Internal Control Performance Reviews & the Fraud Risk Assessment

It’s vital to the fraud prevention effort of every private and governmental entity that the performance of its internal control system be monitored.  Fraud examiners, working for management as part of the control team, should assist in the assessment of the organization’s control performance with sufficient frequency to meet the needs associated with fraud  risk assessment update.  Such monitoring includes reviews of regular supervisory activities and of other actions entity personnel take in performing their day- to- day duties.

Errors, irregularities, frauds and internal control deficiencies should be reported to top management (you can’t manage what you can’t see or are unaware of) and to the audit committee of the board of directors.

On-going monitoring  of internal controls for weaknesses that facilitate irregularities helps ensure that key  anti-fraud controls continue to operate effectively and maintain a risk score sufficient to reassure management that the risk of irregularities remains low.  Fraud examiners and other auditors should insist that…

—operating managers compare internal reports and published financial statements with their in-the-trenches knowledge of what’s actually happening in the business;

–customer complaints of amounts billed are analyzed;

–vendor complaints of amounts paid are analyzed;

–if a governmental entity or a regulated private entity, that regulatory reports to the business or agency on compliance with laws and regulations  are reviewed by management and any reported issues promptly addressed;

–accounting managers supervise the accuracy and completeness of transaction processing;

–recorded amounts are periodically compared to actual assets and liabilities;

–external and internal auditors report on control performance and give actionable recommendations for improvement which management follows-up on and with which it complies;

–training sessions for management and employees heighten awareness of the importance of fraud control.

These elements of the monitoring process of key fraud prevention controls have a great deal in common with the steps to assess the on-going  performance of managerial or operating controls but require additional emphasis in performance review reports to management.  Significant instances of non-compliance and abuse that were found during or in connection with the performance review should be highlighted and their impact on the fraud risk assessment clearly stated.  In some extreme circumstances involving governmental entities, the examiners  should report illegal acts directly to parties external to the auditee entity (i.e.,  to governing boards, legislative auditors or entity counsel).

Comments are closed.