A new AICPA publication outlines six key steps audit committees can take to combat one of the most significant and costly fraud risks: management override of internal controls. This article provides a summary of this important release.
In response to widely reported financial reporting frauds, the American Institute of Certified Public Accountants (AICPA) has published Management Override of Internal Controls: The Achilles’ Heel of Fraud Prevention — The Audit Committee and Oversight of Financial Reporting. The publication outlines specific steps audit committees can take to combat one of the most significant and costly fraud risks.
|1||Maintain an appropriate level of skepticism. Committee members should use their knowledge of the business and financial statement risks to evaluate override risks. Open skepticism can be a powerful deterrent to fraud.|
|2||Strengthen committee understanding. A solid understanding of the business enables committee members to assess fraud risk when evaluating press releases, analyst forecasts and reports, and financial reports to shareholders.|
|3||Brainstorm. Committee members should discuss potential fraud based on the results of whistleblower hotline calls, fraud risk assessments by auditors and fraud risk factors or concerns identified by members.|
|4||Use the code of conduct. If the company has a code of conduct, the committee should use it as a benchmark to assess whether management conduct preserves the highest level of integrity, despite pressure and opportunity to commit fraud.|
|5||Cultivate a vigorous whistleblower program. The committee should encourage a culture that views whistleblowing as a valuable contribution to both the workplace and employees’ futures. An effective whistleblower program requires strong leadership from the audit committee, the board and management.|
|6||Develop a broad information and feedback network. The network should extend beyond senior management to include internal auditors, independent auditors, the compensation committee and key employees. Inconsistencies in information provided by these sources may indicate fraudulent management overrides.|
Not just for the big guys