriately valued balance sheet amounts, including reserves

-inappropriately improved or masked disclosures

-concealed misappropriation of assets

-concealed unauthorized receipts, expenditures, or both

-concealed unauthorized acquisition, use, or disposition of assets

fraud risks related to asset misappropriations

-misappropriation of tangible assets

-misappropriation of intangible assets

-misappropriation of proprietary business opportunities

fraud risks related to corruption

-payment of bribes or illegal gratuities to companies, private individuals, or public officials

-receipt of bribes, kickbacks, or illegal gratuities by employees or agents of the company

-aiding and abetting of fraud by outside parties, such as customers or vendors

fraud risks related to external fraud

-fraud committed by customers (e.g., fraudulent customer payments)

-fraud committed by vendors (e.g., overbilling or collusion)

-fraud committed by competitors (e.g., corporate espionage)

-fraud committed by unrelated third parties (e.g., hacking)

risk management

the identification, prioritization, treatment, and monitoring of risks that threaten an organization's ability to provide value to its stakeholders

5 components of COSO's Enterprise Risk Management—Integrating with Strategy and Performance

-governance and culture

-strategy and objective-setting

-performance

-review and revision

-information, communication, and reporting

3 levels of customer due diligence procedures

-simplified customer due diligence

-standard customer due diligence

-enhanced customer due diligence

factors that prompt enhanced customer due diligence

-high-profile customers

-large-value transactions

-foreign business dealings in countries known for corruption

who is responsible for the deterrence, prevention, and detection of fraud

personnel at all levels of the organization

board of directors' responsibilities for fraud risk management

-set an appropriate tone

-gain knowledge of the organization's activities and operating environment

-raise awareness of fraud risks

-develop a strategy to address fraud risks

-oversee the organization's fraud risk management

-maintain open communications with senior management and others

audit committee's responsibilities for fraud risk management

-receive regular reports on the status of reported or alleged fraud

-be aware of fraud risks common to the organization's industry

-meet regularly with key internal parties to discuss fraud risks

-understand how audit strategies address fraud risk

-demonstrate a commitment to fraud risk management to the external auditors

-discuss known or suspected frauds with the external auditors

-seek the advice of legal counsel when dealing with fraud allegations

senior management's responsibilities for fraud risk management

-be familiar with the organization's fraud risks

-ensure adequacy of internal controls

-set the tone at the top

-clearly communicate that fraud is not tolerated

-investigate any fraud allegations

-punish perpetrators of fraud

-remediate weaknesses that allowed fraud to occur

-report regularly to the board of directors regarding the fraud risk management program's effectiveness