Embed Size (px)
Citation preview
FRAUD AND THE ROLE OF SYSTEM
OF INTERNAL CONTROLS
IIA CROATIA
Varna, 6th June 2013.
mr. Stanko Tokić, dipl. oec.President of IIA Croatia
CONTENTS
Introduction
Definitions
Corporate rules
System of Internal Controls (SIC)
Fraud
System of Internal Controls and Fraud
Internal auditors and Fraud
CONCLUSION
2
INTRODUCTION
A new definition and a paradigm of internal audit Definitions of system of internal controls (SIC) & fraud Corporate rules and SIC & fraud Corporate structure and SIC & fraud The role of regulations in the company The SIC has a big influence in the prevention of fraud SIC define fraud Internal audit is not responsible for fraud Internal audit must have a focus on fraud Internal audit reports on the SIC & fraud Stakeholders and SIC & fraud Internal audit, SIC & fraud
3
4
Corporate regulations are the basis for defining the system
Regulations are defined on international and national level by the
government and non-government organisations: Treadway Commission (COSO i ERM), Cadbury Committee, Combined
Code, Hampel, Greenburry, Turnbull, OECD, SoX, Securities exchange
commission
EU directives and recommendations
Different codes, rules, guidelines, standards and norms
Best practice, stock exchange and the capital market rules
Laws and regulations
Government and non-government agencies and institutions
CORPORATE REGULATIONS
COMPANY RULES
Company rules & SIC are defined by: Shareholders’ Meeting Supervisory Board Management Board Management Committees of Supervisory Board & Management Board, eg. Audit Committee
Corporate rules & SIC are defined in: statute corporate acts organisational regulations organisation sheme codes, guidelines, rules, standards, norms etc. plans and programs
5
6
Definition of systems of internal controls:
The system of internal controls are methods and procedures approved by the management board. The end result of these methods and procedures is to achieve the business goals and better governance of the company.
SYSTEM OF INTERNAL CONTROLS
7
The system is emphasised in many documents:
A new paradigm of internal audit Model - Three lines of defence PPF, IPPF and international standards on internal audit 2011. The research of IIA Global & ECIIA The research of national institutes of internal audit The research of the BIG 4 EU directives and recommendations, white paper etc. Corporate rules of the OECD The best working practice of the Audit Committee Defining the European standards on internal audit The assessment of the system (COSO & ERM) The reports of the state audit and external audit
SYSTEM OF INTERNAL CONTROLS
8
Company system of internal controls consists of:
Acts, documents, politics, procedures, plans, programmes, decisions, guidelines and relevant business practice etc.
Organisation sheme and structure Information system, its security & protection, equipment Expertise and competency of the management board Loyal, educated and experienced professional employees Technical and technological level of operations and working
equipment Corporate culture and tradition
SYSTEM OF INTERNAL CONTROLS
9
SYSTEM OF INTERNAL CONTROLS
SUPERVISORY BOARD/MANAGEMENT BOARDSUPERVISORY BOARD/MANAGEMENT BOARD
FINANACEFINANACE ITITHUMAN
RESOURCESHUMAN
RESOURCESACCOUNTINGACCOUNTING
CORPORATE RULES
SIC
SIC SIC SIC SIC
PURCHASINGPURCHASING SELLINGSELLING PRODUCTIONPRODUCTION
SIC SIC SIC
10
Tasks of the system of internal controls: Accuracy and reliability of data and information Security of the business system & policies Moderate guarantee – the accomplishment of goals & tasks Managing company in accordance with the rules & acts Business risks brought to minimum and held under control Protection of interest of shareholders To give a realistic and objective picture To achieve better relations with stakeholders Protection of owners property and capital Accomplishing 3E’s: Economy, Efficiency, Effectiveness Achieving the appropriate value for money
SYSTEM OF INTERNAL CONTROLS
11
Why is it important to implement the SIC?
Company's attitude towards fraud related topics is made by the SIC It gives management the security and diminishes the possibility of
fraud It gives assurance in reliability and accuracy of information It is a source for defining the statement of the state of IC It assists all types of audit: external, state and internal The system implements standards, guidelines, norms, codes etc. It ensures the implementation of procedures approved and
prescribed by the management
SYSTEM OF INTERNAL CONTROLS
FRAUD - DEFINITION
FRAUD - Any illegal act characterised by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Fraud is perpetrated by parties and organizations to obtains money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage. (IPPF)
12
REGULATIONS
FRAUD Fraud is defined and emphasised in many documents:
Regulatory Framework for FraudFraud Policy Management guidelines for the prevention, detection and
investigation of fraudLaws, Regulations, Acts, Standards, Guidelines etc.Annual ReportsBusiness ReportsGuidelines of System of Internal ControlsQuastionnaires on tests of fraudPolicies for Hot-LineInternal/External/State Audit ReportInformation, Date, IndicatorsPolicy of whistleblowers
14
15
How to detect the potential behaviour and activities which can point to fraud?
Unusual behaviour of employees and management Changes of lifestyle and standard Staying at work, not using holidays etc. Weak security of the premises, uncontrolled entrance Unusual accounts, big numbers and only one signature Transactions with cash made only by one person No segregation of duties & large responsibilities Business cycle followed by missing documentation and
accounts Broad use of codes and protection codes Continuous talk of work, fatigue and responsibilities
FRAUD 1/2
FRAUD 2/2How to change the potential behaviour and activities – SIC and fraud?
Speaking freely of fraud and the risks of fraudThe education of employees and prescribing the adequate actsMaking a plan of prevention of fraud and informing the employees of its existenceMaking an intervention plan in case of fraudDefining and assessing the risk of fraudMaking everyone responsible for the detection of fraudImplementing a program for the prevention of fraudRegularly discuss cases of fraudContinuously undertake corrective measures and activities
POLICY OF FRAUD
17
The key principles underlying the company’s approach to fraud are to: Encourage a culture of awareness and have measures in place to
recognise and minimise the risk of fraudHave procedures in place for the prevention, detection,
investigation, reporting and public management of fraudCo-operate fully where an external investigation of fraud is
carried out Make available confidential helplines and other appropriate mechanisms so that anyone can voice concerns Protect against all forms of reprisals of those who in good faith
report instances of suspected fraud Investigate immediately cases of suspected fraud and pursue
perpetrators to the fullest extent of the lawMaintain the principles of confidentiality in any investigation Learn from any occurrence of fraud to prevent it being repeated
The Internal Auditor should have sufficient knowledge to identify the indicators of fraud but is not expected to have the expertise of a person whose primary purpose is detecting and investigating fraud.IPPF International Standards for the Professional Practice of Internal Auditing (IIA)
The primary responsibility for the prevention, detection and investigation of fraud rest with management, which also has the responsibility to manage the risk of fraud.Fraud Position Statement (IIA UK and Ireland)
18
INTERNAL AUDITORS & FRAUD
19
SYSTEM OF INTERNAL CONTROLS & FRAUD
SYNDICATE OWNER REGULATORY AGENCIES
BOARD OF DIRECTORS AND MANAGEMENT
RESPONSIBLE MINISTRY BANKSCROATIAN GOVERMENT
SUPPLIERS
GOVERMENT INSPECTORATE AND
OTHER CONTROL BODIES
CREDITORS
BUYERS
WORKERS
STAKEHOLDERS AND SYSTEM OF INTERNAL CONTROLS & FRAUD
CONCLUSION
SIC has a big influence on fraud Corporate rules define the framework for SIC & fraud Fraud is defined and emphasised in many documents relating to the system of internal controls in the company The system of internal controls help management in the prevention of fraud Company must change the potential behaviour and activities Internal audit must have a focus on fraud The recent trends of internal audit, ensures that the company is aware of the risks to which it is exposed and manages them Internal audits main role is not to prevent, detect or investigate fraud The task of internal audit is to support management
20
