REVIEWER

Chapter 11- RISK MANAGEMENT

RISK MANAGEMENT DEFINED

Risk Management – The process of measuring or assessing risk and development strategies to manage
it. Also it’s the act or practice of controlling risk.

Internal Organization of Standardization (ISO 31000) Defines Risk Management as the Identification,
Assessment and the Prioritization of risks followed by the coordinated and economical application of
resources, to minimize, monitor and control the probability and/or impact of unfortunate events and to
maximize the realization of opportunities.

BASIC PRINCIPLES OF RISK MANAGEMENT

The Internal Organization of Standardization (ISO) identifies the basic principles of risk management.

Risk Management should:

1.Create Value - resources spent should mitigate risk should be less than the consequences of inaction,
the benefits should exceed the costs.

2.Address uncertainty and assumptions

3.Be an Integral part of the organizational processes and decision – making.

4.Be dynamic, iterative, transparent, tailorable, and responsive to change.

5.Create capability of continual improvements and enhancements considering the best available
information and human factors.

6.Be systematic, structured and continually or periodically reassessed.

PROCESS OF RISK MANAGEMENT

According to Standard ISO 31000 “the process of risk management consist of several

steps as follows:

1.Establishing the Context

a.Identification of risk in a selected domain of interest.

b.Planning the remainder of the process.

c.Mapping out the following:

1. the social scope risk management.

2. the identity and objectives of the stakeholders
3. the basis upon which the risks will be evaluated, constraints.

d.Defining a framework for the activity and an agenda for identification.

e.Developing an analysis of risks involved in the process.

f.Mitigation or Solution of risks using available technological, human and organizational resources.

2.Identification of Potential Risk

Common risk identification methods:

a.Objective - based risk

b.Scenario - based risk

c.Taxonomy - based risk

d.Common – risk checking

e.Risk charting

Risk Assessment

ELEMENTS OF RISK MANAGEMENT

The performance of assessment method should consist of the following:

1.Identification, Characterization and, Assessment of Threats.

2.Assessment of the vulnerability of critical assets to specific threat.

3.Determination of the risk.

4.Identification of ways to reduce those risk.

5.Prioritization of risk reduction measures based on a strategy.

RELEVANT RISK TERMINOLOGIES

Risk Associated with Investments

1.Business Risk - refers to the uncertainty about the rate of return caused by the nature of the
business.

2.Financial Risk – the firm’s capital structure or sources of financing determine financial risk.

3.Liquidity Risk – associated with the uncertainty created by the inability to sell the investment
quickly for cash.

4.Default Risk – related to the probability that some of all the Initial investment will not be return.

5.Interest Rate Risk – because money has time value, fluctuation in interest rate will cause the value
of investment to fluctuate also. Although interest rates is commonly associated with bond price
movements, rising interest rate could cause bond prices to decline, and declining interest rate could
cause bond prices to rise.

6.Management Risk –decisions made by a firm’s management and board if directors materially
affect the risk faced by investors.

7.Purchasing Power Risk – purchasing power risk is perhaps, more difficult to than the other types
of risk.

POTENTIAL RISK TREATMENTS

ISO 31000 also suggests that once risk have been identified and assessed, techniques to manage the
risk should be applied. These techniques can fall into one or more of these FOUR CATEGORIES:

Risk Avoidance – this includes performing an activity that could carry the risk.

Risk Reduction – or optimization involves reducing the severity of the loss or the likelihood of the
loss from occurring. Optimizing risk means finding a balance between the negative risk and the
benefit of the operation or activity and between risk reduction and effort applied.

Risk Sharing – means sharing with another party the burden of loss or the benefit of gains, from a
risk and the measure to reduce the risk.

Risk Retention – involves accepting the loss or benefit of gain from a risk when it occurs.

AREAS OF RISK MANAGEMENT

The most commonly encountered Areas of Risk Management includes:

1. Enterprise Risk Management.

2. Risk management activities as applied to project management.
3. Risk management for mega projects.
4. Risk management information technology.
5. Risk management techniques in petroleum and natural gas

Enterprise Risk Management process:

Step 1: Assess the Risk.

Step 2: Develop /Design Action Plans.

Step 3: Implement action plan.

Step 4: Monitor and report risk management performance.

Step 5:Continuously improve risk management capabilities

RISK MANAGEMENT FRAMEWORK

The Board should oversee that a sound Enterprise Risk Management (ERM) is in place of effectively
identify, monitor, assess and manage key business risk. The risk management framework should
guide the Board in identifying units /business lines and enterprise-level risk exposures as well as the
effectiveness of risk management strategies.

STEPS IN THE RISK MANAGEMENT PROCESS

To enhance management’s competence in their oversight role in risk management the following
steps may be followed:

1. Set up separate risk management committee chaired by a board member.

2. Ensure that a formal comprehensive risk management system is in place.
3. Assess whether the formal systems possesses the necessary elements.

 key elements that the company – wide risk management should possess are:

a.) goals and objectives

b.) risk language identification

c.) organization structure and

d.) the risk management process document

  risk management process:

Step 1: Assess the Risk : Identification, Determination of their source.

Step 2: Develop /Design Action Plans : Reduce, Avoid, Retain, Transfer, or Exploit.

Step 3: Implement action plans.

Step 4: Monitor and report risk management performance.

Step 5:Continuously improve risk management capabilities

4.Evaluate the effectiveness of the various steps in the assessment of the comprehensive risk faced
by the business firms.

5.Assess if management has developed and implemented the suitable risk management strategies
and evaluate their effectiveness.

6.Evaluate if management has designed and implemented risk management capabilities.

7.Assess management efforts to monitor overall risk management performance and to improve
continuously the firms capabilities.

8.See to it that best practices as well as mistakes are shared by all. This involves regular
communication of results and feedbacks to all concerned.

9.Assess regularly the level of sophistication of the firms risk management system.

10.Hire experts when needed.

CHAPTER 12

PRACTICAL GUIDELINES IN REDUCING AND MANAGING BUSINESS RISKS

Practical Guidelines in Managing and Reducing Enterprise-wide Risk inherent in business activity is best
achieved by applying the principles and techniques appropriate to the situation.

UNDERSTAND THE NATURE OF RISK

The willingness and readiness to take personal and financial risks is a defining characteristic of the
entrepreneurial decision-maker.firm found that while in continental Europe strategies focus on avoiding
and hedging risk, Anglo- American companies view risk as an opportunity and accept risk management
as necessary to achieving their goals. In 2017, this relative attitude to risk among European and US
companies remains broadly the same, the result of long- standing cultural experiences and history as
well as recent events.

CONSIDER THE ACCEPTABLE LEVEL OF RISK

As earlier mentioned, the usual first step is to determine the nature and extent of the risks the business
will accept. This involves assessing the likelihood of risks becoming reality and the effect they would
have if they did. Only when this is understood can measures be taken to minimize the incidence and
impact of such risks.

UNDERSTAND WHY RISKS BECOME REALITY

Once risks are identified they can be ranked according to their potential impact and the likelihood of
them occurring. This helps to highlight not only where things might go wrong and what their impact
would be, but also how, why and where these catalysts might be triggered. The five most significant
types of risk catalyst are as follows:

Technology - New hardware, software or system configurations can trigger risks, as can new demands
on existing information systems and technology. In early 2010, Metro Manila Development Authority
Chair introduced a congestion change for traffic using the centre of the city; the greatest threat to the
scheme's success (and his tenure as chair) was posed by the use of new technology. It worked and the
scheme was widely seen as a success.

Organizational change - Risks are triggered by, for example, new management structures or reporting
lines, new strategies and commercial agreements (including mergers, agency or distribution
agreements).

Processes - New products, markets and acquisitions all cause change and can trigger risks. The
disastrous launch of "New Coke" by Coca-Cola was an even bigger risk than anyone at the company had
realized; it outraged Americans who felt angry that an iconic US product was being changed, That Coca-
Cola eventually turned the situation to its advantage shows that risk can be managed and controlled,
but such success is rare.
People - Hiring new employees, losing key people, poor succession planning, or weak people
management can all create dislocation, but the main danger is behavior: everything from laziness to
fraud, exhaustion and simple human error can trigger this risk.

External factors - Changes to regulation and political, economic or social developments can all affect
strategic decisions by bringing to the surface risks that may have lain hidden. The economic disruption
caused by the sudden spread of the SARS epidemic from China to the rest of Asia in 2003 highlights this
risk.

APPLY A SIMPLE RISK MANAGEMENT PROCESS

The stages of managing the enterprise-wide risk inherent in decisions are simple.

 First, assess and analyze the risks resulting from a decision by systematically identifying and
quantifying them.
 Second, consider how best to avoid or mitigate them.
 Third, in parallel with the second stage, take action to manage control and monitor the risks.

A. Risk Assessment and Analysis

It is more difficult to assess the risks inherent in a business decision than to identify them. Risks that
lead to frequent losses, such as an increasing incidence of employee-related problems or difficulties
with suppliers, can often be solved using past experience. Unusual or infrequent losses are harder to
quantify.

B. Risk Management and Control

Risk should be actively managed and given a high priority across the whole organization. Risk
management procedures and techniques should be well documented, clearly communicated,
regularly reviewed and monitored. To successfully manage risks, you have to know what they are,
what factors affect them and their potential impact

Avoiding and Mitigating Risks

Start by reducing or eliminating those risks that result only in costs: the non-trading risks. These can be
thought of as the fixed costs of risk and might include property damage risks, legal and contractual
liabilities and business interruption risks.

Create a Positive Climate for Managing Risk

Recognizing the need to manage. risk is not enough. The ethos of an organization should recognize and
reward behavior that manages risk. This requires a commitment by senior managers and the resources
(including training) to match. Too often, control systems are seen only as an additional overhead and
not as something that can add value by ensuring the effective use of assets, the avoidance of waste and
the success of key decisions.

Overcoming the Fear of Risk

Everyone accepts that taking risks is needed to keep ahead of the competition. Consequently,
employees need to understand better what the real risks are, to share responsibility for the risks being
taken and to see risk as an opportunity, not a threat.

C. Controlling and Monitoring Enterprise-Wide Risk

The following questions when answered truthfully and positively will assist managers in deciding how to
manage the risks that confront the business enterprise.

 Where are the greatest areas of risk relating to the most significant strategic decisions?
 What level of risk is acceptable for the company to bear? What are the potentially disclosing
events that could inflict the greatest damage on your organization?
 What are the risks inherent in the organization's strategic decisions, and what is the
organization's ability to reduce their incidence and impact on the business?
 What is the overall level of exposure to risk?
 Has this been assessed and is it being actively monitored?
 What are the costs and benefits of operating effective risk management controls?
 What review procedures are in place to monitor risks?
 Are the risks inherent in strategic decisions (such as acquiring a new business, developing a new
product or entering a new market) adequately understood?

 At what level in the organization are the risks understood and actively managed? Do people fully
realize the potential consequences of their actions, and are they equipped to understand, avoid,
control or mitigate risk?
 To what extent would be company be exposed if key staff left?
 If there have been major developments (such as a new management structure or reporting
arrangements), are the new responsibilities understood and accepted?
 Are management information systems keeping pace with demands? Are there persistent black
spots priority areas where the system needs to be improved or overhauled?
 Do employees resent risk, or are they encouraged to view certain risks as opportunities?

PRACTICAL CONSIDERATIONS IN MANAGING AND REDUCING FINANCIAL RISK

Finance is the lifeblood of a business, heavily influencing strategies and decisions at every level.
Many managers find it difficult to get to grips with financial issues and, as the 2008 global financial crisis
revealed, many lost touch with basic financial ground rules.

Profitability, cash flow, long-term shareholder value and risk all need to be considered when setting and
reviewing strategy. This section provides practical guidance about financial decisions and explains how
to:

 improve profitability;
 avoid pitfalls in making financial decisions;
 reduce financial risk.

• Improving Profitability

Entrepreneurial flair and financial rigour are as much about attitude as skill. Nonetheless, certain
skills will ensure that decisions are focused on commercial success.

A. Variance Analysis

Interpreting the differences between actual and planned performance is crucial. Variance analysis is
used to monitor and manage the results of past decisions, assess the current situation and highlight
solutions.

B. Assessment of Market Entry and Exit Barriers

How easy or difficult it is to either enter or leave a market is crucial in strategic decision-making.
Entry barriers include the need to compete with businesses that enjoy economies of scale, or
established differentiated products.

C. Break-even Analysis

The break-even point is when sales cover costs, where neither a profit nor a loss is made. It is
calculated by dividing the costs of the project by the gross profit at specific dates, making sure to
allow for overhead costs. Break-even analysis (cost-volume-profit or CVP analysis) is used to decide
whether to continue developing a product, alter the price, provide or adjust a discount, or change
suppliers to reduce costs.

D. Controlling Costs

To control costs:
  Focus on the big items of expenditure. Categories costs into major or peripheral items. Often,
undue emphasis is given to the 80% of activities accounting for 20% of costs.
 Be cost aware. Casualness is the enemy of cost control. While focusing on major items of
expenditure it may also be possible to cut the cost of peripheral items. Costs can be reduced
over the medium to long term by managers' attitudes to cost control and the effects of expenses
on cash flow.
 Maintain a balance between costs and quality. Getting the best value means achieving a balance
between the price paid and the quality received.
 Use budgets for dynamic financial management. Budget early so financial requirements are
known as soon as possible. Consider the best time-period for the budget normally a year but it
depends on the type of business. Some larger firms have moved to rolling budgets, getting
managers to forecast the next 18 months every quarter. Budgets provide a starting point for
cash flow forecasts and revenues, and they also play an essential role in monitoring costs and
revenues.
 Develop a positive attitude to budgeting. People need to understand, accept and use the
budget, feeling a sense of ownership and responsibility for developing, monitoring and
controlling it.
 Eliminate waste. For decades, leading Japanese companies have directed much of their cost-
management efforts towards waste elimination. They achieve this by using techniques such as
process analysis, mapping and re-engineering.

Practical Techniques to Improve Profitability

Some practical techniques to improve profitability:

 Focus decision-making on the most profitable areas. Concentrating on products and services
with the best margin will protect or enhance profitability. This might involve redirecting sales
and advertising activities.
 Decide how to treat the least profitable products. These often drift, with dwindling profitability.
Turn around a poor performer (by reducing costs, raising prices, altering discounts or changing
the product) or abandon it to prevent drain on resources and reputation. The shelf-life and
appeal of product must be considered when deciding to continue or discontinue it.
 Make sure new products enhance overall profitability. New product development often focuses
on market need or the production process, with insufficient regard to cost, price, sales volume
and overall profitability, which are inextricably linked.
 Manage development and production decisions. The amount spent on research, as well as the
priorities and methods used, affect profitability. Too little expenditure may increase costs in the
long term.
 Set the buying policy. For example, should there be a small number of preferred suppliers or a
bidding system among a wider number of potential suppliers? Also, consider techniques for
 controlling delivery charges, monitoring exchange rates, improving quality control, reducing
inventory and improving production lead times.
 Consider how to create greater value from existing customers and products to enhance
profitability. Ask:

- How can customer loyalty (and repeat purchasing) be enhanced?

- How can the sales proposition be made more competitive relative to the opposition?

- How can existing markets, sales channels, products, brand reputation and other resources be adapted
to exploit new markets and new opportunities?

- How can sales expenses be reduced?

- How can effectiveness of marketing activities be increased?

 Consider how to increase profitability by managing people. Successful leadership is prerequisite

for profitability. People need to be motivated and supported, and this implies rewarding them
fairly for their work,

Avoiding Pitfalls

Many managers have financial responsibilities and their decisions will often be influenced by or have an
impact on other parts of the business. The following principles will help avoid flawed financial decision-
making.

Financial expertise must be widely available

Every manager needs to understand why successful financial management increases profits people need
to own their part of the financial control process, to have the information and expertise needed to
routinely make the best financial decisions.

Consider the impact of financial decisions

Do not ignore or underestimate the wider impact of finance issues upon other departments and
decisions.

Avoid weak budgetary control

Budgets are an active tool to help make financial decisions, not merely a way to measure performance.

Understand the impact of cash flow

Non-financial managers often ignore cash flows and the time value of money. Everyone should be aware
of the importance of cash to the organization.
Know where the risk lies

Identifying risks and how to reduce them is crucial to successful financial decision-making. For example,
managers need to know not only where the break- even point is, but also how and when it will be
reached.

Chapter 13

OVERVIEW OF INTERNAL CONTROL

NATURE AND PURPOSE OF INTERNAL CONTROL

Internal control is the process designed and effected by those charged with governance, management
and other personnel to provide reasonable assurance about the achievement of the entity's objectives
with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance
with applicable laws and regulations. It follows that internal control is designed and implemented to
address identified business risks that threaten the achievement of any of these objectives.

Those objectives fall into three categories:

 Reliability of the entity's financial reporting

 Effectiveness and efficiency of operations
 Compliance with applicable laws and regulations

INTERNAL CONTROL SYSTEM DEFINED

Internal control system means all the policies and procedures (internal controls) adopted by the
management of an entity to assist in achieving management's objective of ensuring, as far as
practicable, the orderly and efficient conduct of its business, including adherence to management
policies, the safeguarding of assets, the prevention and detection of fraud and error, the accuracy and
completeness of the accounting records, and the timely preparation of reliable financial information.

ELEMENTS OF INTERNAL CONTROL

A. Control Environment

The control environment which means the overall attitude, awareness and actions of directors and
management regarding the internal control system and its importance in the entity. The control
environment has an effect on the effectiveness of the specific control procedures.

1. COMMUNICATION AND ENFORCEMENT OF INTEGRITY AND ETHICAL VALUES

Integrity and ethical values are essential elements of the internal control environment. They affect the
design, administration, and monitoring of other components of internal control. An entity's ethical and
behavioral standards and the manner in which it communicates and reinforces them determine the
entity's integrity and ethical behavior Integrity and ethical values include management's actions to
remove or reduce incentives and temptations that might prompt personnel to engage in dishonest,
illegal, or unethical acts. They also include the communication of entity values and behavioral standards
to personnel through policy statements, a code of conduct, and management's example of appropriate
behavior.

2. COMMITMENT TO COMPETENCE

Competence is the knowledge and skills necessary to accomplish tasks that define an employee's job.
Commitment to competence means that management considers the competence levels for particular
jobs in determining the skills and knowledge required of each employee and that it hires employees
competent to perform the tasks.

3.PARTICIPATION BY THOSE CHARGED WITH GOVERNANCE

An entity's control consciousness is influenced significantly by those charged with governance.

Attributes of those charged with governance include independence from management, their experience
and stature, the extent of their involvement and scrutiny of activities, the appropriateness of their
actions, the information they receive, the degree to which difficult questions are raised and pursued
with management, and their interaction with internal and external auditors. The importance of
responsibilities of those charged with governance is recognized in codes of practice and other
regulations or guidance produced for the benefit of those charged with governance. Other
responsibilities of those charged with governance include oversight of the design and effective
operation of whistle blower procedures and the process for reviewing the effectiveness of the entity's
internal control.

4. MANAGEMENT'S PHILOSOPHY AND OPERATING STYLE

Management's Philosophy and Operating Style This refers to management's attitude towards (a)
business risk, (b) financial reporting, (c) meeting budget, profit and other established goals which all
have impact on the reliability of the financial statements Management's approach to taking and
monitoring business risks, its conservative or aggressive selection from alternative accounting principles,
its conscientiousness and conservatism in developing accounting estimates, and its attitude toward
information processing and the accounting function and personnel are factors that affect the control
environment.

5. ORGANIZATIONAL STRUCTURE

The responsibilities and authorities of the various personnel within the organization should be
established in such a manner as to (1) assist the entity in meeting its goals and objectives and (2) ensure
that transactions are processed, recorded, summarized and reported in an accurate and timely manner.
Organizational structure provides the overall framework for planning, directing and controlling
operations

6. ASSIGNMENT OF AUTHORITY AND RESPONSIBILITY

Assignment of Authority and Responsibility Personnel within an organization need to have a clear
understanding of their responsibilities and the rules and regulations that govern their actions
Management may develop job descriptions, computer system documentation. It may also establish
policies regarding acceptable business practice, conflicts of interest and code of conduct.

7. HUMAN RESOURCES POLICIES AND PROCEDURE

Perhaps the most important element of an internal accounting control system is the people who
perform and execute the established policies and procedures. Personnel policies should be adopted by
the client to reasonably ensure that only capable and honest persons are hired and retained. Policies
with respect to employee selection, training, and supervision should be adopted and implemented by
the client. The selection of competent and honest personnel does not automatically assure that errors
or irregularities will not occur. However, adequate personnel policies, coupled with the design concepts
suggested earlier in this section, enhance the likelihood that the client's policies and procedures will be
followed.

B. Entity's Risk Assessment Process

Risk assessment is the "identification, analysis, and management of risks pertaining to the preparation of
financial statements" For example risk assessment may focus on how the entity considers the possibility
of transactions not being recorded or identifies and assesses significant estimates recorded in the
financial statements.

 Changes in operating environment. Changes in the regulatory or operating environment can

result in changes in competitive pressures and significantly different risks.
 New personnel. New personnel may have a different focus on or understanding of internal
control.
 New or revamped information systems. Significant and rapid changes in information systems
can changes the risk relating to internal control.
 Rapid growth. Significant and rapid expansion of operations can strain controls and increase the
risk of a breakdown in controls.

 New technology. Incorporating new technologies into production processes or information

systems may change the risk associated with internal control.
 New business models, products, or activities. Entering into business areas or transactions with
which an entity has little experience may introduce new risks associated with internal control.
 Corporate restructurings. Restructurings may be accompanied by staff reductions and changes
in supervision and segregation of duties that may change the risk associated with internal
control.
 Expanded foreign operations. The expansion or acquisition of foreign operations carries new
and often unique risks that may affect internal control, for example, additional or changed risks
from foreign currency transactions.
 New accounting pronouncements. Adoption of new accounting. principles or changing
accounting principles may affect risks in preparing financial statements.

C.Information System, including the Business Processes, Relevant to Financial Reporting and
Communication

An information system consists of infrastructure (physical and hardware components), software,

people,procedures, and data. Infrastructure and software will be absent, or have less significance, in
systems that are exclusively or primarily manual Many information systems make extensive use of IT.

The Information System, Including Related Business Processes. Relevant to Financial Reporting

The information system relevant to financial reporting objectives, which includes the accounting
system, consists of the proceed and records designed and established to:

 Initiate, record, process, and report entity transactions (as well as events and conditions) and to
maintain accountability for the related assets, liabilities, and equity.
  Resolve incorrect processing of transactions, for example, automated suspense files and
procedures followed to clear suspense items out on a timely basis,
 Process and account for system overrides or bypasses to controls.
 Transfer information from transaction processing systems to the general ledger,

 Capture information relevant to financial reporting for events and conditions other than
transactions, such as the depreciation and amortization of assets and changes in the
recoverability of accounts receivables; and
 Ensure information required to be disclosed by the applicable financial reporting framework is
accumulated, recorded, processed, summarized and appropriately reported in the financial
statements

D Control Activities

Control activities are the policies and procedures that help ensure that management directives are
carried out, for example, that necessary actions are taken to address risks that threaten the
achievement of the entity's objectives. Control activities, whether within IT or manual systems, have
various objectives and are applied at various organizational and functional levels.

The major categories of control procedures are:

A. Performance Review

comparing actual performance (or operating results) with budgets, forecasts, prior period performance,
or competitors data or tracking major initiatives such as cost-containment or cost-reduction programs to
measure the extent to which targets are being met.

B. Information Processing Controls

Information processing controls are policies and procedures designed to require authorization of
transactions and to ensure the accuracy and completeness of transaction processing. Control activities
may be classified according to the scope of the system they affect. General controls are control activities
that prevent or detect errors or irregularities for all accounting systems. General controls affect all
transaction cycles and apply to information processing as a center, hardware and systems software
acquisition and maintenance, and backup and recovery procedures Application controls are controls
that pertain to the processing of a specific type of transaction, such a payroll, or sales and collections.
These controls help ensure that transactions occurred, are authorized, and are completely and
accurately recorded and processed.
Control activities related to the processing of transactions may be grouped as follows: (1) proper
authorization, (2) design and use of adequate documents and records, and (3) independent checks on
performance.

1. Proper authorization of transactions and activities

As suggested earlier, authorization for the execution of transactions flows from the stockholders to
management and its subordinates. Before a transaction is entered into with another party, certain
conditions must usually be met. As part of the evaluation of the potential transaction, documentation
will be created. The auditor uses this documentation to determine whether business transactions are
properly authorized. For example, the purchase of inventory may create a purchase order, a receiving
report, and a vendor invoice. By inspecting these documents and comparing them with company policy,
the auditor may be reasonably satisfied that a business transaction was authorized and executed in a
manner consistent with company policy.

2. Segregation of duties

An important element in designing an internal accounting control system that safeguards assets and
reasonably ensures the reliability of the accounting records is the concept of segregation of
responsibilities. No one person should be assigned duties that would allow that person to commit an
error or perpetuate fraud and to conceal the error or fraud. For example, the same person should not be
responsible for recording the cash received on account and for posting the receipts to the accounting
records.

3. Adequate documents and records

The use of adequate documents and records allow the company to obtain reasonable assurance that all
valid transactions have been recorded.

4. Access to assets

The resources of a client can be protected by the establishment of physical barriers and appropriate
policies. For example, inventories may be kept in a storeroom, or negotiable instruments may be placed
in a safe deposit box. Appropriate. company policies are adopted so that only authorized persons have
access to company resources. Safeguarding assets is more than establishing physical barriers. A client
should design its internal accounting control system so that documents authorizing the movement of
assets into an organization or out of an organization are adequately controlled.

5. Independent checks on performance

The objective of a well-designed internal accounting control system is the adoption of procedures that
periodically compare the actual asset with its recorded balance Regardless of the effectiveness of an
internal control system, some transactions not be accurately recorded, and some assets may be
misappropriated. An important part of an internal accounting control system is to determine the
effectiveness of recording policies and asset access policies. This is accomplished by periodic counts of
assets by the client and comparing the counts to the balances in the general ledger account. Examples
are the count of inventory and the preparation of monthly bank reconciliation.

C. Physical Controls

The extent to which physical controls intended to prevent theft of assets are relevant to the reliability of
financial statement preparation, and therefore the audit, depends on circumstances such as when assets
are highly susceptible to misappropriation.

E. Monitoring of Controls

Monitoring, the final component of internal control, is the process that an entity uses to assess the
quality of internal control over time. Monitoring involves assessing the design and operation of controls
on a timely basis and taking corrective action as necessary. Management monitors controls to consider
whether they are operating as intended and to modify them as appropriate for changes in conditions. In
many entities, internal auditors evaluate the design and operation of internal control and communicate
information about strengths and weaknesses and recommendations for improving internal control.

Chapter 14

FRAUD and ERROR

FRAUD

FRAUD is an intentional act involving the use of deception that results in a material misstatement of the
financial statements.
ERRORS

intent to deceive is what distinguishes fraud and errors. Auditors routinely find financial ERRORS in their
client's books, but those ERRORS are NOT intentional.

*Two types of misstatements are relevant to auditor's consideration of fraud:

(a) misstatements arising from misappropriation of assets, and

(b) misstatements arising from fraudulent financial reporting.

a.Misstatements arising from misappropriation of assets

ASSET MISAPPROPRIATION occurs when a perpetrator steals or misuses an organization's asset. Asset
misappropriations can be accomplished in various ways, including embezzling cash receipts, stealing
assets, or causing the company to pay for goods or services that were not received.

b.Misstatements arising from Fraudulent Financial Reporting

The intentional manipulation of reported financial results to misstate the economic condition of the
organization is called fraudulent financial reporting. The perpetrator of such a fraud generally seeks gain
through the rise in stock price and the commensurate increase in personal wealth. Sometimes the
perpetrator does not seek direct personal gain, but instead uses the fraudulent financial reporting to
"help" the organization avoid bankruptcy or to avoid some negative financial outcome.

=> THE FRAUD TRIANGLE

The Fraud Triangle characterizes incentives, opportunities and rationalizations that enable fraud to
exist.

*The three elements of the fraud triangle are:

1. Incentive to commit fraud

2. Opportunity to commit and conceal the fraud

3. Rationalization - the mind-set of the fraudster to justify committing the fraud.

1. Incentives or Pressures to Commit Fraud

- incentives relating to asset misappropriation include:

> Personal factors, such as severe financial considerations

> Pressure from family, friends, or the culture to live a more lavish lifestyle than one's personal earnings
allow for

> Addiction to gambling or drugs

2. Opportunities to Commit Fraud

" everyone has an opportunity to commit fraud"

- Some of the opportunities to commit fraud that the top management should consider include the
following:

> Management's inconsistency involving subjective judgements regarding asset or accounting estimates

>Complex or unstable organizational structure

> Weak or non-existent internal controls

3. Rationalizing the Fraud

- For asset misappropriation, personal rationalizations often revolve around mistreatment by the
company or a sense of entitlement (such as, "the company owes me!") by the individual perpetrating
the fraud.

Following are some common rationalizations for asset misappropriation:

> Fraud is justified to save a family member or loved one from financial crisis.

> We will lose everything (family, home, car and so on) if we don't take the money.

> This is "borrowing", and we intend to pay the stolen money back at some point.

* Risk Factors Contributory to Misappropriation of Assets

Misappropriation of assets involves the theft of an entity's assets and is often perpetrated by employees
in relatively small and immaterial amounts.

- Misappropriation of assets can be accompanied in a variety of ways including:

 Embezzling receipts

Example:

-misappropriating collections on accounts receivable or diverting receipts in respect of written-off

accounts to personal bank accounts.

 Stealing physical assets or intellectual property

Example:

-stealing inventory for personal use or for sale, stealing scrap for resale, colluding with a competitor by
disclosing technological data in return for payment.

 Causing an entity to pay for goods and services not received

Example:

-payments to fictitious vendors, kickbacks paid by vendors to the entity’s purchasing agents in return for
inflating prices, payments to fictitious employees.

 Using an entity's assets for personal use

Example:

-using the entity’s assets as collateral for personal loan or a loan to a related party.

* Risk Factors Contributory to Fraudulent Financial Reporting

Fraudulent financial reporting may be accomplished by the following:

1. Manipulation, falsification (including forgery), or alteration of accounting records or supporting

documentation from which the financial statements are prepared.

2. Misrepresentation in, or intentional omission from, the financial statements of events, transactions,
or other significant information.

3. Intentional misapplication of accounting principles relating to amounts, classification, manner of

presentation, or disclosure.

Fraud, whether fraudulent financial reporting or misappropriation of assets, involves incentive or

pressure to commit fraud, a perceived opportunity to do so and some rationalization of the act.

A. Incentive / Pressure

Incentive or pressure to commit fraudulent financial reporting may exist when management is under
pressure, from sources outside or inside the entity, to achieve an expected (and perhaps unrealistic)
earnings target or financial outcome particularly since the consequences to management for failing to
meet financial goals can be significant.
B. Opportunities

A perceived opportunity to commit fraud may exist when an individual believes internal control can be
overridden, for example, because the individual is in a position of trust or has knowledge of specific
weaknesses in internal control.

C. Rationalizations

Individuals may be able to rationalize committing a fraudulent act. Some individuals possess an attitude,
charter or set of ethical values that allow them knowingly and intentionally to commit a dishonest act.
However, even otherwise honest individuals can commit fraud in an environment that imposes sufficient
pressure on them.

Responsibility for the Prevention and Detection of Fraud

The primary responsibility for the prevention and detection of fraud rests with both those charged with
governance of the entity and management. It is important that management, with the oversight of
those charged with governance, place a strong emphasis on fraud prevention, which may reduce
opportunities for fraud to take place, and fraud deterrence, which could persuade individuals not to
commit fraud because of the likelihood of detention and punishment. This involves a commitment to
creating a culture of honesty and ethical behaviour which can be reinforced by an active oversight by
those charged with governance.