KnowledgeLeader provides best practice articles, tools, guides and other resources on fraud. This page contains some examples of the many resources and tools on fraud that are available for download. The tools are provided in downloadable versions, so they can be customized for use in your organization.
Accounts Payable RCM
This document outlines risks and controls common to the "accounts payable" process in a risk control matrix (RCM) format.
Business Ethics Questionnaire
This questionnaire is designed to help risk management professionals determine how well their companies are addressing risks in this area and to bring awareness to ethics programs. It also provides guidelines on how to measure the performance of business ethics processes.
Code of Business Conduct Policy
The purpose of this policy is to help employees understand the values and beliefs of an organization. Topics covered include: Foreign Corrupt Practices Act, employment practices, antitrust compliance, and ethics hotlines.
Code of Conduct Questionnaire
If there is one constant for success in a rapidly changing global marketplace, it is the immutable bedrock of an unwavering commitment to ethical and responsible business behavior. This document discusses important questions for boards and management to consider when designing and implementing an effective code of ethics.
Corruption Risk Management Questionnaire
Anti-corruption has become a major global initiative. Still, it is naïve to expect that legislators, regulators, international trade organizations and other parties can eradicate customs and behaviors that have evolved over many centuries. This board of directors and management questionnaire focuses on corruption risk, the Foreign Corrupt Practices Act (FCPA) and other key considerations.
Customer Fraud Risk Key Performance Indicators (KPIs)
This tool template explains the business risks related to customer fraud and outlines best practices to counter credit card fraud, identity theft, theft of intellectual property and phony online auctions.
Electronic Discovery Questionnaire
Electronic discovery (or e-discovery) refers to the process by which relevant electronically stored information is produced as evidence when an organization faces legal or regulatory action. This document poses questions for the board and management to reduce the costs, burden and time associated with e-discovery.
Electronic Discovery: An Academic Exercise or Your Next Crisis?
Electronic discovery (or e-discovery) refers to the process by which relevant electronically stored information (ESI) is produced when an organization faces legal or regulatory action. This process is important because parties in a lawsuit can now demand from each other word processing documents, e-mails, voice mail and instant messages, blogs, backup tapes and database files. Failure to comply with these electronic production obligations can lead to serious sanctions, sometimes to the tune of millions of dollars, and increased compliance costs. The harsh consequences of non-compliance are growing exponentially. This issue of The Bulletin provides ideas for companies to implement practical approaches in proportion to their litigation risk exposure and ongoing operations that will significantly reduce the cost, burden and time associated with records retention and e-discovery.
This policy defines the conditions under which company email systems may be used for communication. It applies to all employees of a company and any other personnel granted access to the company's email system. Specific procedures are defined for email access, permissible uses, prohibited uses, privacy and disclosure, and email retention. The use of email and related resources should be for company business only. Employees may want to use email for personal communication that is not directly related to their role within the company, and a minimal amount of such use is acceptable; however, employees are expected to use good judgment and to limit the amount and frequency of such use.
Employee Termination Policy
The following policy outlines steps related to the employment termination process.
Entity-Level Controls Fraud Questionnaire
Fraud prevention is essential to set the right tone for an effective internal control framework. This excel-based template links the COSO components to a number of control objectives for entity-level fraud controls. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and the management action plan for deficiencies.
Entity-Level Fraud Risk Assessment Process Report
This sample report provides an overview of the process one company undertook to satisfy the requirements of evaluating fraud risks that pertain to internal control over financial reporting.
Establishing an Effective Complaint and Confidential, Anonymous Reporting Process
Earlier this year, the Securities and Exchange Commission (SEC) issued rules, pursuant to Section 301 of Title III of the Sarbanes-Oxley Act of 2002 (SOX), requiring audit committees to establish procedures for "the receipt, retention and treatment of complaints received by the issuer regarding accounting, internal accounting controls or auditing matters, and the confidential, anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters." In this edition of The Bulletin, we address the issues that audit committees and management should consider as they collaborate to comply with this requirement.
Establishing an Effective Complaint and Confidential, Anonymous Reporting Process – Questionnaire
This questionnaire focuses on issues that audit committees and management should consider as they collaborate to comply with the SECs rules pursuant to Section 301 of the Sarbanes-Oxley Act of 2002. Section 301 focuses on establishing an effective complaint and confidential, anonymous reporting process. These requirements are important because the SEC’s rules direct the national securities associations to prohibit the listing of any security of a company that is not compliant with them.
Ethics Program Guide
An effective ethics program serves as a basis for policy-making as well as providing guidance in daily decision-making. This guide describes steps that companies should consider when developing or strengthening their ethics programs.
Financial Disclosure Communication Questionnaire
This questionnaire is designed to facilitate communication of items that should be considered for disclosure in SEC filings. It does not include all possible disclosure items, but does include some examples of primary types of items that should be considered.
Fine-Tuning Your Corruption Risk Management
Last year, a former Morgan Stanley managing director pleaded guilty for his role in a conspiracy to evade the company’s internal accounting controls and violate the U.S. Foreign Corrupt Practices Act and the U.S. Department of Justice (DoJ) declined to bring enforcement action against the executive’s employer. Issue 42 discusses 10 lessons learned from the DoJ favorable opinion release for Morgan Stanley.
Focus on the "Tone of the Organization”
"Tone at the top” is a term often used to describe how an organization’s leadership creates an environment that fosters ethical and responsible business behavior. While leaders communicate the company’s vision, mission, core values and commitment to ethical behavior, what really drives the culture and resonates with employees is what they see and hear every day from their supervisors. While tone at the top is important and a vital foundation, is it enough? This issue of Board Perspectives: Risk Oversight explains why it is essential that the tone at the top be translated into an effective "tone in the middle" before it can reach the rest of the organization.
Foreign Corrupt Practices Act (FCPA) Audit Work Program
This audit program sample assists audit teams when reviewing compliance with the Foreign Corrupt Practices Act of 1977.
Foreign Corrupt Practices Act Policy
This policy outlines procedures for compliance with the Foreign Corrupt Practices Act.
Fraud Indicators: Financial Performance Key Performance Indicators (KPIs)
This guide identifies some of the red flags within a entity's financial performance that indicate the potential existence of embezzlement, financial statement fraud, and other illegal acts (e.g., bribery, kickbacks, price-fixing, bid-rigging and tax evasion.)
This sample policy details the actions constituting fraud and non-fraud irregularities, investigation responsibilities, confidentiality statements, authorization for investigating suspected fraud, reporting procedures, and termination and administration procedures.
Fraud Prevention and Detection Audit Work Program
This audit program sample focuses on understanding current fraud prevention and detection program activities.
Fraud Prevention Process: Debit and Credit Card Transactions Audit Work Program
This audit work program identifies and evaluates the effectiveness of a debit and credit card service provider’s fraud prevention process. It views the reports utilized to monitor fraudulent activities involving debit and credit cards and system settings intended to identify potentially fraudulent transactions. For this audit, obtain the following documentation: organizational chart for the audited department; policies and procedures for the fraud department and any other departments involved in fraud prevention/detection via the system; a report of standard system settings including, if possible, a description of the setting; a list of reports generated via the system or utilized in the monitoring of fraudulent activities involving debit and credit cards including, if applicable, signature-based transactions; a copy of the latest report of the fraud department’s key performance measures.
Fraud Response Policy
This sample policy outlines a company's principles with respect to maintaining a fraud-free environment.
Fraud/Integrity Risk Methodology
This methodology is a flexible framework upon which internal audit teams can build. It outlines an approach for addressing integrity risk within an organization, focusing exclusively on the Integrity Risk section of the Process Risk category of the Protiviti Risk Model. The methodology addresses key questions in this risk assessment process such as current management of and measurement of integrity risk.
Fraud: Internal Audit's Role in Detection and Prevention
This presentation discusses the fundamentals of fraud and the role of internal audit in detection and prevention of fraud.
Hotel Financial Reporting and Treasury Review Audit Work Program
This audit work program assists with a comprehensive review of the treasury area for a hotel or hospitality property.
Hotel Financial Reporting and Revenue Recognition Audit Work Program
This work program provides a comprehensive review of hotel revenue.
Insider Trading Policy
This policy outlines a set procedures for insider trading. Transactions must comply with these procedures in order to comply with securities laws as defined by the Security Exchange Commission.
Integrated Audit Committee Plan Report
This audit report provides a background on the PCAOB's Auditing Standard 5 (AS5) and covers its impact on a variety of areas.
Internal Audit Strategic Focus Questionnaire
This questionnaire explores internal audit’s strategic contributions and what management and boards should expect from audit going forward.
Internet Usage Policy
This sample policy defines the conditions under which an employee, contractor, vendor or other person may access and use the internet via a company’s private network.
Making Internal Audit a Value-Adding Contributor to Economic Recovery
The severity of the current global economic downturn has left organizations around the world searching for ways to contain costs, improve efficiencies, maintain customer satisfaction levels and protect their balance sheets. This unprecedented economic crisis has been nothing short of an urgent call to action for more robust risk management practices in organizations. Not only is it essential for internal audit to ensure that its activities are fully aligned with the expectations of the organization’s leadership, it is vital for the organization’s leaders to look to the internal audit function for the support they need. This issue of The Bulletin explores how internal audit can contribute to the organization as it recovers from crisis, and what management and boards of directors should expect of internal audit going forward.
Managing Corruption Risk Involving Foreign Officials and Avoiding Its Impact on Reputation
Civil and criminal fines stemming from anti-corruption noncompliance can be costly. Firms that paid bribes to foreign officials have been subjected to criminal and civil enforcement actions, resulting in large fines, as well as suspension and debarment from federal procurement contracting. In addition, reputation damage due to negative media attention can devastate the bottom line and impair shareholder value. To avoid these consequences, many firms have implemented detailed compliance programs intended to prevent, deter and detect improper payments by employees and agents. It is critical for management to ensure that a robust anti-corruption compliance program, including anti-corruption controls, is in place. This issue of The Bulletin briefs on how to manage corruption risk and uses the FCPA as a framework for this discussion.
Managing Corruption Risk
Consequences of corruption violations include criminal and civil enforcement actions, profit disgorgements, mega fines, and suspensions from government contracting, jail terms for employees and reputation-damaging headlines. To avoid these consequences, firms should consider an anti-corruption program intended to prevent, deter and detect improper payments by employees and agents. Companies should establish risk-based policies and procedures that provide reasonable assurance the organization and its agents are adhering to the provisions of applicable anti-corruption laws, and implementing adequate systems of internal controls. This issue of Board Perspectives: Risk Oversight shares how a robust anti-corruption program can save companies from the expensive consequences of corruption violations.
Managing Outsourcing and Offshoring Risk – Questionnaire
As companies focus on managing their operations in a difficult economic environment, they seek to become leaner and more focused, efficient and effective. This document focuses on questions for board members and management to consider when managing risks related to outsourcing or offshoring business activities.
Protecting Enterprise Value Through Your Anti-Fraud Program – Questionnaire
A company’s anti-fraud program is an integral part of its corporate governance process and is fundamental to protecting tangible and intangible enterprise value and preserving the reliability of public reporting. This document focuses on key questions for board members and management when evaluating the anti-fraud program.
Protecting Enterprise Value Through Your Anti-Fraud Program
Simply stated, an anti-fraud program is a group of policies and procedures, backed by senior management, which fosters ethical and responsible business behavior. A company’s anti-fraud program is an integral part of its corporate governance process and is fundamental to protecting enterprise value and preserving the reliability of public reporting. With the audit committee providing oversight, management is tasked with establishing, validating and monitoring effective internal controls to quickly prevent, deter and detect fraud. What is an anti-fraud program? Why is it important? How should companies evaluate their anti-fraud program? In this issue of The Bulletin, we will answer these and other questions. We will also provide observations and recommendations for management and audit committees to consider when evaluating their anti-fraud program.
Record Disposal and Retention Policy
This policy outlines procedures for document disposal and storage periods. It defines the requirements for document disposal, including recycling and shredding of paper, records, documents, forms, notes, and labels that may convey confidential information and ensuring that business-sensitive, client-related information is properly processed. It also records the minimum time required to maintain documents for all corporate functions and personnel. This policy applies to all pertinent and reasonable business-related documents included in an established chain of custody for such materials that ensures a secure method for containing, collecting, transporting, storing and transferring waste. In the event that a lawsuit, government or regulatory agency investigation is threatened, the legal department and executive management will notify the facilities manager or vendor to cease and desist activity of document disposal, such as daily shredding, until further notice.
Sarbanes-Oxley Year-End Audit Committee Report
This report to the audit committee focuses on the progress of the Sarbanes-Oxley Section 404 program.
Section 404 Compliance: Planning for Next Year
Year Two of Section 404 compliance for most accelerated filers is shaping up to be a year of incremental improvement. Management has taken a hard look at items such as number of key controls and testing scopes. This issue of The Bulletin focuses on some of the opportunities companies should consider as they plan for Year Three.
Setting the 2006 Audit Committee Agenda
Much has happened since 2003 when the SEC adopted rules mandated by The Sarbanes-Oxley Act of 2002 (SOX) that, among other things, expanded and formalized the responsibilities of audit committees. Rather than focus on history, this issue of The Bulletin provides observations and ideas for boards and their audit committees regarding matters they should consider during the coming year.
Software Licensure Compliance Audit Work Program
This sample work program can be modified for scope considerations that will depend on the extent of the software agreement under review.
Spending Authority Review Audit Work Program
This work program provides steps and considerations for reviewing spending authority policies and processes.
Spreadsheet Risk Management: Frequently Asked Questions - Second Edition
Many companies rely on spreadsheets as key applications that support operational and financial reporting processes. The increased regulation and compliance that now impact spreadsheet control is not surprising given past few years of numerous multimillion-dollar errors and fraud attributed to the use of spreadsheets. We also see companies filing reports of material weaknesses and deficiencies with the Securities and Exchange Commission (SEC) as a result of the lack of controls around their financial reporting spreadsheets. This regulatory pressure and increasing focus from auditors are forcing organizations to address the issue of spreadsheet risk management, though few really understand what the issue is and what they need to do about it. This booklet represents a pragmatic response to spreadsheet risk based on real business needs. Although this publication uses the term "spreadsheet,” much of the guidance applies equally to other end-user-developed applications, such as databases and reports.
Top 10 Lessons Learned From Implementing COSO 2013
In this issue of The Bulletin, we share 10 lessons learned from COSO 2013 successful implementations from a variety of sources—working with our clients, information gathered from thousands of attendees at our webinar series, and our annual SOX Compliance Survey.
Whistleblower Policy and Procedures
This policy establishes standards and procedures to ensure that the accounting and audit-related complaint handling process complies with management’s and the audit committee’s objectives.