Communication and Internal Auditor by hemadharma

VIEWS: 130 PAGES: 48

									EFFECTIVE COMMUNICATION CHALLENGES OF THE INTERNAL AUDIT

BY R.DHARMARAJAN

Effective Communication Challenges
• Communication has always been uttermost importance and challenge for Internal Auditors • Poor communication is a major risk. • Needs to develop a communication strategy

Effective Verbal & Written Communications
Conveying Sensitive issues

Auditors have to speak clearly and Succintly to • Stakeholders • Unit head • Management • Audit Committee

Detrimental Effects of Fraud
• Loss of confidence by customers, lenders, regulators, stockholders • Loss of sales, market share, influence • Loss of access to financing • Withdrawal or refusal of licenses • Ejection of management • Bankruptcy/liquidation

Fraud Risks

Management Fraud =
Employee Fraud = Committed for the benefit of another and to the detriment of the company. Committed for the benefit of the company

Sensitive Issues
Conveying sensitive issues:Need to speak clearly and succintly to:
• • • • Departmental Heads Management Audit Committee Stakeholders

Characteristics of a Typical Management Fraudster
• Glibness or superficial charm • Grandiose sense of selfworth or egocentric • Pathological lying • Lack of remorse or guilt • Shallow emotions • Callousness or lack of empathy • Failure to accept responsibility for own actions

Employee Fraud: Examples
Acts where the principal benefits of the act are derived by the individual
• Embezzlement, Theft of Company Property • T&E Fraud • Vendor Kickbacks • Diversion of Corporate Opportunities • Unauthorized Use of Property

Characteristics of a Typical Employee Fraudster
• Lifestyle does not fit income • Has access to money or assets • Problems at home • Problems dealing with pressure • Heavy debt • Real or imagined grievances • Takes little or no vacation • Works odd hours • Low morale • Drug or gambling problems • History of illegal acts

Common Embezzlement Schemes
• • • • • • Utilization of fictitious vendors Submission of unauthorized T&E reports Requests with insufficient documentation Fictitious customers Manipulation of bank reconciliations and cash books Use of suspense accounts or other prepaid accounts

The Fraud Triangle
(Why good people do the wrong thing)
Pressure (Real or Perceived)

Opportunities, Consequences, and Likelihood of Detection (Real or Perceived)

Rationalization

Motives for Fraud
• Personal: – Cure financial problems – Enhance lifestyle – Revenge against company – Conceal illegal acts – Cure perceived injustice – Ego--“beat the system” – Personal ambition – Meet incentive awards • Corporate: – Reach or exceed quotas or goals – Increase popularity and reputation – Maintain ability to borrow – Personal ambition – Manipulate stock price/value – Meet regulatory requirements

The Auditor’s Challenge
1. Professional Standards are Clear

“The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.”
[U.S. Statement on Auditing Standards No. 1 as amended by SAS No. 82.]

The Auditor’s Challenge
2. Increasingly Dishonest Business World

In a study by the Institute of Management Accountants, 87% of managers were willing to commit fraud in the cases presented to them, if it would make their organizations look better.

The Auditor’s Challenge
3. Fraud is Hard to Detect (look who finds it)
80% 70% 60% 50% 40% 30% 20% 10% 0%

Internal Audit External Audit Whistleblowers & By Accident

The Auditor’s Challenge
4. New Technology Creates New Challenges

The Anti-Fraud Program: The Three Principal Lines of Defense
• First Line - Code of conduct and business ethics policies and procedures • Second Line - Internal control and Management control structure • Third Line - Internal audit activities (internal audit presence is a strong deterrent to fraud)

IIA Standards on Communication
Performance Standards 2020 CAE Should Communicate Internal Audit plan and resource requirements

The impact of resource limitations

IIA Standards on Communication
2400: Communicating the results 2410: Criteria for communicating the results 2420:Quality of communications Accurate, clear, concise,constructive,comp lete and timely

Responsiblities to the Audit Committee
An Effective Code of Conduct
• Functional reporting relationship • Major source of Information and assurance on Internal Controls • Direct Channel of communication between CAE and Audit Committee • Has a positive tone, promoting a better workplace • Requires a fair employer/employee balance

Responsibilities to the Audit Committee
KON733054.67 13-J AN-83 GL

• Attend Audit Committee meetings to present the Audit Plan for approval and to present the Audit findings and recommendations together with Management Implementation Status

Internal Audit: The Third Line of Defense
• Internal audit represents a detection line of defense in most companies – Operational and internal control reviews – Analytical procedures used to isolate anomalies – Detail reviews of high control and inherent risk accounts and transactions • Internal audit does not necessarily represent a deterrence element because of predictability issues

Internal Audit: The Third Line of Defense
• Based on a risk assessment of fraud and illegal acts, internal audit evaluates the 1st and 2nd line defense mitigators • Key mitigators should be thoroughly tested

Internal Audit: The Third Line of Defense
• If the mitigators are working effectively, analytical procedures and other tests are needed to isolate and identify any anomalies that may be present • If no mitigators, or ineffective mitigators, then internal audit must design fraud and illegal act substantive auditing procedures • In effect, they must search for fraud and illegal acts

Per SIAS #3, Internal Audit Should:
• • • • Have sufficient knowledge of fraud. Be alert to opportunities where fraud could occur. Evaluate the need for further action. Notify the appropriate authorities.

Fraud Detection
• Those analytical and other procedures that enable discovery of anomalies
• Procedures that provide for communication of suspected fraud and illegal acts

Fraud Prevention
• Those procedures, systems and organizational structures that provide obstacles to those who attempt to commit fraud and illegal acts – Internal controls and structure – Management controls – Management organizational structure

Fraud Deterrence
Companies are increasingly placing more emphasis on deterrence and prevention rather than detection
• What codes of conduct and business ethics are required? – Principles, policies and procedures • How will the fraud strategy and policies be communicated? • What are the consequences to perpetrators? • How will I monitor the process?

Fraud Deterrence is Achieved Through:
• • • • • • Organizational attitude toward controls. Organizational goals and objectives. Adequacy of written fraud policy. Authorization policies. Controls over high-risk activities and assets. Communication channels.

Fraud Prevention Recommendations
• Screen out potential criminals. • Reduce opportunities available through appropriate internal controls. • Create environment where employees believe dishonest acts will be detected. • Create environment where dishonest acts are reported and punished by developing: – Code of Ethics – Fraud Policy – Conflict of Interest Policy

Bridging the Role between Departments
• • • • • Reduction of a company’s risk of fraud Mitigation of fines and penalties Increased control over business risks Increased control over costs Reduction of reputation risk

IIA’s Risk Management Process

Identify and Prioritize Risks

Determine Level of Acceptable Risk

Develop Mitigation Activities

IIA’s Risk Management Process

Identify and Prioritize Risks

Determine Level of Acceptable Risk

Develop Mitigation Activities

IIA’s Risk Management Process

Accountability to the Stakeholders
Responsibilities to the Audit Committee Internal Audit Role between Departments

Effective Verbal and Written Communications

Bridging the Internal Audit Role: Between Departments
• • • • • • Controls are overridden. Symptoms are not investigated. Don’t approach like an Investigator or cop Build a good rapport with Departmental Head’s Understand their concerns and views Give Credit where possible- Appreciate the good things also

Effective Verbal and Written Communication
• • • • Identify your topic or Central Theme Build Supporting Points and Construct an Outline Write the easiest points first Use The First Person Approach to Address: Use “I” instead of writer or Author • Active Voice: I prepared the report rather than “The report was prepared by me. • Funds transfer

Effective Verbal and Written Communication
• • • • • • What are my expectations What areas need to be addressed Who is my audience What is the audience’s level of expertise How is the audience going to use this information How can the information be communicated effectively • Is there a language barrier • Is a message needed to inform or persuade

Effective Verbal Communication
• • • • • • Be prepared with your facts Be flexible and friendly in your approach Active Listening Constructive confrontation Effective Questioning Try to be informal in your approach, though firm and formal in your reporting • Anticipate reactions & resentments

Recent Fraud Scenarios
• Fictitious vendors • Rebate programs gone awry • Collusion through duplicate invoices • Concealment in financial statements

Fictitious Vendor Fraud
Public Domain
Phony Company Created Opportunity XYZ Company Weak Internal Controls • Purchase Order • Master Vendor File • Segregation of Duties • Corporate Record • DBA Documents • Marketing Materials Invoice Approved Fund Disbursement

Public Records Created
Invoice(s)

PO Box

$
Bank Account(s)

Fictitious Rebate Programs
Rebate checks sent to controller

$$$

No accrual recorded for rebate checks

$$$
Controller puts checks in daily receipts safe Daily Receipts

$$$

Controller takes cash of same amount from daily receipts safe

Collusion Through Duplicate Invoices
1) Vendor submits genuine invoices for goods provided 1
2) Manager with purchasing authority pays valid invoice

1

$$$
2 2

3

3

3) Vendor resubmits first invoice, with alterations

4

4

$$$

4) Manager approves altered invoice, two split gain

Concealment in Financial Statements $$$$$
Personal or unauthorized expenses are recorded to a suspense account
ACCOUNT NO. 1 Vendor No. 1304 Item No. 27 ACCOUNT NO. 2 Vendor No. 1304 Item No. 27

General Ledger

Small amounts are transferred to accounts using journal entries

ACCOUNT NO. 3 Vendor No. 1304 Item No. 27

Often, the expense type is misclassified on the journal entry.

Internal Audit Is Responsible for:
• Ensuring the existence of control with systems designed to prevent or deter the forms of fraud. • Identifying areas of risk where theft or manipulation may be likely to occur. • Ensuring adequacy and effectiveness of controls in financial accounting and other areas subject to theft, fraud or embezzlement. • Exercising the care and skill of a reasonably prudent and competent professional.

Objectives
Communication challenges of the Internal Audit Accountability to the stakeholders Responsibilities to the Audit committee Bridging the Internal Audit role between departments Effective Verbal and Written Communications

Learning Objectives Expectation levels are different Develop expenditure cycle audit programs. Modify audit programs (internal controls, warning signs, study of industry, analytical procedures).

End of Chapter 12

Effective Verbal and Written Communication
Communication Strategy

What you need to communicate

Who needs it

When should these Communications occur

How should you communicate


								
To top