Defining roles in prevention of financial reporting fraud

There is no way to guarantee that an organisation will not experience financial reporting fraud.

But research shows that fraud-resistant organisations share three traits:

• A tone at the top that encourages an ethical culture.
• The presence of scepticism.
• Engagement of all participants in the financial reporting supply chain.

That’s according to The Fraud-Resistant Organization, a report released Monday by the Anti-Fraud Collaboration, whose members include the Center for Audit Quality (CAQ), Financial Executives International, The Institute of Internal Auditors, and the National Association of Corporate Directors.

“All players in the financial reporting supply chain must work together to deter and detect financial reporting fraud,” CAQ Executive Director Cindy Fornelli said in a news release. “The report highlights vital roles and responsibilities and provides each party with knowledge they can use to reduce the potential for fraud.”

The CAQ is affiliated with the American Institute of CPAs.

According to the report, responsibilities for holders of financial supply-chain roles include:

• Management. Establishing an ethical culture and providing support and resources for strong fraud risk management programmes and internal controls is part of setting the proper tone at the top. Management should encourage scepticism as a vital ingredient of that ethical culture, the report says.
• Boards of directors. Board members need to constructively exercise scepticism, possess thorough knowledge of the company they serve, and understand the role that pressure, opportunity, and rationalisation can play in financial reporting fraud, according to the report.
• Audit committees. Members of the board serving on audit committees should know how to monitor the risk of management override of internal controls, the report says. And in public companies, audit committees are responsible for establishing a confidential, anonymous reporting mechanism to manage complaints regarding accounting, internal accounting controls, or auditing matters.
• Internal auditors. Organisations’ internal auditors should use a risk-based approach to evaluate the effectiveness of fraud deterrence procedures and internal controls on a continual basis, according to the report.
• External auditors. When developing the audit plan, auditors should take into account the integrity and ethical values practised by management – and the nature of the board’s and audit committee’s oversight, the report says.

—Ken Tysiac (ktysiac@aicpa.org) is a CGMA Magazine editorial director.