Document Sample
COSO_antifraud_programs_and_controls Powered By Docstoc

Antifraud programs and controls standard
                                                                                                                           · Implementation
                                                                                                                           · Public disclosure
                                                                                                           Design          · Specific topics
                                                                                                                           · Key Oversight by Board & Audit Committee
                                                                                      Code of Ethics                       · Communication plan
                                                                                                           Operating       · Annual confirmation plan
                                                                                                           Effectiveness   · Attendance at training
                                                                                                                           · Monitoring by management and Audit Committee

                                                                                                                           · Similar to SOx 301
                                                                                                                           · Independent from management
                                                                                                                           · Communication mechanism to Audit Committee and external auditor
                                                                                                           Design          · Independent review and follow up by Audit Committee
                                                                                                                           · Audit Committee is responsible to oversee procedures and ensure completeness
                                                                                                                           · Adequate documentation
                                                                                     1B                                    · Walk-through by Internal Audit
                                                                                     program                               ·   Periodic testing
                                                                                                           Operating       ·   Volume of use
                                                                                                           Effectiveness   ·   Pulse survey
                                                                                                                           ·   Involvement evidenced by minutes and reports

                                                                                                                           ·   Background investigation
                                                                                                           Design          ·   Scope
                                                                                                                           ·   Adequately documented
                                                              1 Control              1C                                    ·   Walk-through by Internal Audit
                                                                Environment          Hiring & Promotion
                                                                                                           Operating       · Record keeping by HR
                                                                                                           Effectiveness   · Periodic investigations

                                                                                                                           · Systematically and periodical review of internal controls by Audit Committee and Board
                                                                                                           Design          · Oversight responsibilities in charters
                                                                                                                           · Scope of oversight

                                                                                     1D                                    · Meeting minutes
                                                                                      Oversight by Audit                   ·   Nature and frequency of meetings
                                                                                      Committee & Board    Operating       ·   Considerations of fraud in review of accounting principles, policies, etc
                                                                                                           Effectiveness   ·   Evaluation of management's assessment of risk
                                                                                                                           ·   Discussion with internal and external auditors

                                                                                                                           ·   Standardized process for responding to fraud
                                                                                                                           ·   Appropriate actions by management, Audit Committee and Board
                                                                                                           Design          ·   Minimum requirements for actions
                                                                                                                           ·   Documentation
                                                                                     1E                                    ·   Walk-through by Internal Audit
                                                                                     Remediation                           · Examination of incident investigation
                                                                                                           Operating       · Remediation
                                                                                                           Effectiveness   · Evidence of active Audit Committee involvement reflected in minutes

                                                                                                                           · Systematic (rather than hap hazard) assessment process
                                                                                                                           · Consideration of potential fraud schemes and scenarios
                                                                                                                           · Assessment of risk at all levels
                                                                                                                           · Evaluation of the likelihood and significance of each risk to the organization
                                                                                                           Design          · Assessment of exposure arising from each of the categories of risk fraud
                                                                                                                           · Testing of effectiveness of risk assessment process by Internal Audit
                                                                                                                           · Documented oversight by Audit Committee
Congress     Sox Act                                                                                                       · Audit Committee and Board responsible for considering risks and ensuring
                                                                                                                             controls to prevent fraud
                                                                                                                           · Scope of consideration of managements risk assessment process by
                                                                                                                             Audit Committee and Board
                                 Implementation   COSO                                                                     · Documentation of fraud risk assessment process
SEC          Rules and           of Antifraud     FRAMEWORK                                                                · Specific topics for discussion with external auditor, in accordance with SAS99
PCAOB                            Programs and
             Regulations i.c.
NYSE                                                          2 Risk Assessment                                            · Documentary evidence of periodic and systematic fraud risk assessment
             USSC, SEC's Final   Controls &
NASDAQ                                                                                                     Operating       · Testing by Internal Audit
             rules, PCAOB                                                                                  Effectiveness   · Fraud risk assessment and discussion with external auditor by Audit Committee
             Audit standards,                                                                                                  evidenced in meeting minutes
             NYSE & NASDAQ                                                                                                 · Design and documentation of controls to assessed fraud risks by management
             Listing Markets                                                                               Design          · Implement and maintain IT controls by management
                                                                                                                           · Oversight by Audit Committee evidenced by approval of design and operating
                                                              3 Control Activities                                             effectiveness of control activities in meeting minutes
                                                                                                                           · Walk-through by Internal Audit
                                                                                                           Effectiveness   · Testing of any business process with an identified fraud risk (by Audit)

                                                                                                                           · Effective knowledge management (timely, current and proper policies, communicated
                                                                                                                               effective to internal and external parties)
                                                                                                           Design          · Expression of clear message about commitment to prevent fraud
                                                                                                                           · Scope for IT related antifraud programs and controls (considerations, IT security
                                                              4 Information and                                              controls, impact of system access on segregation of duties, adequacy of fraud
                                                                Communication                                                detection and monitoring tools)
                                                                                                                           · Documentation of computer environment and controls to deter and detect fraud

                                                                                                                           ·   See described under (1) and (2)
                                                                                                                           ·   Code and antifraud policy available on intranet
                                                                                                           Operating       ·   Frequency and sufficiency of training
                                                                                                           Effectiveness   ·   Communication of investigations and disciplinary actions taken
                                                                                                                           ·   Testing inappropriate modifications to computer programs, system override
                                                                                                                           ·   Perform periodic investigations on computer misuse
                                                                                                                           ·   Testing general computer controls related to security

                                                                                                                           ·   Ongoing monitoring built into normal recurring operation activities
                                                                                                           Design          ·   Considerations for judgement about frequency of auditing the operating effectiveness
                                                                                                                           ·   Separate evaluations by Internal Audit
                                                                                                                           ·   Organizations plan, approach and scope of monitoring should be documented and

                                                              5 Monitoring                                                 ·   Evaluation of managements monitoring system
                                                                                                           Operating       ·   Requirements for evidence of managements monitoring system
                                                                                                           Effectiveness   ·   Evaluation of Internal Audit function
                                                                                                                           ·   Scope of evaluation Internal Audit function (activities, knowledge
                                                                                                                               experience regarding fraud)

                                                                                                                                                                                                           COMRAFI BV

Shared By:
xiaohuicaicai xiaohuicaicai