Compiled-notes-ch-11-15

CHAPTER 11 RISK MANAGEMENT RISK -

effect of uncertainty in objectives combination of the probability of occurrence of harm and the severity of that harm



Risk is not the harm itself. It is merely a possibility that harm will occur. What causes harm is hazard. Example: COVID-19 virus – hazard; probability that a certain person may be infected – risk



The concept of risk does not always relate to harm. Risk can likewise create opportunities. Example: investing in stocks



The concept of risk must be distinguished from uncertainty. Risk can be measured. You may be able to tell possible outcomes and the chances that each outcome will occur. All that is unknown is the actual outcome. Uncertainty means that you do not know all the possible outcomes and/or the chances of each outcome occurring.

IMPACT OF RISK ON STAKEHOLDERS On Shareholders When the company’s risk profile changes, shareholders may sell their shares, resulting to a lower share price. On Creditors They are concerned on whether the company can fulfill its obligations and limit the risk of default. Otherwise, they can deny credit, charge higher interest, file actions in court that could lead the company into liquidations, or ask for collateral. On Employees They are concerned about the threats to their job- salary, promotion, benefits, satisfaction, job itself. If the business fails, employees may lose their jobs. On Customers and Suppliers Suppliers are concerned about the risk of making unprofitable sales. Customers are concerned on getting the value from the goods or services that they expect.

JENIELYN P. TORRES, CPA

1

On the Public In general, the community is concerned with risks that the company does not act a good corporate citizen. Otherwise, pressure groups tactic can include publicity, direct action, sabotage, or pressure on the government.

INTRODUCTION 

Effective corporate governance cannot be attained without the organization mastering the art of risk management.

DEFINITION RISK MANAGEMENT -

Process of measuring or assessing risk and developing strategies to manage it Systematic approach in identifying, analyzing, and controlling areas or events with a potential for causing unwanted change Act or practice of controlling risk Identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events and to maximize the realization of opportunities (International Organization of Standardization)

BASIC PRINCIPLES OF RISK MANAGEMENT (identified by ISO) Risk management should 1. 2. 3. 4. 5.

Create value Address uncertainty and assumptions Be an integral part of the organizational processes and decision-making Be dynamic, iterative, transparent, tailorable, and responsive to change Create capability of continual improvement and enhancement considering the best available information and human factors 6. Be systematic, structured, and continually or periodically reassessed

STEPS IN THE PROCESS OF RISK MANAGEMENT Standard ISO 31000

“Risk Management – Principles and Guidelines on Implementation”

1. Establishing the context a. Identification of risk in a selected domain of interest JENIELYN P. TORRES, CPA

2

b. Planning the remainder of the process c. Mapping out the i. Social scope of risk management ii. Identity and objectives of stakeholders iii. Basis upon which risks will be evaluated, constraints d. Defining a framework for the activity and an agenda for identification e. Developing an analysis of risks involved in the process f. Mitigation or solution of risks using available technological, human, and organizational resources 2. Identification of potential risks Common Risk Identification Methods a. b. c. d. e.

Objective-based risk Scenario-based risk Taxonomy-based risk Common-risk checking Risk charting

3. Risk assessment – assessment of the potential severity of risks and the probability of their occurrence a. risk identification b. risk analysis c. risk evaluation

ELEMENTS OF RISK MANAGEMENT 

Risks with high probability of occurrence but lower loss v. risks with high loss but lower probability of occurrence

1. 2. 3. 4. 5.

Identification, characterization, and assessment of threats Assessment of the vulnerability of critical assets to specific threats Determination of the risk Identification of ways to reduce those risks Prioritization of risk reduction measures based on a strategy

RELEVANT RISK TERMINOLOGIES I.

Risks Associated with Investments

a. Business Risk – uncertainty about the rate of return caused by the nature of the business - Causes: uncertainty about the firm’s sales and operating expenses JENIELYN P. TORRES, CPA

3

b. Default Risk – related to the probability that some or all of the initial investment will not be returned - Closely related to the financial condition of the company issuing the security and the security’s rank in claims on assets in the event of default or bankruptcy c. Financial Risk – determined by the firm’s capital structure or sources of financing d. Interest Rate Risk – gives rise to uncertainty about the cost of the debt e. Liquidity Risk – inability to meet short-term obligations. It is associated with the uncertainty created by the inability to sell the investment quickly for cash. f. Management Risk g. Purchasing Power Risk II.

Risks Associated with Manufacturing, Trading, and Service Concerns

a. Market Risk – risk of gain or loss due to movement in the market value of an asset – a stock, bond, loan, foreign exchange, or commodity – or a derivative contract linked to these assets i.

Product Risk - Complexity - Obsolescence - Research and Development - Packaging - Delivery of Warranties

ii.

Competitor Risk - Pricing Strategy - Market Share - Market Strategy

b. Operations Risk i. ii. iii. iv. v. vi.

Process Stoppage Health and Safety After Sales Service Failure Environmental Technological Obsolescence Integrity - Management Fraud - Employee Fraud - Illegal Acts JENIELYN P. TORRES, CPA

4

c. Financial Risk – has some direct financial impact on the entity i. ii. iii. iv. v.

Interest Rates Volatility Foreign Currency Liquidity Derivative Viability

d. Business Risk i. ii. iii. iv. v. vi. vii. viii. III.

Regulatory Change Reputation Political Regulatory and Legal Shareholder Relations Credit Rating Capital Availability Business Interruptions

Risks Associated with Financial Institutions i. ii.

Financial Non-Financial

OTHER TYPES OF RISKS Credit risk – occurs when a counter party is unable or unwilling to fulfill its contractual obligation Currency risk – the possibility of gain or loss due to future changes in exchange rates Political risk – risk that political action will affect the position and value of an organization Technological risk – failure of system due to tampering of data access to critical information, nonavailability of data, and lack of controls Internet risk – numerous security dangers brought by internet connectivity Denial of service attack – characterized by an attempt by attackers to prevent legitimate users of a service from using that service Probity risk – risk of unethical behavior by one or more participants in a particular process

JENIELYN P. TORRES, CPA

5

CATEGORIES OF POTENTIAL RISK TREATMENTS 1. Risk Avoidance – includes not performing an activity that could carry risk 2. Risk Reduction or Optimization – involves reducing the severity of the loss or the likelihood of the loss from occurring 3. Risk Sharing – sharing with another party the burden of loss or the benefit of gain, from a risk, and the measures to reduce a risk 4. Risk Retention – accepting the loss or benefit of gain from a risk when it occurs

AREAS OF RISK MANAGEMENT 1. 2. 3. 4. 5.

Enterprise Risk Management RM activities as applied to project management RM for megaprojects RM for information technology RM techniques in petroleum and natural gas

SEC REQUIREMENT RELATIVE TO ENTERPRISE RISK MANAGEMENT OF PUBLICLY-LISTED CORPORATIONS 

SEC Code of Governance Recommendations 2.11 and 3.4 and their corresponding explanations RISK MANAGEMENT FRAMEWORK



SEC Code of Governance Principle 12

STEPS IN THE RISK MANAGEMENT PROCESS 1. Set up a separate risk management committee chaired by a board member. -

To demonstrate the firm’s commitment to adopt an integrated company-wide risk management system

2. Ensure that a formal comprehensive risk management system is in place. -

To provide a clear vision of the board’s desire for an effective company-wide risk management

3. Assess whether the formal system possesses the necessary elements.

JENIELYN P. TORRES, CPA

6

KEY ELEMENTS a. Goals and objectives b. Risk language identification c. Organization structure – should include formal charters, levels of authorization reporting lines, and job description d. Risk management process documentation 4. Evaluate the effectiveness of the various steps in the assessment of the comprehensive risks faced by the business firm. 5. Assess if management has developed and implemented the suitable risk management strategies and evaluate their effectiveness. -

Strategies may include avoidance, reduction, transfer, exploitation and retention of risks.

6. Evaluate if management has designed and implemented risk management capabilities. 7. Assess management’s efforts to monitor overall company risk management performance and to improve continuously the firm’s capabilities. -

Must be monitored on a continuing basis

8. See to it that best practices as well as mistakes are shared by all. -

Regular communication of results and feedback to all concerned Open communication channel

9. Assess regularly the level of sophistication of the firm’s risk management system. 10. Hire experts when needed.

JENIELYN P. TORRES, CPA

7

CHAPTER 12 PRACTICAL GUIDELINES IN REDUCING AND MANAGING BUSINESS RISKS  

Apply the principles and techniques appropriate to the situation. Risks can be managed and controlled but success is rare. Hence, the need for proper and careful risk management.

UNDERSTAND THE NATURE OF RISK   

Some companies view risk as an opportunity. Starting point: Accept that risks exist. Understanding the nature of risk involves assessing the likelihood of risks becoming reality and the effect they would have if they did.

IDENTIFY AND PRIORITIZE RISKS    

Identify significant risks both within and outside the organization in order to avoid unnecessary surprises. Examples of significant risks: loss of a major customer, failure of a key supplier, appearance of a significant competitor People behave differently and inconsistently when making decisions involving risk. For a more structured analysis, define the categories into which risks fall.

TYPICAL AREAS OF ORGANIZATIONAL RISK 1. 2. 3. 4. 5.

Financial – inefficient cash management, fraud Commercial – poor brand management, market changes Strategic – marketing and pricing decisions, resource allocation decisions Technical – failure of plant or equipment, accidental or negligent actions Operational – product or design failure, corporate malpractice

CONSIDER THE ACCEPTABLE LEVEL OF RISKS  

Opportunity cost associated with risk: Avoiding a risk may mean avoiding a potentially big opportunity. Sometimes, the greatest risk is to do nothing.

UNDERSTAND WHY RISKS BECOME REALITY 

Upon identification of risks, they can be ranked according to their potential impact and the likelihood of their occurrence in order to highlight JENIELYN P. TORRES, CPA

1

a. where things might go wrong and what their impact would be b. how, why, and where the risk catalysts might be triggered

TYPES OF RISK CATALYSTS (those that can change and trigger risks) 1. Technology – new hardware, software or system configurations; traffic congestion change introduced by the Metro Manila Development Authority (MMDA) Chair 2. Organizational change – new management structures or reporting lines, new strategies, commercial agreements like mergers 3. Processes – new products, markets, and acquisitions 4. People – hiring new employees, poor succession planning, weak people management, behavior - laziness, fraud, human error 5. External factors – changes in regulation and political, economic, or social developments; economic disruption brought by the pandemic

APPLY A SIMPLE RISK MANAGEMENT PROCESS A. Risk Assessment and Analysis 

Assessment of risk differs from one company to another. For example, there are risks that can be solved using past experience. There are also those that are harder to assess or quantify. When a company is focused on meeting short-term expectations, risks with little likelihood of occurrence in the next five years may not be so important to such company.

B. Risk Management and Control 

Risk management procedures and techniques should be well documented, clearly communicated, and regularly reviewed and monitored. Table 1. Assessing and Mapping Risk

JENIELYN P. TORRES, CPA

2

-

Risks falling into the top-right quadrant require urgent action. Those in the bottom-right quadrant should not be ignored because complacency, mistakes, and lack of control can turn into a reality.



Once the inherent risks in a decision are understood, the priority is to exercise control.



Share information, prepare and communicate clear guidelines, and establish control procedures and risk measurement systems.

Avoid and Mitigate Risks 

Reduce or eliminate those that result only in costs.



Can be achieved through quality assurance programs, environmental control processes, health and safety regulations, accident prevention and emergency equipment installation, and security measures to prevent crime, sabotage, espionage and threats to people and systems



Can also be reduced or mitigated by sharing them – ex: acceptable service agreements from vendors

Create a Positive Climate for Managing Risk 

The ethos of an organization should recognize and reward behavior that manages risk.

Overcome the Fear of Risk   

Taking risks is needed to keep ahead of the competition. See risk as an opportunity, not a threat. Risk is both desirable and necessary. It provides opportunities to learn and develop and it compels people to improve and effectively meet the challenge of change.

C. Controlling and Monitoring Enterprise-Wide Risks Guide Questions -

Where are the greatest areas of risk relating to the most significant strategic decisions? What level of risk is acceptable for the company to bear? What is the overall level of exposure to risk? Has this been assessed and is it being actively monitored? What are the costs and benefits of operating effective risk management controls? JENIELYN P. TORRES, CPA

3

-

Do employees resent risk, or are they encouraged to view certain risks as opportunities?

PRACTICAL CONSIDERATIONS IN MANAGING AND REDUCING FINANCIAL RISKS Finance – lifeblood of a business. It heavily influences strategies and decisions at every level. 1. Improving Profitability A. Variance Analysis – interpreting the differences between actual and planned performance B. Assessment of Market Entry and Exit Barriers – assessment of how easy or difficult it is to either enter or leave a market 

When markets are difficult or costly for competitors to enter and relatively easy and affordable to leave, firms can achieve high, stable returns, while still being able to leave for other opportunities. C. Break-even Analysis – cost-volume-profit analysis; analysis of the point when sales cover costs or where neither profit nor loss is made D. Controlling Costs – achieved by focusing on the big items of expenditure, being aware of costs, maintaining a balance between costs and quality, using budgets for dynamic financial management, developing a positive attitude to budgeting, eliminating waste Practical Techniques to Improve Profitability -

Focus decision-making on the most profitable areas. Decide how to treat the least profitable products. Make sure new products enhance overall profitability. Manage development and production decisions. Set the buying policy. Consider how to create greater value from existing customers and products to enhance profitability. Consider how to increase profitability by managing people.

2. Avoiding Pitfalls in Making Financial Decisions – achieved by applying the following principles a. Financial expertise must be widely available. - To routinely make the best financial decisions b. Consider the impact of financial decisions. JENIELYN P. TORRES, CPA

4

-

Impact of finance issues upon other departments and decisions

c. Avoid weak budgetary control. - Budgets are useful not just in measuring performance but also in making financial decisions. d. Understand the impact of cash flow. - Importance of cash in organizations e. Know where the risk lies. - Ex: not only where the break-even point is but also how and when it will be reached

3. Reducing Financial Risk Guide Questions - Are the most effective and relevant performance measures in place to monitor and assess the effectiveness of financial decisions? - Is there a positive attitude to budgets and budgeting? - What are the least profitable parts of the organization? How will they improve? - How efficiently is cash managed? Do your strategic business decisions take account of cash considerations, such as time value of money?

JENIELYN P. TORRES, CPA

5

M G T

2 0 9

Overview of Internal control Companies establish goals and objectives and then assess the risks of achieving those objectives. As a response to the assessed risk, the company may design and implement internal control to have a reasonable assurance that the objectives will be achieved.  Assessment of control risk and consideration of internal control are important steps in the audit process.  Control risk – risk that the entity’s internal control may not detect or prevent a material misstatement

Internal Control - process designed and effected by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to (1) reliability of financial reporting (financial reporting objective), (2) effectiveness and efficiency of operations (operational objective), and (3) compliance with applicable laws and regulations (compliance objective) 4 essential concepts embodied in the said definition a. Internal control is a process.  It is a not an end in itself. Instead, it is a means of achieving the entity’s objectives. b. Internal control is effected by those charged with governance and management, and by other personnel.  Responsibility of the management: to establish a control environment and maintain policies and procedures to assist in achieving the entity’s objectives  Responsibility of those charged with governance: to ensure the integrity of accounting and financial reporting systems through oversight of management c. Internal control can be expected to provide reasonable assurance of achieving the entity’s objectives.  Only reasonable assurance, not absolute assurance (because of inherent limitations that may affect the effectiveness of internal control)  Examples of limitations: usual requirement that the cost of internal control should not exceed the expected benefits to be derived, reality that human judgment in decision making can be faulty and subject to bias

Internal control can help 1. Achieve organizational, operational, and financial goals 2. Prevent loss of resources 3. Support reliable financial reporting 4. Support compliance with laws, regulations, and internal policies and procedures to avoid damage to reputation and other consequences

But internal control cannot 1. Ensure organizational success 2. Ensure absolute protection of assets 3. Ensure the reliability of financial reporting 4. Ensure absolute compliance with laws, regulations, and policies and procedures

d. Internal control is designed to help achieve the entity’s objectives.  Achievement of objectives depends not only on management decisions but also on competitor’s actions and other factors outside the entity.

Internal Control System – all the policies and procedures (internal controls) adopted by the management of an entity to assist in achieving management’s objective of ensuring, as far as practicable, the orderly and efficient conduct of its business, including adherence to management policies, the safeguarding of assets, the prevention and detection of fraud and error, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information.

 Internal control structures vary from one company to the next, depending on factors such as size of the business, nature of operations, geographical dispersion of activities, and organizational objectives. A. Control Environment – overall attitude, awareness, and actions of directors and management regarding the internal control system and its importance in the entity  A strong control environment does not, by itself, ensure the effectiveness of the internal control system. Subcomponents of the Control Environment 1. Communication and enforcement of integrity and ethical values  Management should establish ethical standards that discourage employees from engaging in dishonest, unethical, or illegal acts that could materially affect the financial statements. 2. Commitment to competence  The entity should consider the level of competence required for each task and translate it to requisite knowledge and skills.

3. Participation by those charged with governance  The entity must have an audit committee, which will be responsible for overseeing the financial reporting policies and practices of the entity. 4. Management’s philosophy and operating style  The auditor should assess the management attitudes towards financial reporting and their emphasis on meeting projected profit goals because these will significantly influence the risk of material misstatements in the financial statements. 5. Organizational structure  This provides a framework for planning, directing, and controlling the entity’s operations. 6. Assignment of authority and responsibility  Appropriate methods of assigning responsibility must be implemented to avoid incompatible functions and to minimize the possibility of errors because of too much workload assigned to an employee. 7. Human resources policies and procedures  The entity must implement appropriate policies for hiring, training, evaluating, promoting, and compensating entity’s personnel because the competence of the entity’s employees will bear directly on the effectiveness of the entity’s internal control. B. Entity’s Risk Assessment Process  Entity’s business objectives cannot be achieved without some risks. Risk Assessment – identification, analysis, and management of risks pertaining to the preparation of financial statements  The basic concepts of the entity’s risk assessment process are relevant to every entity, regardless of size, but the risk assessment process is likely to be less formal and less structured in small entities than in larger ones. C. Information and Communication System Information system – consists of infrastructure (physical and hardware components), software, people, procedures, and data - encompasses methods and records that 1. Identify and record all valid transactions 2. Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions for financial reporting 3. Measure the value of transactions in a manner that permits recording their proper monetary value in the financial statements 4. Determine the time period in which transactions occurred to permit recording of transactions in the proper accounting period 5. Present properly the transactions and related disclosures in the financial statement

 The SEC Code of Corporate Governance provides that companies should maintain a comprehensive and cost-efficient communication channel for disseminating relevant information.  Communication – continual, iterative process of providing, sharing, and obtaining necessary information. - can be made electronically, orally, or through the actions of management. - can take such forms as policy manuals, accounting and financial reporting manual, and memoranda. D. Control Activities – policies and procedures that help ensure that management directives are carried out, for example, that necessary actions are taken to address risks that threaten the achievement of the entity’s objectives Major Categories of Control Procedures 1. Performance Review Examples a. comparing actual performance with budgets, forecasts, and prior period performance b. investigating performance indicators based on operating and financial data c. reviewing functional or activity performance 2. Information Processing Controls – policies and procedures designed to require authorization of transactions and to ensure the accuracy and completeness of transaction processing Classification of Control Activities a. General controls – control activities that prevent or detect errors or irregularities for all accounting systems b. Application controls – controls that pertain to the processing of a specific type of transaction Control activities related to the processing of transactions a. Proper authorization of transactions and activities b. Segregation of duties c. Adequate documents and records d. Access to assets e. Independent checks on performance 3. Physical Controls – controls that encompass the physical security of assets, authorization for access to computer programs and data files, and the periodic counting and comparison with amounts shown on control records Examples a. Petty cash should be kept locked in a fireproof safe. b. Cash received by retail clerks should be entered into a cash register to record all cash received. c. Accounts receivable records should be stored in a locked, fireproof safe. If the records are computerized, adequate backup copies should be maintained and access to the master files should be restricted via passwords. d. Raw material inventory should be retained in a locked storeroom with a reliable and competent employee controlling access. e. Perishable tools should be stored in a locked storeroom under control of a reliable employee.

f. Manufacturing equipment should be kept in an area protected by burglar alarms and fire alarms and kept locked when not in use. g. Marketable securities should be stored in a safety deposit vault. 4. Segregation of Duties – assigning the responsibilities of authorizing transactions, recording transactions, and maintaining custody of assets to different people - purpose: to reduce the opportunities of allowing any person to be in a position to both perpetrate and conceal errors or fraud in the normal course of the person’s duties E. Monitoring of Controls – process that an entity uses to assess the quality of internal control over time - involves assessing the design and operation of controls on a timely basis and taking corrective action as necessary - accomplished through 1. Ongoing monitoring activities – built into the normal recurring activities of an entity - include regularly performed supervisory and management activities - example: continuous monitoring of customer complaints 2. Separate evaluations – performed on a non-routine basis - example: periodic audits by the internal auditors

– COSO - Committee of Sponsoring Organizations of the Treadway Commission - a joint initiative dedicated to provide thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence. The 2013 Framework sets out 17 principles representing the fundamental concepts associated with each component. Because these principles are drawn directly from the components, an entity can achieve effective internal control by applying all principles. All principles apply to operations, reporting, and compliance objectives. Control Environment (5)

Demonstrates commitment to integrity and ethical values Exercises oversight responsibility Establishes structures, reporting lines, authorities, and responsibilities Demonstrates commitment to competence Enforces accountability

Risk Assessment (4)

Specifies appropriate objectives Identifies and analyzes risks Assesses fraud risks Identifies and analyzes significant changes

Control Activities (3)

Selects and develops control activities Selects and develops general controls over technology Deploys control activities through policies and procedures

Information and Communications (3)

Uses relevant information Communicates internally Communicates externally

Monitoring Activities (2)

Conducts ongoing and/or separate evaluations Evaluates and communicates internal control deficiencies

M G T

2 0 9

FRAUD & ERROR This chapter introduces fraud risk and errors and how they can be reduced, if not totally avoided, by having effective internal control – a tool of good corporate governance and a vital tool in managing risk.

FRAUD – an intentional act involving the use of deception to obtain an unjust or illegal advantage – involves motivation to commit it and a perceived opportunity to do so

ERROR – the underlying cause of the misstatement is unintentional  The risk of not detecting a material misstatement resulting from fraud is higher than the risk of not detecting one resulting from error.

TYPES OF MISSTATEMENTS A. Misstatement arising from misappropriation of assets - occurs when a perpetrator steals or misuses an organization’s assets - also known as employee fraud because it usually involves employees - can also involve management who are usually more able to disguise or conceal misappropriations in ways that are difficult to detect - often accompanied by false or misleading records or documents in order to conceal the fact that the assets are missing or have been pledged without proper authorization

Misappropriation – an act of using or disposing of another’s property as if it were one’s own or of devoting it to a purpose or use different from that agreed upon

Examples cash receipts – misappropriating collections on accounts receivable ♥ stealing entity’s assets such as cash, inventory, and intellectual property – stealing scrap for resale, colluding with a competitor by disclosing technological data in return for payment ♥ causing the company to pay for goods or services that were not received – payments to fictitious vendors and employees, kickbacks paid to purchasing agents in return for inflating prices ♥ using an entity’s assets for personal use – using entity’s assets as collateral for a personal loan ♥ embezzling

B. Misstatement arising from fraudulent financial reporting - results from an intentional manipulation of reported financial results to misstate the economic condition of the organization - also known as management fraud because it usually involves members of the management or those charged with governance - can be caused by efforts of management to manage earnings in order to deceive financial statement users by influencing their perceptions as to the entity’s performance and profitability

Examples ♥ manipulation,

falsification, or alteration of records or documents ♥ misrepresentation in or intentional omission of the effects of transactions from records or documents ♥ recording of transactions without substance ♥ intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosure

The risk of auditor not detecting a material misstatement resulting from management fraud is greater than for employee fraud. Reason: The management is frequently in a position to directly or indirectly manipulate accounting records, present fraudulent financial information, or override control procedures designed to prevent similar frauds by other employees.

CORRUPTION - improper use of power - usually uncovered through tips or complaints from third parties

Examples 1. Conflicts of interest – an undisclosed personal economic interest in a transaction that adversely affects the organization or its shareholders ♥ Employees hiring someone close to them over another more qualified applicant ♥ Transfer of knowledge to a competitor by an employee who intends to join the competitor’s company

2. Kickbacks ♥ Preferential

treatment of customers in return for a kickback ♥ Kickback to employees by a supplier in return for the supplier receiving favorable treatment

3. Bribery – offering, giving, receiving, or soliciting anything of value to influence an outcome ♥ Payment to government officials to obtain a benefit (ex: tax inspectors) ♥ Payment of agency/facilitation fees (bribes) in order to secure a contract 4. Extortion – offering to keep someone from harm in exchange for money or other considerations Blackmail – offering to keep information confidential in return for money or other considerations

FRAUD RED FLAG - condition that indicate potential fraud - can be anything that strongly suggests than an unethical or suspicious event has taken place or is a situation that would enable fraud to take place without detection

Examples inadequate or non-transparent explanations for unusual transaction, variances, or results large adjustments made after period end absence of underlying documentation supporting the transaction creation of fictitious reconciling items to create the appearance that accounts are in balance, when they are not 5. discovery of falsification of documents, dates, contractual terms, or other business records 1. 2. 3. 4.

THE FRAUD TRIANGLE - framework designed to explain the reasoning behind a worker’s decision to commit fraud - describes the 3 factors that are present in every situation of fraud Elements of the Fraud Triangle 1. incentive – factors that may create pressure on the management or employees 2. opportunity – characteristics or circumstances that may increase the susceptibility to fraud 3. rationalization – the attitude or mindset of the fraudster to justify committing the fraud EXAMPLE Fraud Recording fictitious sales

Incentive Significant declines in customer demand

Opportunity

Rationalization

Significant related-party Poor ethical standards transactions

1. INCENTIVES OR PRESSURES TO COMMIT FRAUD A. Asset Misappropriation ♥ Personal

factors, such as severe financial considerations ♥ Pressure from family, friends, or society to live in a more lavish lifestyle ♥ Addictions to gambling ♥ Adverse relationships between the entity and employees with access to cash and other assets susceptible to theft

B. Fraudulent Financial Reporting ♥ Management

compensation schemes ♥ Pressure from outside or inside the entity, to achieve an expected (and perhaps unrealistic) earnings target or financial outcome ♥ Debt covenants ♥ Greed

2. OPPORTUNITIES TO COMMIT FRAUD ♥ Significant

related party transactions ♥ Company’s industry position - ability to dictate terms or conditions to suppliers or customers that might allow individuals to structure fraudulent transactions ♥ Weak, inadequate, or inexistent internal controls ■ inadequate physical safeguards over assets ■ lack of complete and timely reconciliation of assets ■ inadequate system of authorization and approval of transactions (for example, in purchasing) ♥ Large amounts of cash on hand ♥ Inventory items that are small in size, of high value, or in high demand ♥ Fixed assets that are small in size, marketable, or lacking observable identification of ownership. ♥ Management overriding controls ■ recording fictitious journal entries, particularly close to the end of an accounting period, to manipulate operating results ■ concealing facts that could affect the amounts recorded in the financial statements ■ altering records and terms related to significant and unusual transactions

3. RATIONALIZING THE FRAUD A. Asset Misappropriation Mistreatment by the company – behavior indicating displeasure or dissatisfaction with the entity or its treatment of the employee ♥ Sense of entitlement ♥ Tolerance of petty theft ♥ “We will lose everything if we don’t take the money.” ♥ “Something is owed by the company because others are treated better.” ♥

B. Fraudulent Financial Reporting ♥ Saving

the company ♥ Personal greed ♥ “Everybody cheats on the financial statements a little; we are just playing the same game.” ♥ “We will be in violation of all of our debt covenants unless we find a way to get this debt off the financial statements.”

PREVENTION AND DETECTION OF FRAUD - The responsibility rests primarily with (a) those charged with governance of the entity and (b) management.

TOP FRAUD TYPES (according to 2020 PwC’s Economic Crime and Fraud Survey) 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13.

Customer fraud Cybercrime Asset misappropriation Bribery and corruption Accounting/financial statement fraud Procurement fraud Human resources fraud Deceptive business practices Anti-competition law infringement Money laundering and sanctions Intellectual property theft Insider trading Tax fraud

FRAUD PREVENTION -

involves action to discourage fraud and limit the exposure when it occurs principal mechanism: internal control

FRAUD DETECTION - involves whistleblowing, internal and external tip-off, law enforcement investigation, change of personnel/duties, corporate security, risk management, and internal and external audit.

M G T

2 0 9

Errors & irregularities This chapter presents the errors and fraudulent activities that could result when there is poor internal control.

1. Sales and Collections Cycle 2. Acquisitions and Payments Cycle 3. Payroll and Personnel Cycle

1. Errors in Recording Sales and Collections Transactions  using a wrong piece or quantity, recording sales in the wrong period (cutoff error), bookkeeper’s failure to understand proper accounting for a transaction 2. Fraud in Sales and Collections

a. Fraudulent Financial Reporting  Recording fictitious sales (fictitious shipping documents, sales invoices, etc.)  Recording valid transactions twice  Recording in the current period sales that occurred in the succeeding period (improper cutoff)  Following revenue recognition principle that are not in accordance with PFRS  Recognizing revenue that should be deferred  Commonly committed by managers to achieve high profits, to obtain bonuses, to retain the respect of senior managers, or to even keep their jobs

b. Misappropriation of Assets  Skimming – act of withholding cash receipts without recording them - examples: when a cashier in a retail store does not ring up a transaction and takes the cash, recording sales at an amount lower than the invoice amount  Lapping – technique used to conceal the fact that cash has been abstracted - the shortage in one customer’s account is covered with a subsequent payment made by another customer  Kiting – technique used to cover cash shortage or to inflate cash balance - involves counting the cash twice by using the float in the banking system Float – gap between the time the check is deposited or added to an account and the time the check clears or is deducted from the account it was written on

1. Errors in the Acquisitions and Payments Cycle  Failing to record a purchase in the proper period  Recording goods accepted on consignment as a purchase  Misclassifying purchases of assets and expenses  Failing to record a cash payment  Entities normally design controls to prevent these errors from occurring or to detect errors if they do occur.  When such controls exist, auditors test the controls to assess their effectiveness.  If the controls are not effective, auditors should perform substantive tests to determine that the financial statements do not contain material misstatements that arose because of possible errors. Example of substantive test: contacting customers to confirm that accounts receivable balances are correct 2. Frauds in the Acquisitions and Payments Cycle  Paying for fictitious purchases  Receiving kickbacks  Purchasing goods for personal use

1. Errors  Paying employees at the wrong rate  Paying employees for more hours than they worked  Charging payroll expense to the wrong accounts  Keeping terminated employees on the payroll 2. Frauds involving Payroll  Fictitious employees  Excess payment to employees  Failure to record payroll  Inappropriate assignment of labor costs to inventory