WEEK 4
4
CHAPTER 7 - FRAUD, INTERNAL CONTROL AND CASH
3
7.1 - Fraud and Internal Control
2
Fraud
= a dishonest act by an employee resulting in personal benefits for them at
1
a cost to the employer
e.g. an employee diverting money of bill payments to a personal bank
account over a time period
Factors contributing to fraudulent activity
. Opportunity -> opportunities to engage in fraud occur when the
workplace lacks sufficient controls to deter and detect it (e.g. inadequate
monitoring of employee actions)
. Financial pressure -> personal financial problems caused by too much
debt or because employees want to lead a lifestyle that they cant afford
on their current salary
3 . Rationalisation -> employee rationalise their dishonest actions to justify
their fraud (e.g. justify it by believing they are underpaid)
2 Internal control
= a process designed to provide reasonable assurance regarding the
achievement of company objectives related to operations, reporting,
1 compliance
-> safeguard assets, enhance reliability of accounting records, increase
efficiency of operations, ensure compliance with laws and regulations
Primary components
. A control environment -> top management responsible to make clear that
organisation values integrity and doesn’t tolerate unethical activity
(“tone at the top”)
. Risk assessment-> identify and analyse various factors that create risk
for the business and determine how to manage them
. Control activities -> management must design policies and procedures to
address specific risks by the company to reduce fraud
. Information and communication -> must capture and communicate all
,5
.
needed info up and down the organisation + to the appropriate external
4 parties
. Monitoring -> internal control systems must be monitored periodically
for their adequacy - deficiencies need to be reported to top
management/board of directors
Control activities -> backbone of company’s efforts to address risks it faces
like fraud
– Activities used will vary depending on management’s assessment of
risks faced in company
-> Principles of control activities:
(1) Establishment of responsibility
= assign responsibility to specific employees
● Most effective when only one person is responsible for a given task (to
know who did what)
● Requires limiting access only to authorised personnel and then
identifying them e.g. passcodes to keep track who made a journal entry,
entered a sale, went to inventory storeroom etc
(2) Segregation of duties
-> different individuals should be responsible for related activities
-> the responsibility for record keeping for an asset should be separate from
physical custody of asset
● Making one individual responsible for related activities increases the
potential for errors or fraud
● Purchasing activities:
○ e.g. ordering merchandise, approving orders, receiving goods,
authorising payment etc
○ Frauds possible:
◆ If a purchasing agent is allowed to order goods without obtaining
supervisory approval, the chance of them recovering kickbacks
from suppliers increases
◆ If an employee who orders goods also handles their invoice,
receipt and payment authorisation, they might authorise a
payment for fictitious invoice
● Sales activities:
, ○ e.g. making a sale, shipping goods to customers, billing customer,
receiving payment
○ Frauds possible:
◆ If a salesperson can make a sale without supervisory approval,
they might make sales at unauthorised prices to increase sales
commissions
◆ A shipping clerk who also has access to accounting records could
ship goods to himself
◆ A billing clerk who handles billing and receipt could understate
the amount billed for sales made to friends or relatives
● Segregation of record keeping from physical custody:
○ Accountant should not have physical custody of asset or access to
it / custodian of asset should not minting or have access to
accounting records
○ The custodian of asset is not likely to convert it to personal use when
another employee maintains the record of the asset and another one
has a physical custody of it
(3) Documentation procedures
● Documents provide evidence that transactions and events occurred e.g.
POS terminals are networked with a company’s computing and
accounting records for direct documentation / signatures may be
required on a document to identify individual responsible for transaction
● Procedures:
. When possible, companies should use pre-numbered documents + all
documents should be accounted for -> helps prevent transaction
4
CHAPTER 7 - FRAUD, INTERNAL CONTROL AND CASH
3
7.1 - Fraud and Internal Control
2
Fraud
= a dishonest act by an employee resulting in personal benefits for them at
1
a cost to the employer
e.g. an employee diverting money of bill payments to a personal bank
account over a time period
Factors contributing to fraudulent activity
. Opportunity -> opportunities to engage in fraud occur when the
workplace lacks sufficient controls to deter and detect it (e.g. inadequate
monitoring of employee actions)
. Financial pressure -> personal financial problems caused by too much
debt or because employees want to lead a lifestyle that they cant afford
on their current salary
3 . Rationalisation -> employee rationalise their dishonest actions to justify
their fraud (e.g. justify it by believing they are underpaid)
2 Internal control
= a process designed to provide reasonable assurance regarding the
achievement of company objectives related to operations, reporting,
1 compliance
-> safeguard assets, enhance reliability of accounting records, increase
efficiency of operations, ensure compliance with laws and regulations
Primary components
. A control environment -> top management responsible to make clear that
organisation values integrity and doesn’t tolerate unethical activity
(“tone at the top”)
. Risk assessment-> identify and analyse various factors that create risk
for the business and determine how to manage them
. Control activities -> management must design policies and procedures to
address specific risks by the company to reduce fraud
. Information and communication -> must capture and communicate all
,5
.
needed info up and down the organisation + to the appropriate external
4 parties
. Monitoring -> internal control systems must be monitored periodically
for their adequacy - deficiencies need to be reported to top
management/board of directors
Control activities -> backbone of company’s efforts to address risks it faces
like fraud
– Activities used will vary depending on management’s assessment of
risks faced in company
-> Principles of control activities:
(1) Establishment of responsibility
= assign responsibility to specific employees
● Most effective when only one person is responsible for a given task (to
know who did what)
● Requires limiting access only to authorised personnel and then
identifying them e.g. passcodes to keep track who made a journal entry,
entered a sale, went to inventory storeroom etc
(2) Segregation of duties
-> different individuals should be responsible for related activities
-> the responsibility for record keeping for an asset should be separate from
physical custody of asset
● Making one individual responsible for related activities increases the
potential for errors or fraud
● Purchasing activities:
○ e.g. ordering merchandise, approving orders, receiving goods,
authorising payment etc
○ Frauds possible:
◆ If a purchasing agent is allowed to order goods without obtaining
supervisory approval, the chance of them recovering kickbacks
from suppliers increases
◆ If an employee who orders goods also handles their invoice,
receipt and payment authorisation, they might authorise a
payment for fictitious invoice
● Sales activities:
, ○ e.g. making a sale, shipping goods to customers, billing customer,
receiving payment
○ Frauds possible:
◆ If a salesperson can make a sale without supervisory approval,
they might make sales at unauthorised prices to increase sales
commissions
◆ A shipping clerk who also has access to accounting records could
ship goods to himself
◆ A billing clerk who handles billing and receipt could understate
the amount billed for sales made to friends or relatives
● Segregation of record keeping from physical custody:
○ Accountant should not have physical custody of asset or access to
it / custodian of asset should not minting or have access to
accounting records
○ The custodian of asset is not likely to convert it to personal use when
another employee maintains the record of the asset and another one
has a physical custody of it
(3) Documentation procedures
● Documents provide evidence that transactions and events occurred e.g.
POS terminals are networked with a company’s computing and
accounting records for direct documentation / signatures may be
required on a document to identify individual responsible for transaction
● Procedures:
. When possible, companies should use pre-numbered documents + all
documents should be accounted for -> helps prevent transaction
