| |
 |
| |
|
| |
| |
 |
Subscribe to our
bi-monthly
HPASA newsletter. |
|
 |
|
|
 |
|
|
October 2010
FRAUDULENT FINANCIAL
REPORTING
By Tenk Loubser,
Exceed |
|
| |
|
A study
conducted in the USA provided a comprehensive
analysis of fraudulent financial reporting.
Some of the
key findings may also apply to businesses
in South Africa.
These include:
| • |
Medium-size companies engaged
more regularly in financial
statement fraud than big companies.
|
| • |
In most fraud cases, the
CEO and/or the CFO were involved.
|
| • |
The most common
fraud techniques were improper
revenue recognition, followed
by the overstatement of existing
assets or capitalisation of
expenses. |
| • |
Relatively few differences
were found in the characteristics
of the Board of Directors of
firms engaging in fraud compared
to similar firms not engaging
in fraud. |
| |
| - |
While audit
committees have been put
in the spotlight in recent
times, one of the study’s
important insights is
that no meaningful differences
exist in the audit committee
characteristics of firms
committing fraud and others.
|
|
|
|
| • |
A substantial number of the
firms conducting fraudulent financial reporting
changed auditors in the period between the
previously clean financial statements and
the previously fraudulent financial statements.
|
| • |
The long-term negative consequences
of fraud were apparent. |
| |
| - |
Companies engaging in
fraud often experienced bankruptcy
at a much higher rate than no-fraud
firms. |
|
| • |
In many cases fraud went
undetected by auditors, despite the size
of the audit firm. |
| |
| - |
Virtually all the firms
involved in fraud received unqualified
opinions on their previous set of
fraudulently misstated financial statements. |
|
| Although
further research is required to better understand
the underlying factors likely to effect
the prevention and detection of fraudulent
financial reporting, the Board of Directors
of all companies should pay attention to
these alarming results. |
Sourced From: Exceed |
|
August 2010
INTERNAL AUDIT
AND RISK MANAGEMENT SIMPLIFIED
By Louw van
der Merwe, Exceed |
|
| |
This is the first in a
series of articles where our resident specialist,
Louw van der Merwe, explains and clarifies
on a very practical level exactly what value
can be added by Internal Audit and Risk
Management within your organisation.
What are Controls?
| • |
At its most basic level,
any organisation converts inputs into
outputs. The one that does so most
effectively and efficiently would
be the most successful. |
| • |
Inputs are converted
into outputs via a process, and controls
govern the effectiveness and efficiency
of processes. |
| • |
It therefore follows
that the organisation with the best
controls would be the most successful. |
| • |
There are many definitions
of internal control. |
| • |
The simplest remains
the original COSO definition, stating
that controls can be classified as
either financial, compliance or operational.
|
|
|
| Louw
van der Merwe, Exceed |
|
| • |
Financial controls are actions
such as bank reconciliations, authorisation
limits, etc. |
| • |
These controls are the simplest
to review, as they are largely generic across
all industries. |
| • |
Compliance controls are those
actions that ensure that the organisation
adhere to all applicable laws and regulations.
|
| • |
By far the most difficult
to review are the operational controls.
|
| • |
These are controls that ensure operational
objectives are achieved. An example would
be the quality review functions at a processing
plant. |
| • |
These controls are largely
specific to every organisation, and represent
the majority of controls within the control
framework. |
What is the Role of Internal Audit?
| • |
Internal control, in other
words, actions to ensure we manage our risks
and achieve our objectives, is the responsibility
of the Board of Directors, who delegate
its implementation to management. |
| • |
Assurance that the controls
that are implemented are in fact appropriate;
and have been adhered to is requested by
the board from management, who in turn receive
that same assurance from those that report
to them. |
| • |
Additional assurance is requested
from Internal Audit. |
| • |
Although Internal Audit reports
directly to the board via the Audit Committee,
the assurance from the results of their
activities should therefore be utilised
by all levels within an organisation. |
Typical Internal Audit Review
Any Internal Audit review has 2 main objectives:
| 1. |
Are the controls that are
implemented the most appropriate under the
circumstances, in other words, do they result
in the most efficient and effective conversion
of inputs into outputs? |
| |
a. This is also called the
efficiency and effectiveness review. |
| 2. |
Are the controls that are
supposed to be implemented in fact adhered
to on a consistent basis; and are we sure
that they are not being applied by personnel
with other indivisible duties? |
| |
a. This is also called a compliance
review. |
|
As it includes assessing operational
and compliance controls, the first part
of the review, the effectiveness and efficiency
review, is quite difficult and a person
with a large degree of experience and knowledge
is normally needed. |
The output from this review is a list of potential
inefficiencies or gaps in the current control
framework, as well as recommendations to address
those.
Another output is a listing of key controls, in
other words those controls that are absolutely
essential to ensure achievement of objectives.
This listing of key controls are then utilised
to form the basis of the compliance testing part
of the review. A person of lesser experience can
therefore be utilised to conduct this stage.
Next newsletter – more
on the Internal Audit planning process, and Risk
Management made practical.
Sourced From: Exceed |
|
|
|
 |
|
