| Create & Maintain an Appropriate Culture | | | | In order to assess the risk of fraud a company |
| Culture is important in any organization but to | | | | must understand and identify the source of their |
| have the appropriate attitude of honesty and high | | | | risks. By creating a process to identify the most |
| ethical standards is important to prevent fraud. | | | | important risks they are able to design effective |
| Management must demonstrate this model by | | | | controls to mitigate the risk. Using internal controls |
| providing a tone at the top emphasis on this | | | | will have a two fold effect of prevention and |
| culture. After setting the tone, management must | | | | detection of fraud by having alert procedures in |
| follow up on this commitment by hiring the right | | | | place. |
| people for the job and ensuring that their hiring | | | | One of the most effective internal controls can |
| policies are effective at eliminating those people | | | | be your other employees. By creating a system |
| that do not meet the standards set by the | | | | of monitoring others work and segregation of |
| culture. The hiring process should entail some | | | | duties, management is able to provide a means of |
| form of background check in order to gather | | | | preventing fraud while establishing a |
| some information about their past ethical behavior. | | | | communication channel to report suspicious |
| After acceptance of new employees, | | | | activity. Sarbanes Oxley (SOX) has made this a |
| management should clearly communicate their | | | | requirement for public companies in that |
| expectations and require written confirmation of a | | | | management must create a system to provide |
| mutual understanding of these expectations. | | | | whistle blower protection for those that |
| Methods of Establishing Ethical Corporate Culture | | | | communicate that fraud is going on. SOX also |
| 1. Code of Conduct - Should identify values and | | | | prohibits retaliation against employees who use |
| ethics expectations of the company. They are | | | | the system to report questionable behavior. If the |
| most effective when supported by management | | | | company violates these requirements it is subject |
| and placed in sight of employees. | | | | to a lawsuit by the employee. |
| 2. Training - On going updates throughout a | | | | Lastly, the most important control that public |
| employees time helps reinforce managements | | | | companies must submit to is having an |
| demand for ethical behavior. | | | | independent audit by an accounting firm. Although |
| 3. Consistent Punishment - Violators of Code of | | | | these firms are unable to test all transactions |
| Conduct must be handled per the expectations | | | | made by the company, by using statistical |
| set and done so in a timely manner. It is | | | | sampling they are able to address which accounts |
| necessary to enforce the rules to ensure that | | | | have the most significant risks therefore they can |
| other employees see management as taking it | | | | require more testing of those accounts. These |
| very seriously. | | | | firms also test their company's' controls for |
| Assessing the Risk of Fraud | | | | material weaknesses. If a company is found to |
| Organizations can proactively eliminate | | | | have a material weakness they must fix the |
| opportunities to commit fraud by frequently | | | | controls or will be issued a qualified opinion of their |
| assessing the risks and developing mitigation plans. | | | | financial position. |