NAME: Anne Marielle Pla Uy
I. COSO sets out five Integrated Components of Internal Control:
Control
Risk
Control
Information
and Monitoring
environment
assessment
activities
communication
Identify the component described by each of the following statement.
1. provides that the entire process must be monitored in order to recognize problems to make necessary
adjustments during the course of operations.
Answer: Monitoring
2. it focuses on people, the ethical and moral values established by an organization’s leadership team, and
competence. It emphasizes that people are the organization and are the key determinants of the
organization’s success or failure.
Answer: Control Activities
3. provides that communication and the sharing of information should occur up, down, and across the
organization. It requires that information be timely and thorough in order for actions to be completed that
support the achievement of stated goals.
Answer: Information and Communication
4. ensures that mechanisms exist throughout the organization to identify, manage, and mitigate unwarranted
risks.
Answer: Risk Assessment
5. provides that policies and procedures should be established and followed to ensure all actions support the
achievement of defined goals.
Answer: Control Activities
II. The fraud triangle asserts that the following three factors must exist for a person to commit fraud:
Opportunity
Pressure
Rationalization
Identify the fraud risk factor in each of the following situation or scenario. State your reasoning for each
situation or scenario.
1. The business has no cameras or security devices at its warehouse.
Answer: Opportunity
Reasoning: Because of not having a cameras or security devices in the warehouse, a person has an opportunity
to make advantage of it and search an opportunity to make or commit fraud.
2. Managers are expected to grow business or be fired
Answer: Pressure
Reasoning: The pressure here is that the manager should make an action to make the business grow or else
he/she would get fired.
3. A worker sees other employees regularly take inventory for personal use
Answer: Rationalization
Reasoning: Believing it’s okay to take inventory from work because no one will notice they are missing and
they can easily be replaced.
4. No one matches the cash in the register to receipts when shifts end
Answer: Opportunity
Reasoning: A person must be able to commit fraud with a low risk of getting caught.
5. Officers are expected to show rising income or risk dismissal
Answer: Pressure
Reasoning: The pressure is the fact that they will have to show rising incomes and if not they will get fired or
laid off.
6. A worker feels that fellow employees are not honest.
Answer: Rationalization
Reasoning: Dishonest people sometimes get away with it, and then they feel good about themselves.
7. Accounting records were either nonexistent or in a state of such disorganization that significant effort was
required to locate or compile them
Answer: Opportunity
Reasoning: This is an opportunity to commit fraud because the accounting records are disorganized where the
opportunity to commit frauds easier happens.
8. A group of top-level management was compensated (mostly in the form of stock options) well in excess of
what would be considered normal for their positions in this industry.
Answer: Pressure
Reasoning: Stock based compensation provides an incentive for management to manipulate financial
statements, as better presentation would result in increase in stock prices.
9. Top management closely guards internal financial information, to the extent that even some employees on a
“need-to-know basis” are denied full access
Answer: Opportunity
Reasoning: Certain employees are going to need to know this internal financial information to make decisions
that are prudent to their positions. Denying even the people that should have access gives the appearance that
there is something that is being hidden.
10. There was intense pressure to keep the corporation’s stock from declining further. This pressure came from
inventors, analysts and the CEO, whose financial well-being was significantly dependent on the corporation’s
stock price.
Answer: Pressure
Reasoning: A certain amount of stock market pressure is to be expected, but the additional pressure from a CEO
whose financial security is precariously dependent on keeping the stock price stable is very troubling. Clearly,
ethical tension is both evident here and improper. Intense pressure can distort people’s objectivity and erode their
integrity.
III.
Audit evidence is obtained by performing audit procedures:
Analytical
External
Inspection Inquiry Observation
Reperformance Recalculatio
procedures
Confirmation
n
Identify the audit procedures to be performed in each of the following situation.
1. The auditor wants to understand the business and control environment of the organization.
Answer: Inquiry
2. The auditor wants to obtain evidence about the existence of entity’s bank balances.
Answer: Inquiry
3. The auditor wants to test the existence of fixed assets that are recorded in the balance sheet.
Answer: Inspection
4. The auditor wants to test the valuation assertion of fixed assets.
Answer: Recalculation
5. The auditor wants to test the bank reconciliation procedure done by the accounting staff.
Answer: Reperformance
6. The auditor wants to investigate the variances that exist between last year’s and current year’s interest
expense.
Answer: Analytical Procedures
7. The auditor wants to ensure that the net salaries paid to the employees are correct.
Answer: Recalculation
8. The auditor wants to examine the payment voucher against the authority that approves the payment vouchers.
Answer: External Confirmation
9. The auditor wants to test the existence of the entity’s inventories counting procedures.
Answer: Inspection
10. The auditor wants to obtain evidence about the existence of entity’s accounts receivable balances.
Answer: Inquiry
IV.
1. What are the three objectives of Internal Control? Explain each.
2.
3.
4.
5.
Operations objectives – These objectives pertain to the achievement of the basic mission(s) of a department
and the effectiveness and efficiency of its operations, including performance standards and safeguarding
resources against loss.
Reporting objectives – These objectives pertain to the preparation of reliable financial reports, including the
prevention of fraudulent public financial reporting.
Compliance objectives – These objectives pertain to adherence to applicable laws and regulations.
Discuss the steps and procedures in internal auditing.
During the planning portion of the audit, the auditor notifies the client of the audit, discusses the scope and
objectives of the examination in a formal meeting with organization management, gathers information on
important processes, evaluates existing controls, and plans the remaining audit step. Next phase is gathering
and evaluating evidence, here auditor perform the procedures about entity’s operations, evaluating it and
found out whether those operations meet acceptable standards. Second to the last is reporting, it is the most
visible output that provides feedback to the client and other stakeholders on the result of engagement. The
last phase of audit engagement is the audit follow up that review and verify the implementation of audit
recommendation.
Discuss the procedures in obtaining audit evidence.
There are many procedures that auditors use to obtain audit evidence to support their conclusion. Such
procedures include audit inquiry, audit observation, audit inspection, analytical procedure, audit
recalculation, Audit confirmation, as well as re-performance.
Inquiry: Auditor inquires management on certain business transactions or events on the purpose of
obtaining an understanding or to confirm some related assertion.
Observation: Auditor observes the way how certain controls related to financial reporting perform.
Inspection: Auditor inspect on certain documents or evidence that related to financial transaction or event.
Analytical Procedure: Analytical procedure is normally used by the auditor to assess the transactions or
amounts in the financial statements through other financial and non-financial data.
Recalculation: The auditor sometimes recalculates some depreciation expenses that prepare by
management.
External Confirmation: During the confirmation process, the auditor requests, directly from a third party,
information on items relating to particular assertions in the financial statements. The auditor selects items to
be confirmed, designs the confirmation form, and sends the confirmations to third parties. Included in the
sequence is the auditor's receipt of the confirmation response and subsequent evaluation of the information
provided
Reperformance: The auditor sometimes re-performs bank reconciliation that prepares by the client.
What is fraud triangle? Explain the three factors that cause someone to commit fraud.
If one is talking about theft, there must be something to steal and a way to steal it. Anything of value is
something to steal. Any weakness in a system- for example, lack of oversight is a way of steal. Of the three
elements of the Fraud Triangle, Opportunity is often hard to spot, but fairly easy to control through
organizational or procedural changes. Pressure in this case is another way of saying motivation. What is it
in one’s life that drives one to commit fraud? Pressure sometimes involves personal situations that create a
demand for more money such as arises from problems on the job; unrealistic performance targets may
provide the motive to perpetrate fraud. The fraudster must conclude that the gain to be realized from a
fraudulent activity outweighs the possibility for detection or fraudster needs for justify the fraud.
Justification can be related to job dissatisfaction or perceived entitlement, or a current intent to make the
victim whole sometime in the future, or saving one’s family, possessions or status. Rationalization is
discernible by observation of the fraudster’s comments or attitudes.
Discuss the various types of control activities that management develops in order to mitigate risk.
Authorizations and Approvals - Control activities in this category are designed to provide reasonable
assurance that all transactions are within the limits set by policy or that exceptions to policy have been
granted by the appropriate officials. It is designed to provide reasonable assurance that transactions have
been reviewed for accuracy and completeness by appropriate personnel.
Verifications - Control activities in this category include a variety of computer and manual controls
designed to provide reasonable assurance that all accounting information has been correctly captured.
Physical Controls - Control activities in this category are designed to provide reasonable assurance that
assets are safeguarded and protected from loss or damage due to accident, natural disaster, negligence or
intentional acts of fraud, theft or abuse.
Controls Over Standing Data – used in transaction processing, such as controls over the processes used to
populate, update and maintain the accuracy, completeness, and validity of data in a price master file used to
record sales transactions.
Reconciliations - Control activities in this category are designed to provide reasonable assurance of the
accuracy of financial records through the periodic comparison of source documents to data recorded in
accounting information systems.
Supervisory Controls - a high level controls to help ensure that other control activities are operating, for
example, a review of reconciliation by the supervisor of the individual that performed the reconciliation.
Performance Reviews - may focus on compliance, financial or operational issues. For example, financial
reviews should be made of actual performance versus budgets, forecasts and performance in prior periods.
6. Enumerate the different type of frauds. Explain and give example for each.
Customer Fraud - occurs when a person suffers from a financial or personal loss. The fraud can involve the
use of deceptive, unfair, misleading, or false business practices. The fraudsters typically target senior
citizens, and college students but all consumers are at risk of fraud.
Example: The company selling the products was aware that the products being sold were somehow
defective, it may give rise to a consumer fraud claim.
Cybercrime – any type of illegal activity that takes place via digital means.
Example: Unauthorized access to or modification of data or application
Asset Misappropriation – steeling cash or other assets (supplies, inventory, equipment, and information).
The theft may be concealed by false or misleading records or documents.
Example: A check is kited when a person writes an insufficient funds check on an account in one
bank and deposits the check in another bank.
Bribery and Corruption – Bribery means offering, giving, receiving, or soliciting anything of value to
influence an outcome. Corruption is an improper use of power. It often leaves little accounting evidence.
These crimes usually are uncovered through tips or complaints from third parties.
Example: Kickbacks to employees by a supplier in return for the supplier receiving favorable
treatment.
Accounting/Financial Statement Fraud - the intentional manipulation of financial statements to create a
false appearance of corporate financial health.
Example: The Enron scandal is one of the most famous examples of accounting fraud in history.
Procurement Fraud - is any fraud relating to the purchasing of goods and services.
Example: False, duplicate or double invoicing
Human Resources Fraud - a type of fraud committed by employees against employers.
Example: an employee commits that somehow utilizes his or her role or employment as a factor for
personal gain in a way that is an inappropriate use of the organization’s property, assets, or other resources.
Deceptive Fraud - Fraud takes place when a person deliberately practices deception in order to gain
something unlawfully or unfairly.
Example: If a person makes false statements, it may be considered fraud, depending on the
circumstances.
Anti-Competition/Anti-Trust Law Infringement – Apply to nearly all industries and sectors, touching every
level of business, including manufacturing, transportation, distribution, and marketing. Antitrust law
prohibits a number of business practices that restrain trade.
Example: Illegal practices are price-fixing conspiracies, corporate mergers that are likely to cut back
the competitive fervor of certain markets, and predatory acts designed to gain or hold on
to monopoly power.
Money Laundering and Sanctions - is a major financial crime. Money laundering is the legalization of
money obtained illegally.
Example: Drug trafficking can generate huge amounts of proceeds.
Intellectual Property (IP) Theft IP - robbing of people or companies of their ideas, inventions, and creative
expressions
Example: It includes trade secrets, trademarks, copyrights, and patents.
Insider/Unauthorized Trading - illegal use of non-public material information for profit. It's important to
remember this can be done by anyone including company executives, their friends, and relatives, or just a
regular person on the street, as long as the information is not publicly known.
Example: the CEO of a publicly-traded firm inadvertently discloses their company's quarterly
earnings while getting a haircut. If the hairdresser takes this information and trades on it, that is considered
illegal insider trading, and the SEC may take action.
Tax Fraud - Evasion arises where individual or corporate customers deliberately omit, conceal or
misrepresent information in order to reduce their tax liabilities.
Example: Use of false identities to obtain tax repayments.
V.
1. Jane, a bookkeeper for ABC Printing Company is on annual salary of P300,000 and has a husband and three
children. One day, while running some errands, she suffered a serious fall and broke her left leg and several
ribs. She was in intense pain for many weeks while she was healing. During that period her doctor prescribed
powerful pain killers, which he cautioned her to use as prescribed because they can be very addictive.
But Jane’s pain was so intense and relentless that she gradually took more and more of the pain-killing pails.
After two months of the pain had subsided, but she found she did not feel normal unless she continued to take
the pills. When she ran out of them, she asked her doctor for more. He refused, indicating she no longer
needed the pills and again warned her that they are highly addictive.
She began ordering the pills from Internet suppliers at a cost of P2000 per month. After several months, she
had gone through a good portion of the family’s modest savings and was worried about how she would
continue to finance her addiction. Fearing her husband’s wrath, she kept the whole problem a secret.
Thanks to her position as bookkeeper at the company, she had access to the business’s checks. This presented
an enormous temptation to her as she imagined different ways that she could issue checks to herself, deposit
them in her bank account and use the cash to continue buying the pain killers on the Internet.
However, as an honest person who had never broken the law before, she struggled with the decision of
whether to commit this fraud. Eventually, after reasoning that the chances of getting caught were low and
promising herself that she would pay the money back when she stopped taking the drugs, she decided to go
ahead and write a check on one of the company’s accounts to cash for P2000, She charged the payment to
Petty cash, forged her manager’s signature, deposited the check in her personal bank account and purchased
fresh supply of pain killers. After two weeks, when she was running low again on the drug, she wrote another
check for P2000.
This patter continued until she was no longer able to make it through the day even on a large dosage of the
drug. Eventually, she began arriving at work late and performing substandard work.
Her colleagues began to suspect something was wrong with her. An audit of the books revealed that monthly
totals for petty cash were five times what they normally were. Jane’s fraud was discovered and she was
terminated.
a. Discuss the Fraud triangle lesson present in this case.
Jane’s non-sharable financial Pressure came when she had dipped into the family savings and became
desperate for cash to pay for her drugs. She could not share her problem with anyone for fear of
disapproval, rejection, and other unpleasant consequences. The Opportunity presented itself by virtue of her
job. As a bookkeeper, she had a perfect opportunity to embezzle money from her employer to pay for her
drugs. Lastly, the Rationalization came as Jane convinces herself that she was not stealing the money that
she was only borrowing it and pay it back when she kicked her habit.
b. How could this fraud have been prevented? List as many controls as you can.
1. In this case, Jane’s bookkeeping duties should have been separated — by having someone other than
Jane approve Petty Cash outlays as well as reconciling bank statements.
2. Jane’s boss should have seen the declining quality of her work as a red flag and questioned her about
possible personal problems or other pressures.
3. The organization should not have allowed checks to be made out to cash, or if it did, it should have
required all such checks to be signed by two authorized signatories.
2. Kate Lapira used her position as Executive Director of the District of Columbia School’s Office of Charter
School Oversight to divert money belonging to the District of Columbia, and money coming from the
federal No Child Left Behind program to numerous bank accounts she controlled.
Though this was a multifaceted fraud, a key part of it involved Lapira’s use of her authority by awarding
seven no-bid school contracts worth over P4,000,000 to her own friends who in return paid Lapira
P1,800,000 in kickbacks.
Example. In January 2004, Lapira approved a charter school applicated for Young Works, a charter school
founded and run by two of her close friends, Anna and Diane.
At around the same time, Lapira concluded a deal with a private real estate group, of which she was a
principal, to facilitate property purchases in the city.
Red flag. One of those properties at the city became the location for the Young Works Charter School.
As part of her deal, Lapira was to receive P500,000 a month from the location for five years – as long as
Young Works Charter School paid its rent to the location. Lapira ultimately received P5,000,000 in payments
before her conflict of interest scheme was uncovered.
How could this fraud have been prevented? List as many controls as you can.
1. Verify check payees against Vendor Master File.
2. Segregation of duties: The bank statements should be reviewed and reconciled by an independent AP
staffer
3. Implement detailed review of invoices by purchasing/procurement staff. This would have revealed that
vendor addresses were suspicious.
4. Implement stringent controls over contract awarding to prevent non-bidding.
5. Enforcement policies requiring financial disclosure by executives to screen for potentially problematic
financial interests on the part of managers or executives.
3. International company’s employee names, Social Security numbers, addresses, dates of birth, phone numbers,
bank account numbers, signatures and other personal information were publicly exposed after an employee
took copies of this confidential information from one of the company’s computer systems by asking the
information technology (IT) manager to provide her with one-time access to the databases in order to
complete “an important project.”
The result. Several employees became victims of identity fraud after the info thief sold the stolen data to an
Internet criminal who in turn created counterfeit identification documents, credit cards, and other personal
documentation and used it to pose as the employees when applying for personal loans, credit cards, checking
accounts and so on.
It took seven months for management at International Company to learn of the breach and even longer to
inform all of the individuals whose private information had been stolen.
The employee who perpetrated the theft was never caught because she had left the company long before the
theft was discovered.
How could this fraud have been prevented? List as many controls as you can.
1. Tighten controls — over who gets access to secure data. Require special access to be approved by more
than one authorized IT manager.
2. Closely monitor compliance with these controls.
3. Implement clear controls over the types of projects and purposes for which confidential information can
be used.
4. Implement specific classification of what types of information are considered sensitive and which are less
sensitive. Implement and enforce information security policies, including listings of prohibited
information related activities.
5. The Art Appreciation Society operates a museum for the benefit and employment of the community.
When the museum is open to the public, two clerks who are positioned at the entrance collect a P50.00
admission fee from each nonmember patron. Members of the Art Appreciation Society are permitted to enter
free of charge upon presentation of their membership cards.
At the end of each day, one of the clerks delivers the proceed to the treasurer. The treasurer counts the cash in
the presence of the clerk and places it in a safe. Each Friday afternoon, the treasurer and one of the clerks
deliver all cash held in the safe to the bank and receive an authenticated deposit slip that provides the basis for
the weekly entry in the accounting records.
The Art Appreciation Society board of directors has identified a need to improve its internal control over cash
admission fees. The board has determined that the cost of installing turnstiles, sales booths or otherwise
altering the physical layout of the museum will greatly exceed any benefits.
However, the board has agreed that the sale of admission tickets must be integral part of its improvement
efforts.
Amparo Cruz has been asked by the board of directors of the Art of Appreciation Society to review the
internal control over cash admission fees and provide suggestion for improvements.
Indicate weakness in the existing internal controls over cash admission fees that Amparo Cruz should identify
and recommend one improvement for each of the weakness identified. Use the following illustrative example
below:
Weakness
Recommendation
There is no basis for
Prenumbered admission tickets
establishing
should be issued upon payment of
the documentation of the
the admission fee.
number of paying patrons.
1)Weakness:
There is no method for determining the exact number of members of the Art Appreciation Society that
actually enter the museum every day. The person that allows them to enter is the same person that charges the
entrance fee.
Recommendation:
Since there are two clerks, one should deal with paying patrons and the other one should be in charge of
allowing non-paying members of the Art Appreciation Society to enter the museum.
2)Weakness:
There is no method that controls and documents the number of paying visitors.
Recommendation:
The simplest and cheapest way to solve this issue is to issue prenumbered tickets to paying visitors.
3)Weakness:
There is a chance that the same clerk delivers the cash to the treasurer and goes to the bank to make the
deposit. if this happens, there would be no control over the daily proceeds and the money deposited.
Recommendation:
One of the clerks should be in charge of delivering the daily proceeds to the treasurer, and the other one
should be in charge of going to the bank with the treasurer. Probably the best alternative would be that the
clerks change tasks every week, example one-week clerk 1 delivers the cash to the treasurer, next week clerk
2 should do it.