|
|
|
Audit committee and fraud-related risk
By Proctor Nyemba
From the weeks when I started writing this column I have noted with great concern that I was not talking about fraud risk considerations to the corporate audit committees.
The feedback I got from the heads or senior managers in the companies was that they are trying to manage fraud in a proactive drive but their corporate audit committees were facilitating or contributing to the occurrence of fraud because of poor support of tone at top.
The present situation within our economy has shown that there are fraud risks in every industry and every sector such as banks, telecoms, parastatals, transport companies, NGOs and manufacturing companies, schools and even in the churches. According to our research, we have noted with great concern that fraud is committed in the sectors because of weak or poor audit committees which are supposed to implement and examine the company controls on year or quarterly basis.
Since the appointed members to the committees may have been appointed on political grounds or nepotism, some of them might not understand what their roles as appointed audit committee members are or the meaning of audit.
With the increased awareness of fraud risks — and their financial, legal, labour and reputation consequences—audit committees are reevaluating their role, responsibilities, relationships, and practices with an eye towards enhancing oversight of the financial reporting process in general and the areas that present the greatest risks of fraud in particular.
From assessing management’s approach to risk mitigation and implementing anti-fraud measures, to recognising fraud’s “red flags” and monitoring, assessing, and influencing the right “tone at the top”, audit committees have a pivotal role to play in helping organisations to address fraud risk through sound oversight and good corporate governance practices.
Three conditions can allow fraud to occur within an organisation: “incentives or pressure, opportunities and attitudes (lack of integrity)”. These conditions can be triggered by a host of factors, including weak internal controls, unquestioned authority in the hands of one or two senior executives, and management compensation linked too closely to short-term financial results.
Others include lack of effective mechanisms for reporting or acting on reports of misconduct, poorly managed and poorly paid employees, lack of a comprehensive compliance programme, inappropriate “tone at the top” and nepotism.
Headlines of financial reporting scandals, sweeping corporate governance reforms, and unprecedented scrutiny by regulators and shareholders have elevated awareness of fraud to an all-time high. These pressures, along with increased corporate sensitivity to fraud, are driving many audit committees to focus greater attention on the organisation’s approach to risk management as well as the audit committee’s own processes and policies for addressing fraud.
Indeed, the incentives for the audit committee to implement an effective oversight approach are compelling.
Meeting the audit committee’s fiduciary responsibilities and duty of care in overseeing the integrity of the organisation’s financial reporting process. Strengthening confidence among investors, rating agencies, and other stakeholders, identifying opportunities to improve performance and efficiency as a result of an effective internal control environment that “management, along with those who have responsibility, for oversight of the financial reporting process (such as the audit committee, board of trustees, board of directors, or the owner in owner-managed entities) — they should set the proper tone. Create and maintain a culture of honesty and high ethical standards; and establish appropriate controls to prevent, and detect fraud when management and those responsible for the oversight of the financial reporting process fulfil those responsibilities, the opportunity to commit fraud can be reduced significantly.”
Implementing a successful approach to fraud risk management — and realising its potential benefits — can be significantly impacted by the audit committee’s ability to define and clearly articulate its role and responsibilities. Audit committees play a prominent role in overseeing investigations into alleged or suspected fraudulent actions, and often retain legal, accounting, and other professional advisers for assistance.
In addition, from a proactive perspective, the audit committee is often charged with overseeing the company’s risk management approach — and facilitating a process for, and environment that is conducive to, preventing, detecting, and mitigating fraud. To this end, audit committee responsibilities might encompass such core activities as:
l Evaluating management’s process for the identification and mitigation of fraud risk, including the measures implemented by management designed to help detect and prevent fraud;
l Evaluating management’s process for the identification and mitigation of fraud risk, including the measures implemented by management designed to help detect and prevent fraud.
l Assessing, monitoring, and influencing the tone at the top and reinforcing a zero-tolerance policy for fraud.
Evaluating management’s processes and procedures for screening potential employees, including whether background checks are performed by human resources.
l Providing oversight to management’s internal control over financial reporting and contemplating the potential for management override of — or inappropriate influence over — those controls.
l Comparing the reasonableness of financial results with prior or forecast results and considering quarterly analysis of key reserves.
l Evaluating management’s processes, procedures, and documentation of all significant estimates used in the financial reporting process.
l Evaluating management’s approach and documentation with respect to the process of manual journal entries and the reporting cycle closing process.
l Establishing a programme for employees and others to report anonymous concerns about fraud and unethical behavior, ie, a whistleblower process, and implementing a detailed process for the audit committee to monitor and follow through these communications.
l Providing other insight into and guidance on implementing or strengthening antifraud measures.
These activities should both complement and serve as a check on senior management’s anti-fraud activities, which generally includes establishing and monitoring all aspects of the organisation’s fraud risk assessment and prevention activities.
They also encompass reporting on the effectiveness of internal controls over financial reporting in the annual report; and implementing and promoting an appropriate tone at the top. Importantly, the audit committee must be informed and actively engaged in overseeing the process while avoiding taking on the role or responsibilities of management.
After gaining an understanding of the organisation’s fraud risks and anti-fraud programmes, an audit committee should consider what it believes needs to come from the anti-fraud programmes to assist the audit committee in its oversight role. Audit committees, should seek input from certified fraud examiners, certified internal auditors, experts, anti-fraud experts and legal experts.
This information, along with insight from members’ own experiences, should help facilitate the audit committee in clearly spelling out its expectations.
Approaches to Fraud Risk Oversight
Audit committees are taking a variety of approaches to their oversight of management approach to preventing, detecting and effectively responding to corporate fraud and misconduct. Many audit committees are bolstering their financial reporting and enterprise risk management oversight processes by encouraging management to implement fraud-focused programmes and controls that include:
Regular reassessment of fraud risks. A fraud risk assessment cannot be done once and then put on a shelf. Company education and training to enhance awareness of fraud: Is the training updated regularly? Was the training designed to address specific fraud risk at the company? Was an evaluation done to determine that the training was effective? New or enhanced “whistleblower” policies and procedures. Who receives and documents the initial communication? Do policy documents explain how to address communications based on the type of allegation, the potential monetary exposure, or the position of the alleged wrongdoer, etc.?
How are calls investigated and who decides when to involve external parties? How and when is whistleblower communications brought to the attention of the audit committee? Additional resources and tools to assist with anti-fraud efforts, include such tools as internal audit, a designated anti-fraud team, and fraud-tracking and monitoring software. A detailed fraud response or mobilisation plan includes regular assessment of the company’s insurance programme, including coverage. Clearly, anti-fraud programmes must be designed to address the audit committee’s and the organisation’s distinct needs and objectives — one size does not fit all.
Audit committees also should monitor the company’s documentation and testing of its internal controls over human resources, procurement, financial reporting etc.
In this regard, audit committees should consider whether management is appropriately addressing fraud risk areas.
Special consideration may need to be given to the existence of fraud risk factors in various geographical locations of the company or particular functions or divisions of the business as well as fraud risk factors identified within certain processes. These include those covering the reporting of revenue or where there is a potential for the misappropriation of assets.
The financial reporting process is another area of oversight in which audit committees should integrate their consideration of fraud. During the audit committee’s review and discussion of the company’s financial results, audit committee members should pay particular attention to certain conditions that also may be a potential fraud risk indicator if such conditions are not consistent with the company’s business, market, or industry. Examples of such conditions might include sales and income decreasing while accounts payable and receivable rise, significant excess levels of inventory or a large number of customer returns or account write-offs, and significant changes in key financial estimates.
The increased awareness of fraud and fraud-related risks — among investors, regulators, the media, and the organisation’s management and board — has dramatically elevated the expectations of the role of the audit committee.
As part of their oversight of the organisation’s accounting and financial reporting processes, audit committees are increasingly focused on the potential sources of fraud and oversight policies and approaches for mitigating such risks.
Clearly defining the audit committee’s role and responsibilities — most importantly, evaluating management’s risk management approach and encouraging the right tone at the top — is an essential step in preventing, detecting, and effectively responding to fraud. Another critical success factor is leveraging the knowledge and resources of key participants in the financial reporting process — including management, loss control and internal and external auditors — as well as merging practices and guidelines for strengthening internal controls.
By focusing on fraud risk — and considering it within the context of the organisation’s overall approach to risk management — the audit committee can respond to the heightened expectations of the marketplace and new regulatory requirements while helping to strengthen internal controls, financial reporting, good corporate governance, and — ultimately — shareholder value. To close this article, I have the following words of wisdom to the audit committees in our companies and schools: “Ask plenty of questions.
“Pay close attention. Don’t assume that if you don’t understand something, everyone else does. Be active, engaged, and concerned. Understand the characteristics and character of those involved in the company’s internal controls and financial reporting. Make sure the process for reporting issues is very detailed so that everyone feels accountable to report important issues upward. “When considering fraud risks, don’t ignore basic things — like hiring and termination of employees. Be sceptical.”
l Proctor Nyemba is a Certified Fraud Examiner, Loss Control and Security Risk Management Consulting Expert and is a frequent speaker. Proctor & Associates “Global Certified Fraud Examiners”. Cell: +263 912 469 893; email: proctorfraudexaminer@gmail.com
Comments, criticisms, and differing opinions are welcome in the spirit of furthering our knowledge and understanding.
|
|
|