INTRODUCTION

The ACFE's Fraud Risk Assessment Tool can be used by fraud examiners to identify their clients' or employers' vulnerabilities to fraud.

The Fraud Risk Assessment Tool consists of 15 modules, each containing a series of questions designed to help organizations zoom in on areas of risk. The fraud professional and the client or employer should begin the risk assessment process by working together to answer the questions in each module. It is important that the client or employer select people within the organization who have extensive knowledge of company operations, such as managers and internal auditors, to work with the fraud professional. Upon completion of all of the questions, the fraud professional should review the results of the assessment with the client or employer in order to:

• Identify the potential inherent fraud risks.
• Assess the likelihood and significance of occurrence of the identified fraud risks.
• Evaluate which people and departments are most likely to commit fraud and identify the methods they are likely to use.
• Identify and map existing preventive and detective controls to the relevant fraud risks.
• Evaluate whether the identified controls are operating effectively and efficiently.
• Identify and evaluate residual fraud risks resulting from ineffective or nonexistent controls.
• Respond to residual fraud risks.

The Fraud Risk Assessment Tool may reveal certain residual fraud risks that have not been adequately mitigated due to lack of, or noncompliance with, appropriate preventive and detective controls. The fraud professional should work with the client to develop mitigation strategies for any residual risks with an unacceptably high likelihood or significance of occurrence. Responses should be evaluated in terms of their costs versus benefits and in light of the organization's level of risk tolerance.

Be aware, however, that this assessment only provides a snapshot of a particular point in time. The dynamic nature of organizations requires routine monitoring and updating of their financial risk assessment processes in order for them to remain effective.

MODULE # 1 – EMPLOYEE ASSESSMENT

The employee assessment questions are designed to assess the probability of a fraudulent event occurring within the organization based on:

• Internal controls
• Internal control environment
• Resources available to prevent, detect, and deter fraud

1. Are employees provided formal written job descriptions?

   In addition to clarifying what employees are responsible for, job descriptions signify what employees are not responsible for. Employees who perform duties outside of their job descriptions represent a significant red flag.

2. Are employees provided with an organizational chart that shows lines of responsibility?

   Organizational charts provide employees with a snapshot of an organization's division of work, levels of management, and reporting relationships.

3. Does the company have written accounting policies and procedures?

   Accounting policies and procedures, including those related to fraud, should be documented, implemented, and communicated to employees.

4. Is there a formal policy covering approval authority for financial transactions, such as purchasing or travel?

   In order to safeguard assets and financial reporting, companies should develop and implement policies for determining how financial transactions are initiated, authorized, recorded, and reviewed.

5. Does the company have an ethics statement?

   The company should implement a formal ethics statement that (1) defines conduct that is unethical, (2) states that unethical acts will be punished, and (3) provides information on reporting unethical conduct.

6. Does senior management exhibit and encourage ethical behavior?

   Senior management sets the tone for ethical conduct throughout the organization. The tone should signal that fraud will not be tolerated.

7. Does the company have written fraud policies and procedures?

   The company should document and implement fraud policies and procedures that describe (1) fraudulent conduct, (2) punishment for engaging in fraudulent conduct, and (3) how to report fraudulent conduct.

8. Is a senior member of management responsible for compliance with fraud policies?

   The responsibility for compliance with fraud and ethics policies should be assigned to a senior member of management.

9. Does the organization educate employees about the importance of ethics and antifraud programs?

   All employees should receive training on the ethics and antifraud policies of the company. The employees should sign an acknowledgment that they have received the training and understand the policies.

10. Does the organization provide an anonymous way to report suspected violations of the ethics and antifraud programs?

    Organizations should provide employees, vendors, and customers with a confidential system for reporting suspected violations of the ethics and antifraud policies.

11. Are fraud incidents promptly and thoroughly investigated?

    Promptly and thoroughly investigating all reported incidents of fraud can minimize losses.

12. Does the company maintain a record of fraud incidents?

    A formal record of all reported incidents of fraud, including documentation of investigative activities and final disposition of each incident, should be maintained.

13. Does the company conduct pre-employment background checks?

    Before offering employment to an applicant, a company should conduct a pre-employment background check (where permitted by law).

14. Does the company have a loss prevention function?

    Responsible personnel should be trained to perform loss prevention functions.

15. Does the company have an internal audit function?

    Internal audits that focus on high-risk areas for fraud can identify new vulnerabilities, measure the effectiveness of internal controls, and signal that fraud prevention is a high priority for the company.

16. Are the duties related to authorization, custody of assets, and recording or reporting of transactions segregated?

    The company should segregate the duties related to authorization, custody of assets, and recording or reporting of transactions.

17. Is compliance with internal controls audited periodically?

    Periodic audits of compliance with internal controls send the message to employees that the company is proactive in its antifraud efforts.

18. Do employees feel they are treated and compensated fairly?

    Management should establish appropriate lines of communication with employees (such as surveys, exit interviews, and open-door policies) to assess their attitudes toward the organization.

19. Do any employees have large personal debts or credit problems?

    Employees with large personal debts or credit problems are a red flag of potential fraud and should be monitored by management.

20. Do any employees appear to be spending far more than they are earning?

    Management should be observant of signs of employees spending far more than they are earning. It is common for employees who steal to use the proceeds for lifestyle improvements, including expensive cars and extravagant vacations.

21. Do any employees gamble excessively?

    Employees who gamble excessively pose a potential fraud risk to the company and should be monitored by management. Employee assistance programs can be made available to help employees with gambling addictions.

22. Do any employees use alcohol or drugs excessively?

    Employees who use alcohol or drugs excessively pose a potential fraud risk to the company and should be monitored by management. Employee assistance programs can be made available to help employees with alcohol or drug addictions.

23. Do any employees resent their superiors?

    Employees who resent their superiors should be monitored by management, as they pose a potential fraud risk to the company.

24. Do any employees have a close association with vendors or competitors?

    Employees with a close relationship to a vendor or competitor should be monitored for potential conflict of interest.

25. Do any employees have outside business interests that might conflict with their duties at the company?

    Employees should be required to provide annual financial disclosures that list outside business interests. Outside interests that conflict with the organization's interests should be prohibited.

26. Is the company experiencing high employee turnover?

    High employee turnover, especially in areas particularly vulnerable to fraud, is a warning sign of fraud that should be investigated.

27. Are employees required to take annual vacations?

    Requiring employees to take annual vacations can aid an employer in detecting an ongoing fraud scheme because the employer is more likely to discover a perpetrator running such a scheme when the perpetrator is removed from the scene.

28. Is the company dominated by a small group of individuals?

    If control is centered in the hands of a few key employees, those individuals should be under heightened security for compliance with internal controls and other policies and procedures.

29. Does the company have unrealistic productivity measurements and expectations?

    Unrealistic productivity measurements and expectations can place undue pressure on employees and result in employees committing fraudulent acts in order to meet them.

30. Does management fail to give employees positive feedback and recognition for job performance?

    Providing positive feedback and recognition to employees helps to reduce the likelihood of internal fraud and theft through boosting morale. Employees with positive feelings about an organization are less likely to commit fraud against the organization.

31. Are employees afraid to deliver bad news to supervisors or management?

    Management should promote a culture in which employees aren't afraid to deliver bad news. After all, the sooner management receives the bad news, the sooner it can respond.

32. Is there a lack of communication between employees and management?

    Management can improve communication with employees by creating an atmosphere that encourages open communication. Employees should feel safe in sharing any thoughts, comments, complaints, or suggestions.

33. Is there a lack of clear organizational responsibilities in the company?

    A lack of clear organizational responsibilities can lead to confusion and frustration for employees. Organizational charts and job descriptions can be used to clarify organizational responsibilities.

34. Does management not seem to care about or reward appropriate employee behavior?

    Management that does not seem to care about or reward appropriate employee behavior can contribute to low employee morale and increased risk of fraud against the company by employees.

MODULE # 2 – MANAGEMENT/KEY EMPLOYEE ASSESSMENT

The management/key employee assessment questions are designed to assess the probability of a fraudulent event occurring within the organization based on:

• Internal controls
• Internal control environment
• Resources available to prevent, detect, and deter fraud

1. Is the board of directors composed of mainly officers of the company or related individuals?

   The board of directors should include independent board members who are not associated with or employed by the company. In theory, independent directors are not subject to the same pressures as management and, therefore, are more likely to act in the best interest of shareholders.

2. Is there an independent audit committee?

   Independent audit committee members with financial and accounting expertise can be instrumental in preventing and detecting financial fraud.

3. Has there been high turnover of managers and members of the board of directors?

   Management should investigate the reasons for high turnover and implement measures to reduce it.

4. Have an unusually high number of key employees left the company recently?

   Management should investigate the reasons for their departure and implement measures to reduce turnover.

5. Is the company involved in any litigation?

   Management should determine the reason for the litigation, monitor the filings, and take corrective action where necessary.

6. Does the company have offshore activities or bank accounts?

   Management should determine the reason for the offshore activities and accounts, ascertain compliance with U.S. laws, and monitor activity closely.

7. Do any of the senior managers have offshore bank accounts or business interests?

   The organization should require senior managers to file annual financial disclosure reports and explain the purpose of any offshore bank accounts or business interests.

8. Are any key employees experiencing financial pressures, such as debts, gambling, medical bills, or divorce?

   Key employees who are experiencing financial pressures represent a potential fraud risk to the company and should be monitored by management. Employee assistance programs can be made available to help employees with alcohol, drug, and other problems.

9. Do any key employees appear to be living beyond their means?

   Management should be observant of signs of employees spending far more than they are earning. It is common for employees who steal to use the proceeds for lifestyle improvements, including expensive cars, extravagant vacations, or expensive clothing.

10. Do any key employees have civil judgments or bankruptcies on record?

    Key employees who have civil judgments or bankruptcies on record represent a potential fraud risk to the company and should be monitored by management.

11. Do any key employees have a criminal conviction?

    Key employees with known criminal convictions should be subjected to increased review by management for compliance with internal controls and other policies and procedures.

12. Do one or two key employees appear to dominate the company?

    If control is centered in the hands of one or two key employees, then those individuals should be under heightened scrutiny for compliance with internal controls and other policies and procedures.

13. Do any key employees have friends or relatives reporting directly to them?

    Organizations should prohibit key employees from having friends or relatives report directly to them.

14. Do any of the key employees appear to have a close association with a vendor?

    Key employees who have a close association with a vendor should be monitored for potential conflict of interest.

15. Do any key employees have outside business interests that might conflict with their duties at the company?

    Key employees should be required to provide annual financial disclosures that list outside business interests. Interests that conflict with the organization's interests should be prohibited.

16. Do any key employees own a portion of any company that does business with this company?

    Organizations should require key employees to disclose any potential conflicts of interest and should closely monitor any such conflicts of interest.

17. Has any key employee failed to take vacation?

    Requiring key employees to take annual vacations can aid an employer in detecting an ongoing fraud scheme because the employer is more likely to discover a perpetrator running such a scheme when the perpetrator is removed from the scene.

18. Do any key employees have a significant amount of their net worth invested in the company?

    Management should subject key employees with a significant amount of their net worth invested in the company to increased review for compliance with internal controls, especially those controls related to financial reporting.

19. Does the company have unusually high debts?

    Management should determine the reason for debt levels and monitor internal controls for financial reporting.

20. Is key employee compensation primarily based on company performance?

    Organizations should monitor employees whose compensation is based primarily on company performance for compliance with internal controls, especially controls related to financial reporting.

21. Is there an incentive to use inappropriate means to minimize earnings for tax reasons?

    Companies should remove any incentive to use inappropriate means to manipulate financial information.

22. Is there excessive pressure to increase the company's stock price?

    Excessive pressure to increase the company's stock price can result in management manipulating financial results in order to meet expectations.

23. Has the company recently experienced large operating or investment losses?

    Large operating or investment losses can place undue pressure on management to manipulate results in order to cover up the losses.

24. Does the organization have sufficient working capital?

    Insufficient working capital can place undue pressure on management to manipulate financial results.

25. Does the organization have sufficient credit?

    A lack of sufficient credit can place undue pressure on management to manipulate financial results in order to obtain credit.

26. Is the organization under pressure to report favorable earnings?

    Excessive pressure to report favorable earnings can result in management committing fraudulent acts in order to meet expectations.

27. Does the company depend heavily on only a limited number of products or customers?

    Dependence on only a limited number of products or customers places a company at greater risk for fraudulent acts to occur.

28. Has the company experienced difficulty in collecting receivables?

    Cash flow problems, which are a warning sign of possible fraud, can arise when a company experiences difficulty in collecting receivables.

29. Has the company recently expanded rapidly into new business or product lines?

    Rapid expansion into new business or product lines can place tremendous financial pressure on a company.

30. Has the company experienced a reduction in sales volume?

    A reduction in sales volume can place undue pressure on management to manipulate financial results.

31. Does the company have strong competitors that are outperforming?

    Strong competition can place a company at greater risk for fraudulent acts to occur.

32. Is the company under pressure to sell or merge with another company?

    Situational pressures that may lead to fraudulent acts can arise when a company is under pressure to sell or merge with another company.

33. Does the company change auditors often?

    A frequent change in auditors is a red flag of fraud.

34. Does the company delay or avoid supplying auditors with the information necessary to complete the audits?

    Delaying or avoiding supplying auditors with the information necessary to complete audits is an indicator of fraudulent activity.

35. Does the company have problems with regulatory agencies?

    The company should determine the reasons for the problems with regulatory agencies and implement measures to encourage compliance with regulations.

36. Does the company have poor accounting records?

    The company should implement proper accounting records.

37. Does the accounting department appear to be inadequately staffed?

    The accounting department should be adequately staffed to allow for proper segregation of duties.

38. Does the organization fail to disclose questionable or unusual accounting practices?

    Questionable or unusual accounting practices should be disclosed.

39. Does the company have a number of large year-end or unusual transactions?

    Large year-end or unusual transactions should be investigated.

40. Does the organization lack an adequate internal audit staff?

    The internal audit department should be adequately staffed.

41. Does the organization lack an internal control system, or does it fail to enforce the existing internal controls?

    Organizations should establish and enforce an internal control system.

MODULE # 3 – PHYSICAL CONTROLS TO DETER EMPLOYEE THEFT AND FRAUD

The physical controls assessment questions are designed to assess the probability of a fraudulent event occurring within the organization based on:

• Physical controls in place to control access to accounting records and information
• Physical controls in place to protect the assets of the organization

1. Does the organization conduct pre-employment background checks to identify previous dishonest or unethical behavior?

   Before offering employment to an applicant, a company should conduct a pre-employment background check (where permitted by law).

2. Are there policies and procedures that address dishonest or unethical behavior?

   The company should document and implement policies and procedures that describe (1) unethical conduct, (2) punishment for engaging in unethical conduct, and (3) how to report unethical conduct.

3. Does management support the ethics and antifraud policies?

   Senior management sets the tone for ethical conduct throughout the organization. The tone should signal that fraud will not be tolerated.

4. Does the organization educate employees about the importance of ethics and antifraud programs?

   All employees should receive training on the ethics and antifraud policies of the company. The employees should sign an acknowledgment that they have received the training and understand the policies.

5. Does the organization provide an anonymous way to report suspected violations of the ethics and antifraud policies?

   Organizations should provide a system for anonymous reporting of suspected violations of the ethics and antifraud policies.

6. Does the organization restrict access to areas containing sensitive documents (such as invoices, receipts, journals, ledgers, and checks) and maintain a system for providing an audit trail of access?

   Access to areas containing sensitive documents should be restricted to those individuals who need the information to carry out their jobs. Also, an audit trail of access should be maintained.

7. Does the organization restrict access to computer systems with sensitive documents (such as accounting software, inventory, and payroll) and create a system to provide an audit trail of access?

   Access to computer systems should be restricted to those individuals who need the information to carry out their jobs. Also, an audit trail of access should be maintained.

8. Does the organization restrict access to areas with high value assets, such as shipping, receiving, storerooms, and cash?

   Organizations should restrict access to areas with high value assets and should maintain a log of persons accessing such areas.

9. Does the organization use CCTV and recording equipment to monitor entries, exits, areas with sensitive or high value assets, and sales areas?

   Entries, exits, areas with sensitive or high value assets, and sales areas can be monitored using CCTV and recording equipment.

10. Does the organization conduct random, unannounced audits of inventory, cash, expense, purchasing, billing, and other accounts by internal or external auditors?

    Random, unannounced audits help prevent fraud perpetrators from having time to alter, destroy, and misplace records and other evidence of their offenses.

11. Does the organization use professional loss prevention or security personnel to monitor physical controls?

    Professional loss prevention or security personnel can be used to monitor physical controls.

12. Does the organization promptly investigate incidents of suspected or reported fraud?

    Promptly investigating incidents of suspected or reported fraud can minimize losses.

MODULE # 4 – SKIMMING SCHEMES

Skimming schemes include:

• Collecting cash, but not recording the sale
• Collecting cash, keeping a portion of the cash, and underreporting the sale amount
• Collecting a customer's payment, but not crediting the amount to the customer's account
• Collecting cash and holding it in a personal interest-bearing account before depositing it into the company account

1. Is there periodic analytical review of sales accounts using vertical, horizontal, and ratio analysis?

   Periodic analytical review of sales accounts using vertical, horizontal, and ratio analysis can highlight discrepancies that point to skimming.

2. Is there periodic review of the inventory and receiving records using statistical sampling?

   Periodic review of the inventory and receiving records using statistical sampling can highlight discrepancies that point to skimming.

3. Is there periodic review of the inventory and receiving records using trend analysis?

   Periodic review of the inventory and receiving records using trend analysis can highlight discrepancies that point to skimming.

4. Is there periodic review of the inventory and receiving records using physical inventory counts?

   Periodic review of the inventory and receiving records using physical inventory counts can highlight discrepancies that point to skimming.

5. Is there periodic review of the inventory and receiving records using verification of shipping and requisition documents?

   Periodic review of the inventory and receiving records using verification of shipping and requisition documents can highlight discrepancies that point to skimming.

6. Is there periodic review of inventory accounts for write-offs?

   Inventory accounts should be reviewed periodically for write-offs.

7. Is there periodic review of accounts receivable and allowance for uncollectible accounts to look for write-offs of accounts receivable?

   Accounts receivable and allowance for uncollectible accounts should be reviewed periodically for write-offs of accounts receivable.

8. Is there periodic review of cash accounts for irregular entries?

   Cash accounts should be reviewed periodically for irregular entries.

9. Is the company mail opened by someone other than bookkeepers, cashiers, or other accounting employees who make journal entries?

   Company mail should be opened by someone other than bookkeepers, cashiers, or other accounting employees who make journal entries.

10. Do vouchers for credit and sales receipts contain serial numbers?

    Vouchers for credit and sales receipts should contain serial numbers.

11. Is the accounts receivable bookkeeper restricted from preparing the bank deposit?

    The accounts receivable bookkeeper should be restricted from preparing the bank deposit.

12. Is the accounts receivable bookkeeper restricted from collecting cash from customers?

    The accounts receivable bookkeeper should be restricted from collecting cash from customers.

13. Is the accounts receivable bookkeeper restricted from access to the cash receipts?

    The accounts receivable bookkeeper should be restricted from access to the cash receipts.

14. Is the cashier restricted from accessing accounts receivable records?

    The cashier should be restricted from accessing accounts receivable records.

15. Is the cashier restricted from accessing bank and customer statements?

    The cashier should be restricted from accessing bank and customer statements.

16. Is each of the following responsibilities assigned to a separate employee: general ledger entries, cash receipt entries, and accounts receivable billing?

    Having different employees perform these tasks helps minimize the potential for the concealment of theft.

17. Does the employee who opens incoming checks place restrictive endorsements on all checks received?

    The employee who opens incoming checks should immediately stamp all incoming checks with the company's restrictive endorsement to protect against unintended parties cashing the checks.

18. Does the person who opens the mail prepare a list of all checks and cash received?

    A list of all checks and cash received should be prepared and reconciled daily against the bank deposit receipt and the cash receipts report.

19. Does the person who opens the mail deliver all checks and cash to the person responsible for the daily bank deposit?

    The person who opens the mail should deliver all checks and cash to the person responsible for the daily bank deposit.

20. Does an employee perform an independent verification of the bank deposit ticket to the remittance list generated by the employee who opened the mail?

    An employee should perform an independent verification of the bank deposit ticket to the remittance list generated by the employee who opened the mail.

21. Does the company use a lockbox service for cash receipts?

    Lockboxes decrease the potential for fraud and error by reducing employee handling of each transaction.

22. Does the company have a safe with restricted access?

    A safe can be used to physically secure excess cash on hand. Access to the safe should be restricted and an access log should be maintained.

23. Is cash deposited daily?

    Daily bank deposits should be made so that excess cash does not remain on the premises.

24. Are there pre-numbered cash receipts for cash sales?

    Pre-numbered cash receipts should be used for cash sales.

25. Are employees who handle cash bonded?

    Employees who handle cash should be bonded in order to protect against theft.

26. Is there a written policy and procedure for turning over delinquent accounts for collection?

    The company should document and implement policies and procedures for turning over delinquent accounts for collection.

27. Is the person who handles customer complaints independent of the cashier or accounts receivable function?

    The person who handles customer complaints should be independent of the cashier or accounts receivable function.

28. Is physical access to the accounting system restricted to only authorized persons?

    Physical access to the accounting system should be restricted to those who require it to perform their job functions.

MODULE # 5 – CASH LARCENY SCHEMES

Cash larceny schemes include:

• Stealing cash at the point of sale or register
• Stealing cash receipts posted to sales and receivable journals
• Stealing cash from bank deposits

1. Are cash register totals reconciled to the amount in the cash drawer?

   Cash register totals should be reconciled to the amount in the cash drawer. Any discrepancies should be investigated.

2. Is an employee other than the register worker responsible for preparing register count sheets and agreeing them to register totals?

   An employee other than the register worker should be responsible for preparing register count sheets and agreeing them to register tape totals.

3. Is access to registers or the cash box closely monitored? Are access codes kept secure?

   Access to registers or the cash box should be closely monitored and access codes should be kept secure.

4. Are customer complaints regarding short change or improper posting handled by someone other than the employee who receives the cash?

   Customer complaints regarding short change or improper posting should be handled by someone other than the employee who receives the cash.

5. Are register workers properly supervised?

   Register workers should be properly supervised by on-duty supervisors or CCTV recording of register activity.

6. Are CCTV cameras and digital recorders used to monitor register areas?

   CCTV cameras and digital recorders can be used to monitor register areas.

7. Is each receivable transaction reviewed for legitimacy and supporting documentation?

   Receivable transactions should be reviewed for legitimacy and supporting documentation.

8. Is an independent listing of cash receipts prepared before the receipts are submitted to the cashier or accounts receivable bookkeeper?

   An independent listing of cash receipts should be prepared before the receipts are submitted to the cashier or accounts receivable bookkeeper.

9. Does a person independent of the cash receipts and accounts receivable functions compare entries to the cash receipts journals with the bank deposit slips and bank deposit statements?

   Companies should assign a person independent of the cash receipts and accounts receivable functions to compare entries to the cash receipts journals with the bank deposit slips and bank deposit statements.

10. Are the cash receipts, cash counts, bank deposits, deposit receipt reconciliations, bank reconciliations, posting of deposits, and cash disbursements duties segregated?

    The primary way to prevent cash larceny is to segregate duties.

11. Does an employee other than the cashier or accounts receivable bookkeeper make the daily bank deposit?

    Having an employee other than the cashier or accounts receivable bookkeeper make the daily bank deposit is an important segregation of duties that can help to prevent cash larceny.

12. Is job or assignment rotation mandatory for employees who handle cash receipts and accounting duties?

    Many internal fraud schemes are continuous in nature and require ongoing efforts by the employee to conceal defalcations. By establishing mandatory job or assignment rotation, the concealment element is interrupted.

13. Are vacations mandatory for employees who handle cash receipts and accounting duties?

    Many internal fraud schemes are continuous in nature and require ongoing efforts by the employee to conceal defalcations. By establishing mandatory vacations, the concealment element is interrupted.

14. Are surprise cash counts conducted?

    Surprise cash counts help prevent fraud perpetrators from having time to alter, destroy, and misplace records and other evidence of their offenses.

15. Are journal entries made to the cash accounts reviewed and analyzed on a regular basis?

    Journal entries made to the cash accounts should be reviewed and analyzed on a regular basis.

16. Does the company use a point of sale (POS) system?

    A POS system will allow the organization to gather sales information in a comprehensive and timely format.

17. Does the POS system track perpetual inventory?

    The POS system should be configured to track perpetual inventory.

18. Does the POS system track exceptions, such as voids, refunds, no sales, overages, and shortages?

    The POS system should be configured to track exceptions, such as voids, refunds, no sales, overages, and shortages.

19. Are register exception reports reviewed on a regular basis?

    Register exception reports should be reviewed on a regular basis by management.

20. Are all employees, except for managers, prohibited from making changes to the POS system?

    All employees, except for managers, should be prohibited from making changes to the POS system.

21. Is access to the accounts receivable subledger and the general ledger restricted to authorized employees? Does access leave an audit trail?

    Access to the accounts receivable subledger and general ledger should be restricted to authorized employees. An audit trail of who accessed the ledgers, including time and date of access, should be kept.

MODULE # 6 – CHECK TAMPERING SCHEMES

Check tampering schemes can be classified into the following categories:

• Forged maker schemes involve forging an authorized signature on a company check.
• Forged endorsement schemes consist of forging the signature endorsement of an intended recipient of a company check.
• Altered payee schemes involve changing the payee designation on the check to the perpetrator or an accomplice.
• Authorized maker schemes occur when employees with signature authority write fraudulent checks for their own benefit.

1. Are unused checks stored in a secure container with limited access?

   Blank checks, which can be used for forgery, should be stored in a secure area such as a safe or vault. Security to this area should be restricted to authorized personnel.

2. Are unused checks from accounts that have been closed promptly destroyed?

   Companies should promptly destroy all unused checks from accounts that have been closed.

3. Are electronic payments used where possible to limit the number of paper checks issued?

   Companies can minimize the possibility of check tampering and theft by using electronic payment services to handle large vendor and financing payments.

4. Are printed and signed checks mailed immediately after signing?

   Printed and signed checks should be mailed immediately after signing.

5. Are new checks purchased from reputable check vendors?

   All new checks should be purchased from reputable, well-established check producers.

6. Do company checks contain security features to ensure their integrity?

   Companies can reduce their exposure to physical check tampering by using checks containing security features, such as high-resolution microprinting, security inks, and ultraviolet ink.

7. Has the company notified its bank to not accept checks over a predetermined maximum amount?

   Companies should work in a cooperative effort with banks to prevent check fraud, establishing maximum dollar amounts above which the company's bank will not accept checks drawn against the account.

8. Has the company established positive pay controls with its bank by supplying the bank with a daily list of checks issued and authorized for payment?

   One method for a company to help prevent check fraud is to establish positive pay controls by supplying its banks with a daily list of checks issued and authorized for payment.

9. Is the employee who prepares the check prohibited from signing the check?

   Check preparation should not be performed by a signatory on the account.

10. Are detailed comparisons made between the payees on the checks and the payees listed in the cash disbursements journal?

    Companies should perform detailed comparisons of the payees on the checks and the payees listed in the cash disbursements journal.

11. Are employees responsible for handling and coding checks periodically rotated?

    Periodic rotation of personnel responsible for handling and coding checks can be an effective check disbursement control.

12. Are bank reconciliations completed immediately after bank statements are received?

    Companies should complete bank reconciliations immediately after bank statements are received. The Uniform Commercial Code states that discrepancies must be presented to the bank within 30 days of receipt of the bank statement in order to hold the bank liable.

13. Are bank statements and account reconciliations independently audited to confirm accuracy?

    Bank statements and account reconciliations should be independently audited for accuracy.

14. Are cancelled checks independently reviewed for alterations and forgeries?

    Cancelled checks should be independently reviewed for alterations and forgeries.

15. Are checks for a material amount matched to the supporting documentation?

    Checks for material amounts should be matched to the supporting documentation.

16. Are voided checks examined for irregularities and to ensure they haven't been processed?

    The list of voided checks should be verified against physical copies of the checks. Bank statements should be reviewed to ensure that voided checks have not been processed.

17. Are missing checks recorded and stop payments issued?

    Missing checks may indicate lax control over the physical safekeeping of checks. Stop payments should be issued for all missing checks.

18. Do questionable payees or payee addresses trigger review of the corresponding check and support documentation?

    Questionable payees or payee addresses should trigger a review of the corresponding check and support documentation.

19. With the exception of payroll, are checks issued to employees reviewed for irregularities?

    Checks payable to employees, with the exception of regular payroll checks, should be closely scrutinized for schemes such as conflicts of interest, fictitious vendors, or duplicate expense reimbursements.

20. Are two signatures required for check issuance?

    Requiring dual signatures on checks can reduce the risk of check fraud.

21. Are all company payments made by check or other recordable payment device?

    Making payments by check or other recordable payment device can reduce the risk of disbursement frauds.

22. Are handwritten checks prohibited?

    Handwritten checks are especially vulnerable to check fraud and should be prohibited.

MODULE # 7 – CASH REGISTER SCHEMES

The following are types of cash register schemes:

• False refund schemes occur when an employee (1) issues a refund for fictitious merchandise and keeps the money or (2) overstates the amount of merchandise returned and skims the excess money.
• False void schemes occur when a register worker retains a customer receipt, processes a fictitious voided sale, and keeps the money.

1. Are refunds, voids, and discounts evaluated on a routine basis to identify patterns of activity among employees, departments, shifts, merchandise, etc.?

   Companies should routinely evaluate refunds, voids, and discounts to search for patterns of activity that might signal fraud.

2. Is there a sign posted at the register asking the customer to request and examine a sales receipt?

   Signs asking customers to request and examine sales receipts should be posted at registers.

3. Are cash disbursements recorded on a pre-numbered form and reconciled daily?

   Cash disbursements should be recorded on pre-numbered forms and reconciled daily.

4. Do the cash disbursement forms have an explanation section or code?

   An explanation section or code should be included on cash disbursement forms.

5. Are customers that are involved in voided sales and refunds randomly contacted to verify the accuracy of the transaction?

   Customers involved in voided sales and refunds should be randomly contacted to verify the accuracy of the transactions.

6. Is access to the necessary control keys for refunds and voids restricted to supervisors?

   Access to the necessary control keys for refunds and voids should be restricted to supervisors.

7. Do void or refund transactions have to be approved by a supervisor and documented?

   All void or refund transactions should be approved by a supervisor and documented.

8. Is documentation of void and refund transactions maintained on file?

   Documentation of void and refund transactions should be maintained on file.

9. Is missing or altered register tape thoroughly investigated?

   Companies should thoroughly investigate any missing or altered register tape.

10. Are gaps in the register tape investigated?

    Companies should investigate any gaps in the register tape.

11. Are multiple voids or refunds for amounts just under any review limit investigated?

    Multiple voids or refunds for amounts just under review limits should be investigated.

12. Is an employee other than the register worker responsible for preparing register count sheets and comparing them to register totals?

    An employee other than the register worker should be responsible for preparing register count sheets and comparing them to register totals.

13. Are customer complaints regarding payment errors thoroughly investigated?

    Customer complaints regarding payment errors should be thoroughly investigated.

14. Does each cashier have a separate access code to the register?

    Each cashier should be assigned a separate access code to the register.

15. Does each cashier have a separate cash drawer?

    Each cashier should have a separate cash drawer.

16. Is an over and short log kept for each person and/or register?

    An over and short log should be kept for each person and/or register.

17. Are over and short incidents thoroughly investigated and monitored?

    Over and short incidents should be thoroughly investigated and monitored.

18. Are all “no sale” receipts accounted for and attached to a daily cashier's report?

    All “no sale” receipts should be accounted for and attached to a daily cashier's report.

19. Is access to the register area restricted to authorized employees and supervisors?

    Companies should restrict access to register areas to authorized employees and supervisors.

20. Are all cashiers periodically integrity shopped?

    Companies should periodically conduct integrity shopping on all cashiers.

MODULE # 8 – PURCHASING AND BILLING SCHEMES

The following are types of purchasing and billing schemes:

• Shell company schemes occur when an employee submits invoices for payment from a fictitious company controlled by the employee.
• Pay-and-return schemes occur when an employee arranges for overpayment of a vendor invoice and pockets the overpayment amount when it is returned to the company.
• Personal purchase schemes occur when an employee submits an invoice for personal purchases to the company for payment, or when an employee uses a company credit card for personal purchases.

1. Does the organization have a purchasing department?

   The organization should have a purchasing department that is separate from the payment function.

2. Is the purchasing department independent of the accounting, receiving, and shipping departments?

   The purchasing department should be independent of the accounting, receiving, and shipping departments.

3. Do purchase requisitions require management approval?

   Management should approve all purchase requisitions.

4. Do purchase orders specify a description of items, quantities, prices, and dates?

   Purchase orders should specify a description of items, quantities, prices, and dates.

5. Are purchase order forms pre-numbered and accounted for?

   Purchase order forms should be pre-numbered and accounted for.

6. Does the company maintain a master vendor file?

   The company should maintain a master vendor file.

7. Are competitive bids required for all purchases?

   Companies should require competitive bids for all purchases.

8. Does the receiving department prepare receiving reports for all items received?

   The receiving department should prepare receiving reports for all items received.

9. Does the receiving department maintain a log of all items received?

   The receiving department should maintain a log of all items received.

10. Are copies of receiving reports furnished to the accounting and purchasing departments?

    Copies of receiving reports should be furnished to the accounting and purchasing departments.

11. Are purchasing and receiving functions separate from invoice processing, accounts payable, and general ledger functions?

    Purchasing and receiving functions should be segregated from invoice processing, accounts payable, and general ledger functions.

12. Are vendor invoices, receiving reports, and purchase orders matched before the related liability is recorded?

    Companies should match vendor invoices, receiving reports, and purchase orders before recording the related liability.

13. Are purchase orders recorded in a purchase register or voucher register before being processed through cash disbursements?

    Purchase orders should be recorded in a purchase register or voucher register before being processed through cash disbursements.

14. Are procedures adequate to ensure that merchandise purchased for direct delivery to the customer is promptly billed to the customer and recorded as both a receivable and a payable?

    Companies should implement procedures adequate to ensure that merchandise purchased for direct delivery to the customer is promptly billed to the customer and recorded as both a receivable and a payable.

15. Are records of goods returned to vendors matched to vendor credit memos?

    Records of goods returned to vendors should be matched to vendor credit memos.

16. Is the accounts payable ledger or voucher register reconciled monthly to the general ledger control accounts?

    The accounts payable ledger or voucher register should be reconciled monthly to the general ledger control accounts.

17. Do write-offs of accounts payable debit balances require approval of a designated manager?

    Write-offs of accounts payable debit balances should require approval of a designated manager.

18. Is the master vendor file periodically reviewed for unusual vendors and addresses?

    The master vendor file should be reviewed periodically for unusual vendors and addresses.

19. Are vendor purchases analyzed for abnormal levels?

    Vendor purchases should be analyzed for abnormal levels.

20. Are control methods in place to check for duplicate invoices and purchase order numbers?

    Companies should implement control methods to check for duplicate invoices and purchase order numbers.

21. Are credit card statements reviewed monthly for irregularities?

    Credit card statements should be reviewed monthly for irregularities.

22. Are vendors with post office box addresses verified?

    All vendors with post office box addresses should be verified.

23. Are voucher payments reviewed regularly for proper documentation?

    Voucher payments should be reviewed regularly for proper documentation.

24. Is access to the accounts payable subledger and the general ledger restricted? Does access create an audit trail?

    Access to the accounts payable subledger and the general ledger should be restricted and an audit trail should be created.

MODULE # 9 – PAYROLL SCHEMES

The following are types of payroll schemes:

• Ghost employee schemes occur when a person not employed by the company is on the payroll.
• Overpayment schemes occur when a company pays an employee based on falsified hours or rates.
• Commission schemes occur when the amount of sales made or the rate of commission is fraudulently inflated.

1. Is the employee payroll list reviewed periodically for duplicate or missing Social Security numbers?

   Organizations should check the employee payroll list periodically for duplicate or missing Social Security numbers that may indicate a ghost employee or overlapping payments to current employees.

2. Are personnel records maintained independently of payroll and timekeeping functions?

   Personnel records should be maintained independently of payroll and timekeeping functions.

3. Are references checked on all new hires?

   Organizations should perform reference checks on all new hires.

4. Are sick leave, vacations, and holidays reviewed for compliance with company policy?

   Sick leave, vacations, and holidays should be reviewed for compliance with company policy.

5. Are appropriate forms completed and signed by the employee to authorize payroll deductions and withholding exemptions?

   Employees should complete and sign appropriate forms to authorize payroll deductions and withholding exemptions.

6. Is payroll periodically compared with personnel records for terminations?

   Payroll should periodically be compared with personnel records for terminations to ensure that terminated employees have been removed from the payroll.

7. Are payroll checks pre-numbered and issued in sequential order?

   Payroll checks should be pre-numbered and issued in sequential order.

8. Is the payroll bank account reconciled by an employee who is not involved in preparing payroll checks, does not sign the checks, and does not handle payroll distribution?

   The payroll bank account should be reconciled by an employee who is not involved in preparing payroll checks, does not sign the checks, and does not handle payroll distribution.

9. Are payroll registers reconciled to general ledger control accounts?

   Payroll registers should be reconciled to general ledger control accounts.

10. Are cancelled payroll checks examined for alterations and endorsements?

    Cancelled payroll checks should be examined for alterations and endorsements.

11. Is access restricted to payroll check stock and signature stamps?

    Access to payroll check stock and signature stamps should be restricted.

12. Are payroll withholdings for taxes, insurance, etc., examined to determine if any employees are not having these items deducted from their paychecks?

    Payroll checks that do not have withholdings for taxes, insurance, etc., should be investigated.

13. Is the employee payroll list reviewed periodically for duplicate or missing home addresses and telephone numbers?

    The employee payroll list should be reviewed for duplicate or missing home addresses and telephone numbers.

14. Is the account information for automatically deposited payroll checks reviewed periodically for duplicate entries?

    Account information for automatically deposited payroll checks should be reviewed periodically for duplicate entries.

15. Is an employee separate from the payroll department assigned to distribute payroll checks?

    An employee separate from the payroll department should be assigned to distribute payroll checks.

16. Are new employees required to furnish proof of immigration status?

    Companies must require new employees to furnish proof of immigration status.

17. Does any change to an employee's salary require more than one level of management approval?

    Changes to an employee's salary should require more than one level of management approval.

18. Does overtime have to be authorized by a supervisor?

    Overtime should be authorized by a supervisor.

19. Do supervisors verify and sign timecards for each pay period?

    Supervisors should verify and sign time timecards for each pay period.

20. Are commission expenses compared to sales figures to verify amounts?

    Comparing commission expenses to sales figures to verify amounts is an important control procedure that can help to detect payroll fraud.

21. Does someone separate from the sales department calculate sales commissions?

    Someone separate from the sales department should calculate sales commissions.

MODULE # 10 – EXPENSE REIMBURSEMENT SCHEMES

The following are types of expense reimbursement schemes:

• Mischaracterized expense schemes occur when an employee requests reimbursement for a personal expense, claiming the expense to be business related.
• Overstated expense schemes occur when an employee overstates the cost of actual expenses and seeks reimbursement.
• Fictitious expense schemes occur when an employee invents a purchase and seeks reimbursement for it.
• Multiple reimbursement schemes occur when an employee submits a single expense for reimbursement multiple times.

1. Are the expense accounts reviewed and analyzed periodically using historical comparisons or comparisons with budgeted amounts?

   Companies should periodically review and analyze expense accounts using historical comparisons or comparisons with budgeted amounts.

2. Do employee expense reimbursement claims receive a detailed review before payment is made?

   Employee expense reimbursement claims should receive a detailed review before payment is made.

3. Are employees required to submit detailed expense reports?

   Employees should be required to submit detailed expense reports containing receipts, explanations, amounts, etc.

4. Is a limit placed on expenses such as hotels, meals, and entertainment?

   Companies should place a spending limit on expenses such as hotels, meals, and entertainment.

5. Are receipts required for all expenses to be reimbursed?

   Companies should require receipts for all expenses to be reimbursed.

6. Are supervisors required to review and approve all expense reimbursement requests?

   All expense reimbursement requests should be reviewed and approved by supervisors.

7. Is there a random authentication of expense receipts and expenses claimed?

   A policy requiring the periodic review of expense reports, coupled with examining the appropriate detail, can help deter employees from submitting personal expenses for reimbursement.

MODULE # 11 – THEFT OF INVENTORY AND EQUIPMENT

The following are types of schemes that involve the theft of inventory or equipment:

• Fake sale schemes occur when an accomplice of an employee “buys” merchandise, but the employee does not ring up the sale and the accomplice takes the merchandise without making any payment.
• Purchasing schemes occur when an employee with purchasing authority uses that authority to purchase and misappropriate merchandise.
• Receiving schemes occur when an employee misappropriates assets purchased by the company as they are received at the company.
• False shipment schemes occur when an employee creates false sales documents and false shipping documents to make it appear that missing inventory was not actually stolen, but rather sold.
• Misuse of company assets occurs when an employee borrows company assets for personal use without authorization.
• Larceny schemes occur when an employee takes inventory from the company premises without attempting to conceal the theft in the accounting records.

1. Has a recent inventory of company equipment, listing serial numbers and descriptions, been completed?

   Companies should inventory company equipment and maintain a list of the equipment, serial numbers, and descriptions.

2. Does the company assign an individual from outside of the department to conduct the department's inventory?

   An employee who doesn't work in the department should be assigned to conduct the department's inventory.

3. Are unexplained entries to the inventory records examined for source documentation?

   Unexplained entries to the inventory records should be examined for source documentation.

4. Is the company experiencing sizeable inventory increases without comparable sales increases?

   Sizeable inventory increases without comparable sales increases may indicate an inventory overstatement fraud scheme and should be investigated.

5. Are analytical reviews of beginning inventory, sales, cost of goods sold, and ending inventory conducted periodically to look for unexplained differences?

   Analytical reviews of beginning inventory, sales, cost of goods sold, and ending inventory should be conducted periodically. Any discrepancies should be investigated.

6. Is there an unusual volume of inventory adjustments, write-offs, or disposals?

   Any unusual volume of inventory adjustments, write-offs, or disposals should be investigated.

7. Does the organization have written inventory instructions and orders?

   Organizations should document and implement inventory instructions and orders.

8. Does someone independent of the purchasing, receiving, and warehousing functions physically count the inventory?

   Physical inventory counts should be conducted by someone independent of the purchasing, receiving, and warehousing functions.

9. Are pre-numbered inventory tags used?

   Pre-numbered inventory tags should be used.

10. Are the inventory tags controlled and accounted for?

    Inventory tags should be controlled and accounted for.

11. Do the inventory procedures prevent double counting?

    Organizations should implement inventory procedures that prevent double counting.

12. Are inventory counts subject to independent recounts?

    Inventory counts should be subject to independent recounts.

13. Is the inventory reasonably identifiable for proper classification in the accounting system, such as description, condition, or stage of completion?

    The inventory should be reasonably identifiable for proper classification in the accounting system, such as description, condition, or stage of completion.

14. Are differences between physical counts and inventory records investigated before inventory records are adjusted?

    Differences between physical counts and inventory records should be investigated before inventory records are adjusted.

15. Is scrap inventoried and is scrap disposal accounted for?

    Scrap should be inventoried and scrap disposal should be accounted for.

16. Are the following duties segregated: requisition of inventory, receiving of inventory, disbursement of inventory, writing off of inventory as scrap, and receipt of proceeds from the sale of scrap inventory?

    The following duties should be segregated: requisition of inventory, receiving of inventory, disbursement of inventory, writing off of inventory as scrap, and receipt of proceeds from the sale of scrap inventory.

17. Is a receiving report prepared for all purchased goods?

    A receiving report should be prepared for all purchased goods.

18. Are copies of receiving reports sent directly to the purchasing and accounting departments?

    Copies of receiving reports should be sent directly to the purchasing and accounting departments.

19. Is the receiving department provided with a copy of the purchase order on all items to be received?

    The receiving department should be provided with a copy of the purchase order on all items to be received.

20. Are partial shipments annotated on purchase orders or attached as separate sheets?

    Partial shipments should be annotated on purchase orders or attached as separate sheets.

21. Are overage, shortage, and damage reports completed and sent to the purchasing and accounting departments?

    Overage, shortage, and damage reports should be completed and sent to the purchasing and accounting departments.

22. Are quantities of materials received counted and compared to purchase orders?

    Quantities of materials received should be counted and compared to purchase orders.

23. Is there a written policy allowing management to inspect all desks, file cabinets, and other containers on company property?

    Companies should document and implement a written policy allowing management to inspect all desks, file cabinets, and other containers on company property.

24. Is there an equipment removal authorization policy requiring written management approval to remove any company equipment from the company premises?

    Companies should document and implement an equipment removal authorization policy requiring written management approval to remove any company equipment from the company premises.

25. Is there a policy requiring the inspection of packages, boxes, and other containers before they leave the company premises?

    Companies should document and implement a policy requiring the inspection of packages, boxes, and other containers before they leave the company premises.

26. Is the removal of trash and trash receptacles periodically monitored?

    Companies should periodically monitor the removal of trash and trash receptacles.

27. Are the shipping and receiving areas adequately supervised to prevent theft?

    Shipping and receiving areas should be adequately supervised to prevent theft.

28. Are high value items stored in secure or continuously monitored areas?

    High value items should be stored in secure or continuously monitored areas.

29. Is the shipping function separate from the purchasing and inventory functions?

    The shipping function should be separate from the purchasing and inventory functions.

30. Are shipping documents pre-numbered and accounted for?

    Shipping documents should be pre-numbered and accounted for.

31. Are shipping orders matched with sales orders and contracts?

    Shipping orders should be matched with sales orders and contracts to prevent inventory and vendor schemes.

32. Are shipments of goods required to have authorized sales orders and contracts prior to shipping?

    Shipments of goods should be required to have authorized sales orders and sales contracts prior to shipping.

33. Are shipping documents forwarded directly to the accounting department for recording inventory reduction and cost of sales?

    Shipping documents should be forwarded directly to the accounting department for recording inventory reduction and cost of sales.

MODULE # 12 – THEFT OF PROPRIETARY INFORMATION

• Theft of proprietary information involves theft or disclosure of confidential or trade secret information for financial gain.

1. Are there policies and procedures addressing the identification, classification, and handling of proprietary information?

   The company should implement policies and procedures addressing the identification, classification, and handling of proprietary information.

2. Are employees who have access to proprietary information required to sign nondisclosure agreements?

   Employees who have access to proprietary information should be required to sign nondisclosure agreements.

3. Are employees who have access to proprietary information required to sign noncompete agreements to prevent them from working for competitors within a stated period of time and location?

   Employees who have access to proprietary information should be required to sign noncompete agreements to prevent them from working for competitors within a stated period of time.

4. Are employees provided with training to make them aware of proprietary information, their responsibility to protect the information, and the company policies and procedures relating to proprietary information?

   Employees should be provided with training to make them aware of proprietary information, their responsibility to protect proprietary information, and company policies and procedures relating to proprietary information.

5. Is there an established procedure to identify what information should be classified as sensitive and for how long?

   Companies should implement a procedure to identify what information should be classified as sensitive and for how long.

6. Are sensitive documents properly classified and marked as confidential?

   Sensitive documents should be properly classified and marked as confidential.

7. Is sensitive information properly secured when not being used?

   Sensitive information should be properly secured when not being used.

8. Is access to sensitive information physically controlled and accounted for?

   Access to sensitive information should be physically controlled and accounted for.

9. Is sensitive information promptly destroyed when it is no longer needed?

   Organizations should promptly destroy sensitive information when it is no longer needed.

10. Are compromises to the security of proprietary information promptly investigated to determine the source?

    Companies should promptly investigate any compromises to the security of proprietary information to determine the source.

11. Are employees required to use screensaver and/or server passwords to protect unattended computer systems?

    Employees should be required to use screensaver and/or server passwords to protect unattended computer systems.

12. Are confidential documents shredded when discarded?

    Confidential documents should be shredded when discarded.

MODULE # 13 – CORRUPTION

The following are types of schemes that involve corruption:

• Bribery schemes involve the offering, giving, receiving, or soliciting of a thing of value to influence a business decision.
• Kickback schemes occur when vendors make undisclosed payments to employees of purchasing companies in order to enlist the employees in overbilling schemes.
• Bid-rigging schemes occur when an employee fraudulently assists a vendor in winning a contract through the competitive bidding process.
• Economic extortion schemes occur when an employee demands payment from a vendor for decisions made in the vendor's favor. Refusal to pay the extorter results in harm to the vendor.
• Illegal gratuities schemes involve giving or receiving something of value to reward a business decision.

1. Is there a company policy that addresses the receipt of gifts, discounts, and services offered by a supplier or customer?

   Organizations should implement a policy that addresses the receipt of gifts, discounts, and services offered by a supplier or customer.

2. Is there an established bidding policy?

   Organizations should establish a bidding policy.

3. Are purchases reviewed to detect out of line costs?

   Organizations should review purchases for costs that are out of line.

4. Are purchases reviewed to identify favored vendors?

   Purchases should be reviewed to identify favored vendors.

5. Are purchases reviewed to identify excessive amounts?

   Purchases should be reviewed and any excessive amounts should be investigated.

6. Are pre-bid solicitation documents reviewed for any restrictions on competition?

   Pre-bid solicitation documents should be reviewed for any restrictions on competition.

7. Are bid solicitation packages numbered and controlled?

   Bid solicitation packages should be numbered and controlled.

8. Is communication between bidders and purchasing employees restricted?

   Companies should restrict and monitor communication between bidders and purchasing employees.

9. Are the bids received kept confidential?

   All bids received should be kept confidential.

10. Are bidders' qualifications verified?

    Companies should verify bidders' qualifications.

11. Are contracts awarded based on predetermined criteria?

    Companies should establish predetermined criteria upon which to award contracts.

12. Are purchasing account assignments rotated?

    Periodic rotation of purchasing account assignments can be an effective corruption control.

13. Are vendors surveyed periodically regarding company purchasing practices?

    Organizations should periodically survey vendors regarding company purchasing practices.

MODULE # 14 – CONFLICTS OF INTEREST

The following are types of schemes that involve conflicts of interest:

• Purchase schemes involve the overbilling of a company for goods or services by a vendor in which an employee has an undisclosed ownership or financial interest.
• Sales schemes involve the underselling of company goods by an employee to a company in which the employee maintains a hidden interest.

1. Are there periodic comparisons of vendor information with employee information, such as addresses and telephone numbers?

   Organizations should conduct periodic comparisons of vendor information with employee information, such as addresses and telephone numbers.

2. Are vendors who employ former company employees under increased scrutiny?

   Vendors who employ former company employees should be under increased scrutiny for potential conflicts of interest.

3. Does the organization have a reporting procedure for personnel to report their concerns about vendors receiving favored treatment?

   Organizations should provide personnel with a confidential system for reporting concerns about vendors receiving favored treatment.

4. Are employees required to complete an annual disclosure document that includes business ownership, income, and investment information?

   Employees should be required to provide annual disclosures that list business ownership, income, and investment information.

5. Does the organization require vendors to sign an agreement allowing vendor audits?

   Organizations should require vendors to sign an agreement allowing vendor audits.

6. Are vendor audits conducted by someone independent of the purchase, sales, billing, and receiving departments?

   Vendor audits should be conducted by someone independent of the purchase, sales, billing, and receiving departments.

MODULE # 15 – FINANCIAL STATEMENT FRAUD

The following are types of financial statement fraud schemes:

• Fictitious revenue schemes involve recording fictitious revenue from the sale of goods or services.
• Improper timing schemes involve recording revenues or expenses in improper accounting periods.
• Understating liabilities schemes involve concealing or understating liabilities and expenses, capitalizing expenses, or expensing capital expenses.
• Improper disclosure schemes involve the improper disclosure of material information, such as contingent liabilities, significant events, management fraud, related-party transactions, or accounting changes.
• Improper asset valuation schemes involve the improper valuation of inventory, accounts receivable, fixed assets, intangibles, or other assets.

1. Are the organization's accounting records in proper form?

   Organizations should maintain accounting records in proper form.

2. Does the organization employ an adequate number of accounting employees?

   The accounting department should be adequately staffed to allow for proper segregation of duties.

3. Does the organization have an effective internal audit staff?

   An effective internal audit staff can focus on high-risk areas for fraud and can identify new vulnerabilities, measure the effectiveness of internal controls, and signal that fraud prevention is a high priority for the company.

4. Are proper internal controls established and maintained?

   Organizations should establish and enforce an internal control system.

5. Does the organization embrace the concept of internal controls?

   Embracing the concept of internal controls requires that senior managers and employees understand why internal controls are important and what adopting such measures means to them.

6. Are senior managers visible in their support of internal controls?

   Senior managers should be visible in their support of internal controls.

7. Are the organization's financial goals and objectives realistic?

   Unrealistic financial goals and objectives can result in managers and employees committing fraudulent acts in order to meet them.

8. Does the organization consistently achieve its financial goals and objectives?

   Any failure to meet financial goals and objectives should be researched.

9. Is the organization's reported financial performance stable or increasing?

   Management should investigate any unstable or decreasing financial performance.

10. Does the company have stable relationships with its banks?

    The company should strive to have stable relationships with its banks.

11. Are there unrealistic changes or increases in financial statement account balances?

    Management should determine the reasons for any unrealistic changes or increases in financial statement account balances.

12. Are the account balances realistic given the nature, age, and size of the company?

    Management should investigate any unrealistic account balances.

13. Do actual physical assets exist in the amounts and values indicated on the financial statements?

    An inventory of physical assets should be conducted to verify that the physical assets exist in the amounts and values indicated on the financial statements.

14. Have there been significant changes in the nature of the organization's revenues or expenses?

    The organization should determine the reasons for any significant changes in the nature of its revenues or expenses.

15. Do one or a few large transactions account for a significant portion of any account balance or amount?

    Situations in which one or a few large transactions account for a significant portion of any account balance or amount should be researched.

16. Are there significant transactions that occur near the end of a period that positively impact results of operations, especially transactions that are unusual or highly complex?

    Any significant transactions that occur near the end of a period and positively impact results of operations should be scrutinized for legitimacy, especially if the transactions are unusual or highly complex.

17. Are financial results fairly consistent across periods?

    The company should be able to explain any variances in financial results across periods.

18. Is there an inability to generate cash flows from operations while experiencing earnings growth?

    Any inability to generate cash flows from operations while experiencing earnings growth should be investigated.

19. Is there significant pressure to obtain additional capital necessary to stay competitive?

    Insufficient working capital can place undue pressure on management to manipulate financial results.

20. Are reported assets, liabilities, revenues, or expenses based on significant estimates that involve unusually subjective judgments or uncertainties?

    Significant estimates, especially those that involve unusually subjective judgments or uncertainties, should be reviewed for reasonableness.

21. Are reported assets, liabilities, revenues, or expenses based on significant estimates that are subject to potential significant change in the near term in a manner that may have a financially disruptive effect on the organization?

    Significant estimates that are subject to potential significant change in the near term in a manner that may have a financially disruptive effect on the organization should be scrutinized.

22. Is the company experiencing unusually rapid growth or profitability, especially when compared with that of other companies in the same industry?

    Unusually rapid growth or profitability, especially when compared with that of other companies in the same industry, is a red flag of fraud and should be investigated.

23. Is the organization highly vulnerable to changes in interest rates?

    The organization should increase review of its financial reporting during periods of high vulnerability.

24. Are there unrealistically aggressive sales or profitability incentive programs?

    Unrealistically aggressive sales or profitability incentive programs can place undue pressure on employees and result in employees committing fraudulent acts in order to meet them.

25. Is there a threat of imminent bankruptcy, foreclosure, or hostile takeover?

    A threat of imminent bankruptcy, foreclosure, or hostile takeover places a company at increased risk for fraudulent activity to occur.

26. Is there a high possibility of adverse consequences on significant pending transactions, such as business combinations or contract awards, if poor financial results are reported?

    A high possibility of adverse consequences on significant pending transactions, such as business combinations or contract awards, if poor financial results are reported can place extreme pressure on management to manipulate results.

27. Is there a poor or deteriorating financial position when management has personally guaranteed significant debts of the entity?

    The existence of a poor or deteriorating financial position when management has personally guaranteed significant debts of the entity can result in management committing fraudulent acts in order to protect itself from financial harm.

28. Does the firm continuously operate on a crisis basis or without a careful budgeting and planning process?

    A careful budgeting and planning process can help a firm to monitor progress toward its goals, control spending, and predict cash flow and profit.

29. Does the organization have difficulty collecting receivables or have other cash flow problems?

    Management should determine the reasons for any collection or cash flow problems.

30. Is the organization dependent on one or two key products or services, especially products or services that can become quickly obsolete?

    Dependence on one or two key products can place tremendous pressure on a company, exposing it to increased risk of fraud.

31. Do the footnotes contain information about complex issues?

    Any complex issues should be explained in the footnotes.

32. Are there adequate disclosures in the financials and footnotes?

    Generally accepted accounting principles concerning disclosures require that financial statements (1) include all relevant and material information in the financials or footnotes and (2) not be misleading.