From these considerations, management makes an informed assessment of specific areas where fraud might exist and the likelihood of their occurrence and potential impact.
Considering Approaches to Circumvent or Override Controls In identifying, evaluating, and testing the design and operating effectiveness of entity-wide controls that address fraud, management considers how individuals might seek to circumvent or override controls intended to prevent or detect fraud.
Considers Incentives and Pressures Considers Risk Factors Establishes Responsibility and Accountability
Using Information Technology Tools Management uses, where practical, information technology tools including security systems, fraud detection and monitoring tools, and incident tracking systems to identify and manage fraud risk.
Considers Incentives and Pressures Considers Risk Factors Establishes Responsibility and Accountability
Developing Incident Investigation and Remediation Processes Management develops a structured process for incident investigation and remediation. Investigation roles and responsibilities are clearly delineated, and the processes include a tracking mechanism that allows management to report on material fraud events.
Considers Incentives and Pressures Considers Risk Factors Establishes Responsibility and Accountability
Internal Audit Considering Fraud Risk The person responsible for the internal audit function incorporates results of the fraud risk assessment into the internal audit plan. Management reviews and confirms that the internal audit plan addresses relevant risks.
Considers Incentives and Pressures Considers Risk Factors Establishes Responsibility and Accountability
Examples of Applying the Principle Detecting Fictitious or Misreported Sales A car dealership with three locations compensates employees based on the number of vehicles sold each month. The highest performing sales persons are awarded a bonus. Any salesperson with the fewest sales for two consecutive months is terminated. This arrangement resulted in employees creating fictitious sales and reporting sales in a later period. To mitigate this risk:
Considers Incentives and Pressures Considers Risk Factors Establishes Responsibility and Accountability
• The general manager reviews all sales recorded in the first and last five days of each
month for indication of inappropriate reporting • Each sales person is required annually to sign a statement whether they understand the
policy and have appropriately entered sales into the system • The company contracts with an auditor, among other procedures, to review selected sales
entries. Management is positioned to better assess accurate and timely reporting, in some instances resulting in recasting bonuses and in one case termination of a salesperson.
Internal Control over Financial Reporting – Guidance for Smaller Public Companies • Volume II : Guidance
53