Skip to main navigation

BoardMatters Quarterly, April 2011 - Fraud: what the audit committee should be doing about it - EY - United States

BoardMatters Quarterly, April 2011Fraud: what the audit committee should be doing about it

Questions for the audit committee to consider

  • Who owns the fraud issue within the company? Has the company established a fraud risk oversight committee? If so, is an audit committee member on the committee?
  • How does the audit committee determine that the company is handling its fraud issues effectively and efficiently?
  • What reports are available to the audit committee that demonstrate the company has taken action in this area and has an effective approach to monitoring the effectiveness of these programs?
  • How does the audit committee make sure that management is setting the proper tone at the top around fraud? What role does the audit committee have in shaping the message and embedding it at each level of the company?

It is important for organizations to reinvigorate their
anti-fraud programs to prevent, detect and monitor against the myriad of complex fraud issues they face.

As companies implement fraud prevention and detection initiatives, the role of the audit committee is evolving. Some audit committees have individual members spearhead fraud risk committees. Others cede ownership to corporate executives. Still, the concern remains: audit committee members must help define ownership of fraud detection and prevention within their organization.

In the post-SOX environment, many different groups within a company focus on fraud and internal controls so no one individual would own fraud prevention and detection initiatives. Some companies struggle to determine exactly who should respond to fraud within their organizations so that they can prevent inefficient responses.

However, audit committee members need practical ways to determine who owns anti-fraud initiatives and can accelerate anti-fraud programs in the company.

What is driving the focus on anti-fraud efforts?

Added pressure is coming from several places. In June 2007, the U.S. Securities and Exchange Commission (SEC) published interpretive guidance on management’s report on internal control over financial reporting, including references to dealing with fraud risks.

The guidance indicated that management should consider performing an analysis of fraud risks. The Association of Certified Fraud Examiners (ACFE), the Institute of Internal Audit (IIA) and the Center for Audit Quality (CAQ) have issued practical guides over the last few years on how to be more effective in mitigating the effects of fraud.

In April 2010, the US Sentencing Commission voted to amend the federal Sentencing Guidelines relating to the veracity of corporate compliance and ethics programs. These amendments took effect on 1 November 2010.

Additionally, the SEC, the US Department of Justice (DOJ) and the Obama Administration have renewed their interest in curtailing the effects of fraud, aggressively focusing on financial statements and corruption, including the continued recent focus by the DOJ and the SEC on the Foreign Corrupt Practices Act (FCPA), targeting companies that have not effectively addressed foreign corruption and bribery.

These factors, together with the results of recent fraud surveys, have caused many companies to bring additional focus to their anti-fraud efforts.

The ACFE’s 2010 Report to the Nation on Occupational Fraud and Abuse estimates that organizations lose 5% of annual revenues to fraud each year. To put that in perspective, 5% of the 2009 estimated Gross World Product equals US$2.9 trillion.

EY’s most recent global fraud survey report, Corruption or compliance — weighing the costs, indicates that 25% of the respondents to the survey indicated that their company had experienced an incident of bribery and corruption in the past two years. Statistics from studies such as these continue to highlight the growing landscape for fraud.

It is important for organizations to reinvigorate their anti-fraud programs to prevent, detect and monitor against the myriad of complex fraud issues they face.

What regulators are looking for

Regulators want to see real anti-fraud programs that demonstrate effective training and proven due diligence in how companies select with whom they do business on a risk basis.

Companies without such programs are at risk, not only for corrupt business practices, but also for some large government fines if prevention policies and programs are not established.

What companies are doing about it

Faced with the threat of government action and general consensus on the need to curtail/eliminate fraud, companies are evaluating their approaches to fraud prevention and detection. One approach is that “ownership” of anti-fraud efforts in the company should be shared by a select group of individuals who each have, as part of their responsibilities, a role in addressing fraud proactively and reactively.

The fraud risk oversight group should include representation from the audit committee, executive management, human resources, internal audit, corporate compliance, general counsel and the controllers’ group.

Once the right group is in place, it should develop an effective anti-fraud program to provide the framework for the organization to prevent, detect, report and investigate internal and external fraud.

The cornerstone to any reactive element in an anti-fraud program is a timely response to the suspected fraud with the right team.

 Questions for the audit committee to consider

Questions for the audit committee to consider

  • Who owns the fraud issue within the company? Has the company established a fraud risk oversight committee? If so, is an audit committee member on the committee?
  • How does the audit committee determine that the company is handling its fraud issues effectively and efficiently?
  • What reports are available to the audit committee that demonstrate the company has taken action in this area and has an effective approach to monitoring the effectiveness of these programs?
  • How does the audit committee make sure that management is setting the proper tone at the top around fraud? What role does the audit committee have in shaping the message and embedding it at each level of the company?
  • What the audit committee should do

    With responsibility for the oversight of the company’s financial reporting process and the financial statements, audit committees should determine which fraud risk assessments are performed timely and with a consistent methodology.

    Clearly, audit committee members need to know how the company is effectively addressing fraud. Audit committees that created a fraud risk oversight committee within the organization review the effectiveness of those responsible for determining the company has an effective anti-fraud program.

    The oversight committee needs to demonstrate that the anti-fraud program is operating as designed by evaluating the results of its efforts throughout the year.

    The audit committee also needs to evaluate the communication surrounding this initiative, as clear and regular communication is paramount to the success of the oversight committee’s role in implementing and evaluating the organization’s anti-fraud program.

    The audit committee should encourage the members of the oversight committee to work together to implement the anti-fraud program — there can be no silos or ineffectiveness in the company’s desire to deal effectively with fraud in a proactive and reactive manner. Having an audit committee member on the fraud risk oversight committee can result in greater accountability of the oversight committee.

    Setting the tone

    Strong anti-fraud programs include setting the right tone at the top that then permeates the culture of the organization, using both proactive and reactive measures and defining roles and responsibilities clearly.

    Companies that incorporate these principles in their anti-fraud programs stand the best chance of mitigating risks and effectively addressing and making strides to eliminate fraud in today’s current environment.


    « Previous | Next »

    Inside

    Related content

    Download

    Back to top