AKPIS EDU PVT LTD

Obtaining the Certified Internal Auditor (CIA) certification

allows you to advance up the corporate auditing ladder.
Because of the growing demand for Internal Auditor profiles
around the world, the Certified Internal Auditor qualification
has become a globally recognized certification. AKPIS
Professionals will walk you through the IIA USA (Institute of
Internal Auditors, USA) registration process and make sure
you’re prepared

https://akpisprofessionals.com/our-courses/cia/
1 Definition of Fraud and Risks of fraud, its effects

2 Types of Fraud, indicators of fraud

3 Fraudulent processes

4 ROLE of Internal Auditor

 Fraud is an illegal act characterized by deceit, concealment, or violation of trust
( as per IIA )
Frauds are carried out to to obtain money, property, or services, to avoid
payment or loss of services and even to secure personal or business advantage.
No coercion or physical force is involved
Intentional Act: Fraud involves deliberate actions or omissions by individuals
with the intent to deceive.
Deception: The act must involve some form of deceit, such as manipulation of
financial records, misrepresentation of facts, or other deceptive practices.
Unfair or Unlawful Gain: Fraud typically results in obtaining something of value
unfairly or unlawfully, whether it be assets, money, or other benefits.
Financial Loss: Fraud can cause financial harm to the organization, either
directly through misappropriation of assets or indirectly through manipulation of
financial statements.
 Fraud is an intentional act involving the use of deception that
results in misstatement of the financial statements. Two types of
fraud that are relevant to the auditor are
(1) misstatements arising from fraudulent financial reporting and
(2) misstatements arising from misappropriation of assets.
Each of these categories may be further classified according to
the three conditions that ordinarily exist when fraud occurs: (1)
incentives or pressures, (2) opportunities, and (3) attitudes or
rationalizations. For example, excessive pressure may exist to
meet the expectations of third parties (e.g., analysts, investors,
and creditors) regarding profitability or trends (AU-C 240).
Risk of fraud means that fraud will occur,
and its impact on organization if it occurs

Fraud occurs due to :

Opportunity to commit is a factor
Situational pressure
Rationalization which occurs when a person attributes his
or her actions to rational and creditable motives without
analysis of true and consious motive for the organization
 Example : Opportunity to commit fraud

The engagement had been scheduled by the chief audit executive to address unusual inventory
shortages revealed in the annual physical inventory process at a large consumer goods warehouse
operation. A cycle count program had been installed in the storeroom at the beginning of the year in
place of the disruptive process of counting one entire product line at the end of each month. The cycle
count program appeared effective because only nine minor adjustments had been made for the entire
year on the several thousand different products located in the storeroom. The storeroom supervisor
explained that each of the 15 stockroom personnel selected one item each day for cycle count based
on how efficiently the item could be counted. The opportunity for control-related problems including
fraud has been increased in the stockroom because of no segregation of duties.
Also, The opportunity for fraud has been increased because stockroom personnel select the items for
cycle count (poor internal control). Selection of items should be based on relative values or the
relationship of an item to the total volume of transactions. Moreover, personnel who do not have
custodial or recordkeeping responsibilities should control the counts.
 Rationalization Example
Fact Pattern: Randy and John had known each other for many years. They had become best friends in college, where
they both majored in accounting. After graduation, Randy took over the family business from his father. His family had
been in the grocery business for several generations. When John had difficulty finding a job, Randy offered him a job in
the family store. John proved to be a very capable employee. As John demonstrated his abilities, Randy began
delegating more and more responsibility to him. After a period of time, John was doing all of the general accounting and
authorization functions for checks, cash, inventories, documents, records, and bank reconciliations. (1) John was trusted
completely and handled all financial functions. No one checked his work.Randy decided to expand the business and
opened several new stores. (2) Randy was always handling the most urgent problem . . . “crisis management” is what his
college professors had termed it. John assisted with the problems when his other duties allowed him time.Although
successful at work, John had (3) difficulties with personal financial problems.At first, the amounts stolen by John were
small. John didn’t even worry about making the accounts balance. But John became greedy. “How easy it is to take the
money,” he said. He felt that he was a critical member of the business team (4) and that he contributed much more to
the success of the company than was represented by his salary. “It would take two or three people to replace me,” he
often thought to himself. As the amounts became larger and larger, (5) he made the books balance. Because of these
activities, John was able to purchase an expensive car and take his family on several trips each year. (6) He also joined
an expensive country club. Things were changing at home, however. (7) John’s family observed that he was often
argumentative and at other times very depressed.The fraud continued for 6 years. Each year, the business performed
more and more poorly. In the last year, the stores had a substantial net loss. Randy’s bank required an audit. John
confessed when he thought the auditors had discovered his embezzlements.When discussing frauds, the pressures,
opportunities, and rationalizations that cause/allow a perpetrator to commit the fraud are often identified. Symptoms
of fraud are also studied.
 Situational Pressure
Pressure to commit fraud often arises when individuals face financial difficulties, personal crises, or external demands that push them to seek
illegitimate means to alleviate their problems. Here's an example of a situation that could create pressure leading someone to commit fraud:
Financial Hardship: Imagine an employee, let's call her Sarah, who is facing significant financial challenges. She is struggling to meet her
mortgage payments, has mounting credit card debt, and is dealing with unexpected medical expenses for a family member. Despite working
hard, Sarah feels overwhelmed and sees no immediate solution to her financial problems.
Pressure Points:
1. Mounting Debt: Sarah's financial obligations continue to accumulate, and she is falling behind on payments. The fear of creditors, potential
foreclosure, or damage to her credit score intensifies the pressure.
2. Family Obligations: The medical expenses for her family member add to the financial strain. Sarah may feel an increased responsibility to
provide care and support, amplifying her stress.
3. Job Insecurity: Sarah becomes aware of potential downsizing at her workplace, leading to concerns about job security. The fear of
unemployment compounds her financial worries.
Resulting Fraudulent Action: In this scenario, Sarah, feeling cornered and desperate, succumbs to the pressure and decides to commit fraud.
She may engage in activities such as embezzlement, misappropriation of funds, or manipulation of financial records to divert money for
personal use. Sarah may rationalize her actions by convincing herself that the fraud is a temporary solution to address immediate financial
crises.
Preventing and Addressing the Pressure: To mitigate the risk of fraud in situations like these, organizations can implement measures to support
employees facing financial difficulties. This might include offering financial counseling services, creating a supportive work environment, and
fostering open communication about financial challenges. Additionally, organizations should maintain strong internal controls and conduct
regular financial audits to detect irregularities before they escalate into fraud.
Addressing the root causes of financial pressure and promoting a culture of empathy and support within the workplace can contribute to
reducing the likelihood of employees resorting to fraudulent activities.
 1. Rationalization:
Definition: Rationalization refers to the cognitive process by which individuals justify or excuse their fraudulent behavior to themselves.
It involves creating a mental framework or justification for engaging in activities that are ethically or legally wrong.
Examples: A person engaging in embezzlement might rationalize their actions by convincing themselves that they deserve the money
due to perceived mistreatment or low compensation. Another example could be an employee stealing office supplies and rationalizing it
as compensation for a perceived lack of acknowledgment or appreciation.
Role in Fraud: Rationalization is a critical component of the Fraud Triangle because it helps individuals reconcile their actions with their
internal moral compass. Without rationalization, individuals might be less likely to engage in fraudulent behavior.
2. Situational Pressure:
Definition: Situational pressure refers to external factors or circumstances that create a need or urgency for an individual to commit
fraud. These pressures are often financial or personal in nature and can push individuals to seek illicit means to resolve their problems
or fulfill their needs.
Examples: Financial difficulties, mounting debts, addiction issues, or personal crises are common situational pressures that might drive
individuals to commit fraud. For instance, an employee facing financial hardships may feel compelled to embezzle funds to address
immediate financial needs.
Role in Fraud: Situational pressure provides the motive or incentive for individuals to consider fraud as a viable solution to their
problems. The urgency created by these pressures, when combined with the opportunity and rationalization, increases the likelihood of
fraudulent behavior.
In summary, rationalization involves the mental process of justifying fraudulent actions to oneself, providing a moral or psychological
justification for engaging in unethical or illegal behavior. Situational pressure, on the other hand, represents external circumstances or
pressures that create a need or urgency for individuals to commit fraud. Together with opportunity, these factors contribute to the likelihood of
fraudulent behavior as outlined in the Fraud Triangle.
1. Misappropriation of Assets (Embezzlement):
Scenario: An employee responsible for handling cash receipts
systematically diverts a portion of the funds for personal use.
Financial Impact: The organization experiences a loss of cash, and
financial records may be manipulated to conceal the theft.
2. Fictitious Revenues:
Scenario: Sales personnel record fictitious sales transactions to
boost reported revenues and meet performance targets.
Financial Impact: The organization may overstate its financial
performance, leading to inflated profits and potentially impacting
stock prices.
3. Expense Manipulation:
Scenario: Employees submit false expense reports or manipulate
invoices to obtain reimbursements for non-existent or personal
expenses.
Financial Impact: The organization incurs additional expenses that
are not legitimate, resulting in financial loss.
 Vendor Fraud:

Scenario: Collusion between employees and external vendors leads to the submission of inflated invoices for goods or services that were never
delivered.
Financial Impact: The organization pays more than the fair value for goods or services, resulting in financial loss.
Inventory Theft or Fraudulent Write-offs:

Scenario: Employees misappropriate inventory for personal gain or manipulate inventory records to cover up theft.
Financial Impact: The organization experiences a loss of inventory, and financial statements may not accurately reflect the true value of assets.
Phantom Employees or Ghost Payroll:

Scenario: Human resources personnel create fictitious employees in the payroll system and divert salary payments to themselves.
Financial Impact: The organization incurs payroll expenses for non-existent employees, resulting in financial loss.
Insider Trading:

Scenario: Employees with access to sensitive information engage in insider trading, exploiting confidential information for personal financial gain.
Financial Impact: Individuals may profit from securities transactions based on non-public information, and the organization's reputation may suffer.
Rationalization occurs when a person attributes his or her
actions to rational and creditable motives without analysis
of one’s true and especially unconscious motives. Feeling
that one is not being paid as much as one is worth is a
common rationalization for low-level fraud.
Asset misappropriation is stealing cash or other assets (supplies, inventory, equipment,
and information). The theft may be concealed, e.g., by adjusting records.
For example, entering fraudulent journal entries can help conceal asset theft (e.g.,
when an asset is purchased, the perpetrator debits an expense account instead of
an asset account).
However, selecting a vendor based on a blanket purchase order with an approved
vendor(s) is a common business practice.

Skimming is theft of cash before it is recorded, for example, accepting payment from a
customer but not recording the sale.
Payment fraud involves payment for fictitious goods or services, overstatement of
invoices, or use of invoices for personal reasons.
Expense reimbursement fraud is payment for fictitious or inflated expenses, for
example, an expense report for personal travel, nonexistent meals, or extra mileage.
Payroll fraud is a false claim for compensation, for example, overtime for hours not
worked or payments to fictitious employees. One control used to detect the addition of
fictitious persons to the payroll is for the auditor to make periodic comparisons of the
names on the payroll with persons observed working for the company.
Financial statement misrepresentation often overstates assets or revenue or
understates liabilities and expenses. Management may benefit by selling stock, receiving
bonuses, or concealing another fraud.
 Information misrepresentation provides false information, usually to outsiders in the
form of fraudulent financial statements.
Corruption is an improper use of power, e.g., bribery. It often leaves little accounting
evidence. These crimes usually are uncovered through tips or complaints from third
parties. Corruption often involves the purchasing function.
Bribery is offering, giving, receiving, or soliciting anything of value to influence an
outcome (e.g., kickbacks). Bribes may be offered to key employees such as purchasing
agents. Those paying bribes tend to be intermediaries for outside vendors.
A conflict of interest is an undisclosed personal economic interest in a transaction that
adversely affects the organization or its shareholders.
k. A diversion redirects to an employee or outsider a transaction that normally benefits
the
organization.
Wrongful use of confidential or proprietary information is fraudulent.
A related-party fraud is receipt of a benefit not obtainable in an arm’s-length
transaction.
Tax evasion is intentionally falsifying a tax return.
 LIFESTYLE SYMPTOM
Document symptom A BEHAVIORAL SYMPTOM

A drastic change in an employee’s

Tampering with the accounting
rise in an employee’s social behavior) may indicate
records to conceal a fraud. the presence of fraud. Guilt and other
status or level of
Keeping two sets of books or forms of stress associated with
material consumption. perpetrating and
forcing the books to reconcile concealing the fraud may cause noticeable
are examples. changes in behavior.
 1. Symptoms of Fraud:
Definition: Symptoms of fraud are observable indicators or warning signs that may suggest the occurrence of fraudulent
activities. These signs can manifest in various forms and may be detected through anomalies, inconsistencies, or unusual
patterns in financial transactions, records, or behaviors.
Examples: Unexplained discrepancies in financial statements, unusually high numbers of adjustments, employees who
refuse to take vacations or share job responsibilities, and frequent overrides of internal controls can be considered
symptoms of fraud.
Role: The identification and recognition of symptoms of fraud prompt further investigation to determine whether
fraudulent activities are occurring. Recognizing these signs is crucial for timely intervention and prevention.
2. Risk of Fraud:
Definition: Risk of fraud refers to the potential vulnerability or exposure of an organization to fraudulent activities. It is
an assessment of the likelihood and impact of fraud occurring within the organization based on various factors, including
the internal control environment, organizational culture, and external influences.
Examples: Weak internal controls, lack of segregation of duties, a culture that tolerates unethical behavior, and reliance
on manual processes without proper oversight increase the risk of fraud within an organization.
Role: Understanding the risk of fraud helps organizations implement preventive measures and design effective anti-fraud
programs. It involves assessing vulnerabilities and implementing controls to mitigate the likelihood and impact of
fraudulent activities.
In summary, symptoms of fraud are specific red flags or warning signs that may indicate the occurrence of fraudulent activities
and prompt further investigation. On the other hand, the risk of fraud is a broader concept that involves assessing the overall
vulnerability of an organization to fraudulent activities based on its internal and external environment.
To effectively manage fraud risk, organizations should conduct regular risk assessments, implement strong internal controls,
promote a culture of ethics and integrity, provide fraud awareness training, and continuously monitor for potential symptoms of
fraud. Combining proactive risk management with the ability to recognize and respond to symptoms of fraud is essential for
maintaining a robust anti-fraud framework.
1) Lack of employee rotation in sensitive positions, such as cash handling
2) Inappropriate combination of job duties (e.g., cash collections and disbursements
responsibilities)
3) Unclear lines of responsibility and accountability
4) Unrealistic sales or production goals
5) An employee who refuses to take vacations or refuses promotion
6) Established controls not applied consistently
7) High reported profits when competitors are suffering from an economic downturn
8) High turnover among supervisory positions in finance and accounting areas
9) Excessive or unjustifiable use of sole-source procurement
10) An increase in sales far out of proportion to the increase in cost of goods sold (e.g.,
sales increase by 30% and cost of goods sold increase by 3%)
11) Material contract requirements in the actual contract differ from those in the request
for bids
12) Petty cash transactions are not handled through an imprest fund
a. Lapping Receivables
1) In this fraud, a person (or persons) with access to customer payments and
accounts
receivable records steals a customer’s payment. The shortage in that customer’s
account then is covered by a subsequent payment from another customer.
2) The process continues until
a) A customer complains about his or her payment not being posted,
b) An absence by the perpetrator allows another employee to discover the fraud,
or
c) The perpetrator covers the amount stolen.

b. Check Kiting
1) Kiting exploits the delay between (a) depositing a check in one bank account and
(b) clearing the check through the bank on which it was drawn. This practice is only
possible when manual checks are used. The widespread use of electronic funds
transfer and other networked computer safeguards make electronic kiting difficult.
2) A check is kited when (a) a person (the kiter) writes an insufficient funds check on
an
account in one bank and (b) deposits the check in another bank.
3) The second bank immediately credits the account for some or all of the amount of
the check, enabling the kiter to write other checks on that (nonexistent) balance.
The kiter then covers the insufficiency in the first bank with another source of funds.
The process can proceed in a circle of accounts at any number of banks.
 LAPPING RECEIVABLE
1. Employee Scheme:
An employee in the accounts receivable department manipulates customer payments for personal gain.
2. Initial Misappropriation:
The employee takes a payment from Customer A but does not record it in the accounting system. Instead, the employee pockets the money.
3. Covering the Shortfall:
To cover up the missing payment from Customer A, the employee takes the payment from Customer B and applies it to Customer A's account. This
creates the appearance that Customer A's payment was received and properly recorded.
4. Continued Manipulation:
The employee continues this process, using payments from subsequent customers (C, D, E, and so on) to cover the shortfalls caused by the initial
misappropriation and maintain the appearance of normal accounts receivable balances.
5. Detection Challenges:
Lapping receivables can be challenging to detect initially because the employee keeps shifting the misappropriation to different customer accounts.
As a result, the accounts receivable aging report may not immediately reveal discrepancies.
6. Unraveling the Scheme:
Over time, as more customers make payments and the lapping continues, discrepancies become more apparent. Customers may start inquiring about
their account balances, or internal controls and audits may uncover irregularities.
7. Consequences:
Once discovered, the employee responsible for lapping receivables may face legal consequences, including termination, restitution, and possibly
criminal charges for fraud.
 Fraud indicators are specific signs or clues that raise suspicion and
prompt further investigation, while fraudulent processes encompass the
systematic methods and tactics employed by fraudsters to carry out
their schemes. In a comprehensive fraud prevention strategy,
organizations often leverage both fraud indicators and an understanding
of fraudulent processes to detect, prevent, and respond to fraudulent
activities effectively. Automated systems, machine learning algorithms,
and human investigators work together to identify fraud indicators and
recognize patterns associated with known fraudulent processes.
 Internal auditors must have sufficient knowledge to evaluate the risk of fraud and
the manner in which it is managed by the organization, but are not expected to have
the expertise of a person whose primary responsibility is detecting and investigating
fraud.

According to Implementation Standard 1220.A1, internal auditors must exercise due

professional care by, among other things, considering the “probability of significant
errors, fraud, or noncompliance.”
Internal auditors therefore must consider the probability of fraud when developing
engagement objectives
 The internal auditor should consider the potential for fraud risks in the assessment of
control design and the choice of audit procedures.
1) Internal auditors should obtain reasonable assurance that objectives for the process
under review are achieved and material control deficiencies are detected.
2) The consideration of fraud risks and their relation to specific audit work are
documented.
3) Internal auditors should be alert to opportunities that could allow fraud, such as
control
deficiencies.
if significant control deficiencies are detected, additional procedures may be
performed to determine whether fraud has occurred.

Internal auditors should evaluate the indicators of fraud and decide whether any further
action is necessary or whether an investigation should be recommended.
 Internal auditors should evaluate whether:
1) Management is actively overseeing the fraud
risk management programs,
2) Timely and sufficient corrective measures
have been taken with respect to any noted
control deficiencies, and
3) The plan for monitoring the program is
adequate.
Let's consider an example scenario where internal auditors identify control deficiencies related to
the segregation of duties within the accounts payable process:
1. Control Deficiency Identification:
Situation: During a routine internal audit of the accounts payable function, auditors find that
the organization lacks proper segregation of duties. Specifically, one employee is responsible
for both approving vendor invoices for payment and processing the payments in the
accounting system.
Control Framework: The organization's control framework stipulates that segregation of
duties is essential to prevent fraud and errors. Ideally, the employee approving invoices
should be different from the one processing payments.
2. Risk Associated with the Control Deficiency:
Audit Analysis: Auditors assess the risk associated with the control deficiency. In this case, the
lack of segregation of duties increases the risk of fraudulent activities, such as the creation of
fictitious vendors or unauthorized payments, as the same individual has the capability to
initiate and complete the payment process without proper checks and balances.
3. Impact on Financial Reporting:
Audit Analysis: Internal auditors consider the potential impact on financial reporting. The
control deficiency could lead to misstatements in financial records, as there is an increased
risk of errors or intentional manipulation of payment transactions. This could affect the
accuracy and reliability of the organization's financial statements.
 Recommendations for Corrective Action:
Audit Findings: Internal auditors document the control deficiency and provide recommendations for
corrective action. In this example, the recommendation may include restructuring roles or implementing
additional review procedures to ensure that no single individual has control over both the approval and
processing of payments.
Follow-Up and Monitoring:
Audit Process: Internal auditors follow up on the implementation of corrective measures to address the
control deficiency. They monitor the progress and effectiveness of the recommended changes to ensure
that the organization has taken appropriate steps to mitigate the identified risk.
Documentation of Findings:
Audit Report: Internal auditors include their findings related to the control deficiency in the audit report.
The report outlines the identified issues, the associated risks, and the recommended actions for
improvement. Clear documentation helps communicate the results to management and stakeholders.
This example illustrates how internal auditors might identify, assess, and address control deficiencies within a
specific process. The focus is on evaluating the adequacy of controls, identifying associated risks, and providing
recommendations for corrective actions to strengthen the internal control environment.
 AMANPREET KAUR
(AKPIS EDU PVT LTD)

We appreciate your attention and time, and we hope this

presentation proves useful for all of us.

+91 9205207573
www.akpisprofessionals.com
support@akpisprofessionals.com