CFE Exam Quiz 23

According to INTOSAI, several different documents combine to form the comprehensive ISSAI framework with the following hierarchy
I: The Code of Ethics also represents a critical element of this portion of the framework. Its statement of values and principles that guide the daily work of the auditors form the prerequisites for the functioning of supreme audit institutions. One of the principles outlined in the Code of Ethics is the auditor’s obligation to apply generally accepted auditing standards.
II: The Fundamental Auditing Principles at the next level contain the postulates and principles for carrying out the audit work. The standards include basic audit principles and standards for public-sector, financial, performance, and compliance audit engagements.
III: Auditing Guidelines, which is the fourth level, provides practical assistance to SAIs in implementing the Standards in their constituents.

The Lima Declaration of Guidelines on Auditing Precepts is the foundation of the INTOSAI professional framework. It contains a comprehensive yet concise list of all goals and issues relating to government auditing.
The main purpose of the Lima Declaration is to call for independent government auditing. However, the demands of the Lima Declaration are not satisfied by an SAI just achieving independence; this independence is also required to be anchored in the legislation. For this, however, well-functioning institutions of legal security must exist, and these are only to be found in a democracy based on the rule of law. Rule of law and democracy are, therefore, essential premises for really independent government auditing and are the foundation on which the Lima Declaration is based.

The conduct of auditors should be beyond reproach at all times and in all circumstances. Any deficiency in their professional conduct or any improper conduct in their personal life places the integrity of auditors, the SAI that they represent, and the quality and validity of their audit work in an unfavorable light, and may raise doubts about the reliability and competence of the SAI itself. The adoption and application of a code of ethics for auditors in the public sector promotes trust and confidence in the auditors and their work.
It is of fundamental importance that the SAI is looked upon with trust, confidence, and credibility. The auditor promotes this by adopting and applying the ethical requirements of the concepts embodied in the keywords integrity, independence, objectivity, confidentiality, and competence.

Auditor supervision— whether through a regulatory body or some other mechanism — is a mandatory external evaluation of the performance and integrity of the independent audit process. Some jurisdictions directly govern the audit practice. Furthermore, several other jurisdictions have or are considering changing their policies in this area as a result of several major financial scandals.

Strategic and organizational considerations are included in preparation for a particular audit. Strategically, the audit context, priorities, and approach should be established by planning. Operationally, preparation includes setting an audit schedule and determining the design, duration, and scope of the audit procedures. Significant changes in circumstances and situations should be open to audit preparation. It is an iterative process that takes place throughout the audit.

Auditors should perform audit procedures that provide sufficient appropriate audit evidence to support the audit report. The auditor’s decisions on the nature, timing, and extent of audit procedures will have an impact on the evidence to be obtained. The choice of procedures will depend on the risk assessment or problem analysis. Evidence should be both sufficient in quantity and appropriate in quality (i.e., relevant, valid, and reliable) to persuade a knowledgeable person that the findings are reasonable. The auditor’s assessment of the evidence should be objective, fair, and balanced. Preliminary findings should be communicated to and discussed with the audited entity to confirm their validity. The auditor must respect all requirements regarding confidentiality.

It is to be noted managers are understandably reluctant to believe in the possibility of fraud because of the secret essence of fraud. And, if an employee is caught committing fraud, management may too frequently believe that it is an isolated issue and that it is not worth further consideration. Management must recognize that it is too late to do anything about them when cases of fraud are identified.

It is found that the prevention of fraud requires a set of policies and procedures to mitigate the risk of fraud while increasing the probability of detecting any fraudulent activity that may occur. The most often caught opportunity would undoubtedly convince criminals not to commit fraud. Because of this theory, there is an in-depth control system

Displaying the effect on the bottom line is one of the strongest ways to sell fraud prevention management. Fraud impacts the dollar’s net sales currency. For example, if a company sells 20 million, it must sell five goods at regular prices to recover losses (cost plus lost profit) from one item’s theft. This can be very expensive for fraud.
The cost/benefit analysis of investing in the prevention of fraud should be transparent. Proactively mitigating fraud threats is much more cost-effective than enduring preventable fraud and investing valuable resources after it to track, investigate, prosecute and clean up. In other words, stopping fraud before it occurs immediately increases the bottom line for the organization.

Some internal fraud is discovered as a result of analytical review procedures performed during a financial statement audit. To uncover fraud using such techniques, however, the scheme must materially impact the financial statements. Auditors should be especially mindful of the following trends:
I: Increasing expenses
II: Increasing cost of sales
III: Increasing receivables/decreasing cash
IV: Increasing inventories
V: Increasing sales/decreasing cash
VI: Increasing returns and allowances
VII: Increasing sales discounts

It is to be noted that some various processes or techniques are required to prevent the fraud, among which the following plays an important role.
I: Along with the regularly scheduled fraud audits, surprise fraud audits of business functions in which fraud is most likely to occur can be effective both in increasing employees’ perception of detection and in uncovering actual frauds that have been perpetrated.
II: To inform administrators, executives, and workers about fraud, every company should have a policy. This training can be carried out using memoranda, organizational emails and voice mails, formal training programs and other methods of communication between companies.
III: Special training programs for recognition of fraud should be in place. Every worker within the company should be required to take part in the training program for fraud awareness. No employee should be given an exemption from obtaining initial orientation and continuing anti-fraud training regardless of their position within the organization.

It is to be noted that an anonymous reporting network, such as a hotline for ethics, is an integral part of a control system for fraud. Employees need to be made aware of the nature of the reporting system, know how to use it and have faith that they can report suspicious activity anonymously or in confidence (where law permits) without fear of reprisal. Furthermore, employees should be made clear that reports of suspicious activity will be evaluated promptly and thoroughly.
In educating employees about the reporting program, it should be specifically emphasized
that:
I: Fraud, waste, and abuse occur in nearly all companies.
II: Such conduct costs the company jobs and profits.
III: The company actively encourages any employee with information to come forward.
IV: The employee can come forward and provide information anonymously and without fear of retaliation for good-faith reporting.
V: There is an exact method for reporting an incident (e.g., a telephone number or online
form).
VI: The report need not be made to one’s immediate superiors.

A third party hotline is most often staffed by an outside company that specializes in products of this kind. Price, performance, and anonymity are the benefits. Some are working around the clock and will provide the customer subscriber with the information immediately. We also provide those who may be more comfortable with it with anonymity. Its downside is that the payment and the operation are beyond the control of the company.

A reward, such as a cash payment, can provide an incentive for employees to report wrongdoing. Strict criteria should exist for the payment of rewards, and any proposed policies should be reviewed and approved by legal counsel. Additionally, to help prevent anyone from taking advantage of the incentive program by filing false reports, it must be made clear that rewards are given only if an investigation reveals that an actual act of fraud or misconduct did occur. The appropriate incentive depends on the organization, the whistleblower, and the allegations reported. Some organizations provide monetary rewards. In addition to or instead of cash payments, employees who provide information on wrongdoing can be rewarded with public recognition (if they wish), lunch with the CEO, or some other non-monetary incentive that focuses on the qualitative value of reporting and highlights management’s support of and encouragement for individuals to come forward with tips.

The key part of a fraud prevention program is the express commitment of the board and senior management. This commitment forms the basis of the organization’s anti-fraud culture. A strong corporate culture can most often be observed by its outcome, rather than by any individual component. Fostering a culture of ethics and compliance runs deeper than merely implementing a checklist of initiatives; similarly, a culture of corruption can exist even in companies with seemingly sound policies in place. However, organizations that cultivate ethical corporate cultures frequently have one thing in common: a strong “tone at the top.”.
Staff members frequently resent management for expecting them to behave in a certain way when members of management do not need to behave in the same way themselves. However, when management acts ethically and follows organizational policies, the staff tends to respect and appreciate the behavior and copy it.

It is to be noted that background check is one of the most important steps in the prevention of employee fraud. That corporation must determine whether it is worth returning the time and expense of such background checks. It’s always a good practice, but employers should at least check the history of any worker who has regular access to cash, checks, credit card numbers, or any other things that are easily stolen. Existing employees who are being promoted or transferred to positions that include access to sensitive or valuable company resources should also be subject to background checks. Even if at the time of hiring such a search is carried out on the worker, an updated background check should be carried out to detect any significant changes or events that occurred during the lifetime of the person.

It is to be noted that besides recruiting trained, ethical workers, it is important to position employees in positions where they can succeed without having to resort to unethical behavior. Organizations should provide well-defined job descriptions and quality goals for employees.
In ensure that they do not set unrealistic standards, performance goals should be regularly updated. To ensure that workers possess the skills needed to perform their duties efficiently, education should be delivered consistently. Regular training in ethics can help employees identify potential areas of trouble and avoid compromising situations. Management should also quickly identify where there are shortcomings in the actions of an employee and work with the employee to resolve the issue.

An open-door policy that encourages workers to talk freely about challenges can provide the incentive for management to mitigate these stresses before they become severe, helping to prevent fraud. If employees and others know they can speak freely to their supervisors, they might be more willing to discuss the personal and professional issues that could lead to illicit actions if not dealt with properly.
For example, the controller of a small fruit-packing company in California stole $112,000 from the company. When asked why, he said, “Nobody at the company ever talked to me, especially the owners. They were unfair. They talked down to me, and they were rude. They deserve everything they got.”

If the attacker is ill or otherwise absent, certain frauds are identified because they require ongoing, manual intervention. Requiring workers in certain positions (e.g., accounting clerks) to change job duties or updated accounts on a regular basis can increase the likelihood of identification in the mind of the potential offender.
For example, A director who embezzled his company’s $1.6 million said, “If the company had combined a two-week break with four weeks of relocation to another job function, it would have been difficult for me to cover up my embezzlement.”

It is to be noted that the hotlines have been a very effective mechanism for news. Some hotline calls, however, do not result in cases of fraud. Spurious concerns can be efficiently weeded out with diligent monitoring of calls and proper handling. There are two main types of hotlines:
Parttime In-house:
Such hotlines are delegated with other responsibilities to an employee. An in-house hotline is usually employed by an inspection or security department. When the worker is out, calls are made by a recorder. Cost is the main advantage. The main drawback is that there is no full-time staff on the phone, which can deter calls. Many citizens may also be reluctant to report their problems to the company directly.
Fulltime In-house:
Depending on the size of the company, a full-time in-house hotline may be feasible. The downside is that at any moment, day or night, people can make reports and speak to an official. The drawback is expense, and some people may be reluctant to report directly to the company, as the part-time line.

Risk is defined as the possibility of an event taking place and adversely affecting the achievement of goals. “Risk assessment involves identifying and assessing the risks faced by the entity in achieving its organizational goals. This method is complex and iterative and forms the basis on which to decide how to handle risks.
According to COSO, risk assessment involves the following principles:
1. The organization sets sufficiently clear objectives to enable the identification and assessment of risks relating to the objectives.
2. The organization identifies risks to the achievement of its objectives across the entity and analyzes these risks as a basis for determining how the risks should be managed.
3. The organization considers the potential for fraud in assessing risks to the achievement of objectives.
4. The organization identifies and assesses changes that could significantly impact the system of internal control.
The company chooses and establishes general innovation management programs to facilitate the achievement of goals is the management for control activities.

An essential preventive mechanism is the efforts of human resource managers to evaluate and sustain morale at a high level. Managers of human resources can track the morale of workers through evaluation, voluntary employee surveys, an open-door policy, and other methods.
However, ensuring fair and equitable implementation of personnel policies and procedures will boost morale and thereby reduce the risk of fraud. Following are the measures that should be kept in mind while doing so:
I: Proper management training
II: Career development opportunities
III: Special events for employees
IV: Recognition of employees for a job well done

To avoid being overly broad in nature, and thus difficult to enforce, anti-fraud policies should include specific examples of fraud. The scope of fraud within an organization might range from internal theft of cash in small amounts to a third-party billing scheme worth millions.
Examples of fraudulent offenses include:
I: Personal use of company equipment (e.g., office supplies, company vehicles, mobile
phones, computers)
II: Stealing company assets (e.g., cash, receivables, inventory)
III: Inflating reported hours worked
IV: Forging or altering checks and other documents
V: Disclosing proprietary information to competitors
VI: Accepting bribes from or paying bribes to vendors or customers
VII: Engaging in transactions in which the employee has an undisclosed conflict of interest

The selection of beliefs and morals of a person forms a set of principles known as ethics. Ethics are the decisions of right and wrong or, more precisely, the moral obligations of an individual to society that decide their actions. It is difficult to assess ethical rights and wrongs by the fact that moral standards and generally accepted social behavior change over time.
These individual values and ethics are reflected in employees’ actions and influence a wide range of organizational decisions. Four factors generally affect employees’ ethical decisions:
I: The law and other government regulations
II: Industry and organizational ethical codes
III: Social pressures
IV: Tension between personal standards and organizational needs

The company supports competition based on quality, service, and price. We will conduct our affairs honestly, directly, and fairly. To comply with the anti-trust laws and our policy of fair competition, employees must:
I: Never discuss with competitors any matter directly involved in competition between us and the competitor (e.g., sales price, marketing strategies, market shares, and sales policies)
II: Never agree with a competitor to restrict competition by fixing prices, allocating markets, or other means
III: Not arbitrarily refuse to deal with or purchase goods and services from others simply because they are competitors in other respects
IV: Not require others to buy from us before we buy from them
V: Not require customers to take from us a service they don’t want just so they can get one they do want

It is necessary to comply with applicable laws and regulatory orders in any jurisdiction in which the company operates. It is the responsibility of each employee to acquire sufficient knowledge of the laws and orders related to his duties to recognize potential dangers and to know when to seek legal advice.
When we seek the resolution of regulatory or political issues affecting the company’s interests, we must do so solely based on merit and according to proper procedures in dealing with such officials. Employees may not offer, provide, or solicit, directly or indirectly, any special treatment or favor in return for anything of economic value or the promise or expectation of future value or gain. Also, there shall be no entertaining of employees of the federal or provincial government.

Gifts are items and services of value that are given to any outside parties but do not include items described below.
 Normal business entertainment items, such as meals and beverages, are not to be considered gifts.  Items of minimal value, given in connection with sales campaigns and promotions or employee service, safety, or retirement awards, are not to be considered gifts for purposes of this code.
Contributions or donations to recognized charitable and nonprofit organizations are not considered gifts. Items or services with a total value of under $100 per year are excluded.

n employee who deals with individuals or organizations doing or seeking to do business with the company, or who makes recommendations concerning such dealings, should not:
I: Serve as an officer, director, employee, or consultant.
II: Own a substantial interest in any competitor of the company, or any organization doing or seeking to do business with the company.
III: Have any other direct or indirect personal interest in any business transactions with the company
IV: Provide telecommunications or information service or equipment, either directly or as a reseller, in a manner that would place the objectivity or integrity of the company in question.

Confidential information includes any information about the company, whether it is technical, corporate, financial or otherwise, which is classified as confidential or secret by the company and/or which is not accessible or made publicly avail.able. It also contains any private information about or connected to, customer records, fellow employees, other individuals or other businesses, and national security.
Company policy and various laws protect the integrity of the confidential information of the company that must not be disclosed except in strict compliance with established company policies and procedures. The obligation not to disclose confidential company information is in effect even though the material may not be specifically identified as confidential and the obligation exists and continues.

It should be noted that the claim is relevant to monitoring and auditing, i.e. ensuring risk assessments, analyzes and engagement are effective in supporting the monitoring role of management.