Instilling good governance and ensuring full compliance with an effective internal control program. Presented at Corruption and Compliance South & South East Asia Summit, September 2012, Hilton Hotel, Singapore.
Risk-based auditing is a style of auditing which focuses upon the analysis and management of risk. ... A traditional audit would focus upon the transactions which would make up financial statements such as the balance sheet. A risk-based approach will seek to identify risks with the greatest potential impact.
What is the purpose of internal auditing? How important is it to the business? How are internal audits planned and carried out? These slides show the relevance of internal audit to the business, how internal audits relate to the objectives and risks of the business, how they are planned and the work involved in an internal audit. Further advice is available from www.internalaudit.biz
Risk-based auditing is a style of auditing which focuses upon the analysis and management of risk. ... A traditional audit would focus upon the transactions which would make up financial statements such as the balance sheet. A risk-based approach will seek to identify risks with the greatest potential impact.
What is the purpose of internal auditing? How important is it to the business? How are internal audits planned and carried out? These slides show the relevance of internal audit to the business, how internal audits relate to the objectives and risks of the business, how they are planned and the work involved in an internal audit. Further advice is available from www.internalaudit.biz
Many leaders in today’s business environment have recognized the need for internal audit to play a larger role – one that expands on its historic focus on value preservation to encompass activities related to value creation. Leading integrated internal audit functions will need to stay ahead of the risk curve rather than simply follow the business, whilst preserving the core compliance and assurance activities senior management and the audit committee require. Audit functions that focus their efforts on significant risks are able to concentrate their audit resources on issues that drive the business. This 3-day course has been designed to help internal auditors understand what is needed to make the audit function totally risk based
The purpose of this report is to examine and evaluate the internal control system of Naizak under the supply chain procedures to be applied at the company. The supply chain procedure The supporting literature for an effective internal control system is the recommendations of the Committee of Sponsoring Organizations and the Statements on Auditing Standers 78 which is expressed in the literature review chapter II of this report.
Many leaders in today’s business environment have recognized the need for internal audit to play a larger role – one that expands on its historic focus on value preservation to encompass activities related to value creation. Leading integrated internal audit functions will need to stay ahead of the risk curve rather than simply follow the business, whilst preserving the core compliance and assurance activities senior management and the audit committee require. Audit functions that focus their efforts on significant risks are able to concentrate their audit resources on issues that drive the business. This 3-day course has been designed to help internal auditors understand what is needed to make the audit function totally risk based
The purpose of this report is to examine and evaluate the internal control system of Naizak under the supply chain procedures to be applied at the company. The supply chain procedure The supporting literature for an effective internal control system is the recommendations of the Committee of Sponsoring Organizations and the Statements on Auditing Standers 78 which is expressed in the literature review chapter II of this report.
In 2013, COSO released their update to the COSO 1992 framework. This framework is used widely by public companies for SEC compliance. After working on updating their compliance efforts, many users are having discussions with their financial auditors about the use of the new standard.
This presentation looks at the needs of the auditor in understanding internal control and its documentation.
. In accounting and auditing, internal control is a process for assuring achievement of an organization’s objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies.
The depth and scope of examination, time of audit, processing methods, etc. In deciding on a specific technique, also need to take account of the objective of the audit action and the capacities limited by time or other factors.
Reviewing Contract Key Terms and ConditionsEric Pesik
This 2-day program teaches legal counsels and non-legal professionals how to effectively review, analyse, draft, and re-draft key contract terms and conditions; how to eliminate ambiguities and avoid the risks of misunderstandings and conflicts; how to deconstruct complex contract clauses and extract the core business elements. Originally presented by Eric R. Pesik at Clariden Global Leadership Institute Executive Education
The Truth about Tone from the Top by @EricPesikEric Pesik
Are your executives telling the truth when they say "ethics matter"? Senior executives are involved in 53% of bribery cases. And they know about 86% of corporate fraud cases. If management lies about ethics, what message does that send? What is the true "tone from the top"?
Have you ever felt trapped in a bad PowerPoint presentation? Ever listen to a speaker drone on like a zombie? Do boring uninspiring slides leave you feeling like the walking dead? Don’t be a PowerPoint zombie! Here are 6 tips to avoid Death by Powerpoint!
J.P. Morgan and the Princelings of China by @ericpesikEric Pesik
This presentation was originally delivered live on June 9, 2015, by Eric Pesik, at the Legal Risk & Compliance Summit 8 & 9 June 2015, at the InterContinental Hotel in Singapore. I am providing my slides under Creative Commons Attribution license. All images and fan art are based on Harry Potter created by J.K. Rowling and owned by Rowling, her publishers, and Time Warner, the owner of the rights to the Harry Potter films (US copyright law allows for the production, display, and distribution of derivative works if they fall under a fair use exemption, 17 U.S.C. § 107.) This presentation was strongly inspired by the debate between Professors Matthew Stephenson and Andy Spalding chronicled on their blogs at The Global Anticorruption Blog (http://globalanticorruptionblog.com/?s=princeling&submit=Search) and The FCPA Blog
(http://www.fcpablog.com/blog/tag/princelings)
Managing risk from top to bottom by @ericpesikEric Pesik
Managing Risk from the Top to Bottom: How to Safeguard Against Misconduct from C-Suite Level to Regular Employees – and Using HR as a Gatekeeper. Presented at American Conference Institute’s 3rd Asia Pacific Summit on Anti-Corruption, Compliance and Risk Management December 3, 2014, at the Hilton Singapore
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesikEric Pesik
This lecture was originally presented October 25, 2014, by Eric Pesik, Adjunct Assistant Professor, University at Buffalo, State University of New York School of Management.
International Executive MBA Program, International Business Law, Politics, & Ethics, Module 13, MGT 612, Intake 18.
Presented at SIM Management House, Singapore Institute of Management, 41 Namly Avenue, Singapore 267616
Do you want to be a billionaire by @EricPesikEric Pesik
Billionaires are members of the most elite group of people in the world. To join the billionaire club, you must be one in three million. The good news is - if you want to join this elite club, its membership is growing. According to the Wealth-X and UBS Billionaire Census 2014, the world’s population of billionaires increased 7% last year to reach a record high of 2,325 billionaires.
Do you have what it takes to become a billionaire?
Top 10 Things People Admit Doing on Conference Calls by @EricPesikEric Pesik
Why are conference calls unproductive? Over half of all employees admit they are multitasking with other priorities while attending conferences calls. What are the top 10 things your colleagues are doing while on mute?
25 things NOT to do during Hungry Ghost Festival by @EricPesikEric Pesik
Every year, usually in August, the Chinese in Singapore observe a large-scale tradition of paying respects to the dead. During this month, the "Gates of Hell” are opened and souls of the dead are freed and allowed to roam the earth where they seek food and entertainment.
The 7th month of the Chinese lunar calendar is regarded as the Ghost Month. The 15th day of Ghost Month is Ghost Day, and the Ghost Festival is held the night before - on the evening of the 14th day.
The activities throughout the month include preparing ritualistic food offerings, such as Mandarin oranges, roasted suckling pig, bowls of rice, and local Chinese cake made especially for the occasion. They also burn incense and joss paper to pay respect to the deceased. The festival is so widely-practiced in Singapore that special bins are set up in neighborhoods for believers to burn their joss paper. Small altars can also be seen outside many homes, both on private property and in public housing areas.
On Ghost Day in Singapore and Malaysia, singers and dancers hold concert-like performances known as Getai on temporary stages set up in a residential districts. Everyone is welcome to watch the show as long as you don’t sit at the front row, which is reserved for the spirits.
If you want to experience Ghost Festival without insulting the spirits, this presentation compiles a collection of taboos - 25 things NOT to do during Hungry Ghost Festival.
Asia’s Increased Competitive Landscape - HR Implications on Talent Attraction and Retention, by Eric Pesik. Presented at the Crown Leadership International Group: Compensation and Benefits Asia Congress, March 2014, Orchard Parade Hotel, Singapore: (1) The rise of Asia and the new diversified workforce; (2) Winning Companies: What sets them apart? (3) Performance & Pay: What else is new? (4) Performance & Development: Who is a Talent? (5) From HR Programs to Reality: What makes the difference?
Updated again based on my presentation on the 18th of March 2014 at the American Chamber of Commerce in Singapore. Previously presented at the Compliance Day Event for the Singapore Compliance Workgroup on 27-November 2013; and at the PrimeTime Personal Power Lunch and the CFO Asia Congress. We return to the same three economic questions: Who bribes? How much do they pay? And what value do they get? How can we use the answers to discourage bribery? And while we will never eliminate the motivation for bribery, we may reach the point where bribery is no longer business as usual.
I am sharing my slides under Creative Commons Attribution license. You are free to distribute, remix, tweak, and build upon my work, even commercially, as long as you credit me for the original creation by linking to this Slideshare URL. Each slide contains source attributions and URL; you should obtain the original images and data from the original sources before reusing. You must comply with any applicable license restrictions imposed by the original source.
I had the honor of speaking at the recent PrimeTime Personal Power Lunch at Garibaldi Italian Restaurant & Bar on October 23, 2013. Building on my previous presentations, we discussed the economic of bribery: Who bribes? How much do they pay? What value do they get?
Does crime pay? When you think about the economics of bribery and corruption, most people look at the cost of the huge fines, reputation loss, and business interruption that companies face with when caught paying bribes. But companies that pay bribes never expect to get caught. To the contrary, companies that pay bribes expect to benefit from their corrupt activities. This leads to an obvious question: does crime pay? Or to put it in financial terms, what is the ROI of corruption?
We look at studies that answer important questions: Who bribes? How much do they pay? And what value do they get?
Also, do you get more if you pay more? And do firms that bribe perform better?
I am sharing my slides from my presentation at the CFO Asia Congress on October 8, 2013, under Creative Commons Attribution license. You are free to distribute, remix, tweak, and build upon my work, even commercially, as long as you credit me for the original creation by linking to this Slideshare URL. Each slide contains source attributions and URL; you should obtain the original images from the original sources before reusing. You must comply with any applicable license restrictions imposed by the original source.
Globalization of Ethics and Compliance by @EricPesikEric Pesik
Globalization is not normally associated with ethics. But recent enforcement actions and legislation around the world point to a global ethics convergence. Where did it start? Where are we now? And what’s next for ethics and compliance?
I am sharing my slides from my lecture at the University of Buffalo School of Management Singapore Executive MBA program on September 21, 2013, under Creative Commons Attribution license. You are free to distribute, remix, tweak, and build upon my work, even commercially, as long as you credit me for the original creation by linking to this page URL. Each slide contains source attributions and URL; you should obtain the original images from the original sources before reusing. You must comply with any applicable license restrictions imposed by the original source.
Drafting Game Rules to Minimize LitigationEric Pesik
Drafting Game Rules to Minimize Litigation by Eric Pesik. Presented at the Marcus Evans summit: Litigation & Corporate Counsel Asia Summit 2013, May 2013, The Westin Kuala Lumpur, Kuala Lumpur, Malaysia.
Effective Internal Controls by @EricPesikEric Pesik
Instilling good governance and ensuring full compliance with an effective internal control program. Presented at Corruption and Compliance South & South East Asia Summit, September 2012, Hilton Hotel, Singapore.
Fighting Global Corruption by @EricPesikEric Pesik
Fighting global corruption by building sustainable corruption risk assessment process and developing a proactive risk management plan proportional to your organization’s risk exposure. Presented by Eric Pesik at Asia Risk Professionals Congress at the Carlton Hotel, in Singapore, March 2012
Meeting in the Middle: Embracing Negotiation to Protect Business Interests an...Eric Pesik
Meeting in the Middle: Embracing Negotiation to Protect Business Interests and Relationships, by Eric Pesik, presented at Litigation Asia Summit 2012, Singapore
Top mailing list providers in the USA.pptxJeremyPeirce1
Discover the top mailing list providers in the USA, offering targeted lists, segmentation, and analytics to optimize your marketing campaigns and drive engagement.
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesHolger Mueller
Holger Mueller of Constellation Research shares his key takeaways from SAP's Sapphire confernece, held in Orlando, June 3rd till 5th 2024, in the Orange Convention Center.
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
Navigating the world of forex trading can be challenging, especially for beginners. To help you make an informed decision, we have comprehensively compared the best forex brokers in India for 2024. This article, reviewed by Top Forex Brokers Review, will cover featured award winners, the best forex brokers, featured offers, the best copy trading platforms, the best forex brokers for beginners, the best MetaTrader brokers, and recently updated reviews. We will focus on FP Markets, Black Bull, EightCap, IC Markets, and Octa.
B2B payments are rapidly changing. Find out the 5 key questions you need to be asking yourself to be sure you are mastering B2B payments today. Learn more at www.BlueSnap.com.
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
Company Valuation webinar series - Tuesday, 4 June 2024FelixPerez547899
This session provided an update as to the latest valuation data in the UK and then delved into a discussion on the upcoming election and the impacts on valuation. We finished, as always with a Q&A
Understanding User Needs and Satisfying ThemAggregage
https://www.productmanagementtoday.com/frs/26903918/understanding-user-needs-and-satisfying-them
We know we want to create products which our customers find to be valuable. Whether we label it as customer-centric or product-led depends on how long we've been doing product management. There are three challenges we face when doing this. The obvious challenge is figuring out what our users need; the non-obvious challenges are in creating a shared understanding of those needs and in sensing if what we're doing is meeting those needs.
In this webinar, we won't focus on the research methods for discovering user-needs. We will focus on synthesis of the needs we discover, communication and alignment tools, and how we operationalize addressing those needs.
Industry expert Scott Sehlhorst will:
• Introduce a taxonomy for user goals with real world examples
• Present the Onion Diagram, a tool for contextualizing task-level goals
• Illustrate how customer journey maps capture activity-level and task-level goals
• Demonstrate the best approach to selection and prioritization of user-goals to address
• Highlight the crucial benchmarks, observable changes, in ensuring fulfillment of customer needs
buy old yahoo accounts buy yahoo accountsSusan Laney
As a business owner, I understand the importance of having a strong online presence and leveraging various digital platforms to reach and engage with your target audience. One often overlooked yet highly valuable asset in this regard is the humble Yahoo account. While many may perceive Yahoo as a relic of the past, the truth is that these accounts still hold immense potential for businesses of all sizes.
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraAvirahi City Dholera
The Tata Group, a titan of Indian industry, is making waves with its advanced talks with Taiwanese chipmakers Powerchip Semiconductor Manufacturing Corporation (PSMC) and UMC Group. The goal? Establishing a cutting-edge semiconductor fabrication unit (fab) in Dholera, Gujarat. This isn’t just any project; it’s a potential game changer for India’s chipmaking aspirations and a boon for investors seeking promising residential projects in dholera sir.
Visit : https://www.avirahi.com/blog/tata-group-dials-taiwan-for-its-chipmaking-ambition-in-gujarats-dholera/
Best practices for project execution and deliveryCLIVE MINCHIN
A select set of project management best practices to keep your project on-track, on-cost and aligned to scope. Many firms have don't have the necessary skills, diligence, methods and oversight of their projects; this leads to slippage, higher costs and longer timeframes. Often firms have a history of projects that simply failed to move the needle. These best practices will help your firm avoid these pitfalls but they require fortitude to apply.
9. “When we envision internal controls in
modern organizations, the typical
things one thinks about are finance
and accounting procedures, such as
revenue recognition rules, balance
sheets, and cash flow statements.”
finance & accounting procedures
11. “Or you might also think about your
corporate IT systems , such as
ORACLE, SAP, and the databases and
programs that keep track corporate
transactions.”
corporate IT systems
13. “Or you might think about general
company policies & procedures, such
as the rules we all follow to get our
expense reports approved.”
company policies & procedures
15. “These are typical examples of
internal controls. But they can be as
obscure or esoteric. Internal controls
should make sense to the people
that have to comply with them.”
humanize internal controls
19. “Everyone has seen a restaurant
guest check. You knows what it is and
how it works. But how many people
this of this as an internal control?”
restaurant guest check
23. “When the waitress takes your order,
the first internal control comes into
play when you tell the waitress what
you want. She writes it down. This
simple data entry drives restaurant
operations.”
take your order
24. “The waitress repeats your order as
additional an control to verify the
data, and correct it if it is incorrect.”
take your order
26. “The segregation of duties is another
internal control because the kitchen
must translate the written data into an
allowed order on the menu.”
prepare your order
27. “The kitchen uses the order to
manage production , preparing the
meal as described in the guest check,
and pulling raw materials from
inventory.”
prepare your order
28. “The segregation of duties is also a
fraud prevention control. The kitchen
operates to the written order,
preventing the waitress from
recording an inexpensive item but
delivering an expensive item.”
prepare your order
30. “When your order is ready the waitress
uses the order to verify customer
requirements against kitchen
production output.
serve your order
31. “There is a final verification when
your meal arrives. If you dispute the
order, the wait staff can compare your
dispute against the written order.”
serve your order
33. “After you eat, you must pay. The
cashier reviews the guest check to
calculate sales price and record the
sales revenue from your meal.”
pay for your order
40. “It doesn’t feel like an internal control.
It’s not bureaucratic. It helps
restaurant employees do their job
more effectively, so they use it
effectively.”
restaurant guest check
44. “It is simple because it only requires
a small piece of paper passed from
user to user without special tools or
equipment.”
45. “It is effective because one item
drives nearly every aspect of the
business: sales, customer services,
operations, production, inventory,
revenue, accounting, planning,
management oversight...”
46. “It is an efficient control because it
does not interfere with how each
employee does his or her job. This
internal control helps employee their
job more efficiently.”
48. “This internal control was developed
organically. It wasn’t implemented by
legal or finance or compliance. It was
developed over time by the users
themselves to make their job easier.”
49. “There are probably similar internal
controls in your company developed
by the users themselves.”
51. “Let’s look at the opposite end of the
spectrum. The Internal Control -
Integrated Framework was
commissioned the Committee of
Sponsoring Organizations of the
Treadway Commission.”
52. “This is a formal framework for
internal control systems that is
employed by a majority of
multinational companies.”
53. “There are four key concepts in the
Internal Controls - Integrated
Framework.”
57. “Internal controls are not just things,
they are people at every level of an
organization. Internal controls rely on
people for their effectiveness and are
affected by the inherent faults of
people.”
affected by people
61. “Internal control should be directed at
achieving company objectives. An
internal control that is not tied to a
corporate objective is not an effective
internal control.”
achieve objectives
62. 1. process
2. people
3. assurances
4. objectives
63. “Internal controls are processes
effected by people that provide
reasonable assurances that you are
meeting or achieving your corporate
objectives.”
84. “Information processing allows us to
verify data entry, comparing file totals
with control accounts, and control
access to data, files, and programs.”
information processing
92. “Physical security provides cameras,
locks, and physical barriers to protect
cash, property, and inventory.”
physical security
93. 1. segregation of duties
2. retention of records
3. super vision or monitoring
4. information processing
5. authorization of transactions
6. top-level reviews
7. electronic security
8. physical security
101. “To implement risk-focused internal
controls, you have to do a formal risk
assessment. This is something
everyone talks about, but rarely does.”
risk assessment
102. “Everyone has seen a typical risk
matrix. It is a tool to compare two
dimensions of data, the probability of
risk and the magnitude of harm, to
help you measure threats.”
103. High Magnitude High Magnitude
Low Probability High Probability
Magnitude of Loss
Low Magnitude Low Magnitude
Low Probability High Probability
Probability of Risk
risk matrix
104. “How many people have actually
plotted out risks their company
faces? This should not be merely a
thought experiment, but a formal risk
assessment.”
108. “Lawyers, accountants, risk officers,
experienced business professionals
are all risk experts. Their job is to
understand the risks our companies
face based on their professional
experience, training, and individual
expertise.”
risk experts
110. “But individual opinions are too
subjective, especially when risk
assessments are made by limited
individuals insulated from day-to-day
operations.”
subjective opinions
112. “Relying on risk experts is not
enough. To develop effective internal
controls, you need to supplement
subjective individual opinions with
objective risk data.”
objective data
113. “Without objective risk data, you do
cannot have a risk-focused program.
And you cannot demonstrate to
regulatory authorities that you have
appropriate controls in place.”
objective data
115. “The data in this presentation is
derived from reports from the
Association of Certified Fraud
Examiners. This presentation was
delivered in Asia, and uses Asia data.
But global data is similar.”
125. “Financial statement risk and
corruption risks are both high risk
because of the high occurrence and
high cost. Corruption is a current hot
topic, but the data shows financial
statement fraud is a greater risk.”
127. Sales 21.0%
Operations 15.4%
Accounting 15.1%
Exec/Upper Mgmt 14.0%
Purchasing 10.7%
Warehousing/Inventory 4.0%
Finance 4.0%
Customer Service 3.3%
Marketing/Pub Relations 2.9%
Board of Directors 2.9%
Mfg and Production 2.2%
Human Resources 2.2%
Information Technology 1.5%
Internal Audit 0.4%
Research and Dev 0.4%
Legal 0.0%
probability of the risk
128. “The sales department is the most
frequent source of risk, probably
because corruption is the most
frequent category of risk. But the top
5 overall departments are similar, all
with double digits risks.”
129. Exec/Upper Mgmt $829
Board of Directors $800
Legal $566
Purchasing $500
Finance $450
Marketing/Pub Relations $248
Warehousing/Inventory $239
Human Resources $200
Accounting $180
Mfg and Production $150
Operations $105
Research and Dev $100
Sales $95
Information Technology $71
Customer Service $46
Internal Audit $13
magnitude of the loss
130. “Upper management and the board
of directors are the source of the
greatest median loss per event,
probably because financial statement
fraud is the most costly form of
fraud.”
131. Exec/Upper Mgmt 10.0
Accounting 3.5
Purchasing 2.8
Operations 1.7
Finance 1.7
Sales 1.1
Warehousing/Inventory 1.0
Board of Directors 1.0
Marketing/Pub Relations 0.4
Customer Service 0.3
Legal 0.2
Human Resources 0.2
Mfg and Production 0.2
Information Technology 0.2
Research and Dev 0.0
Internal Audit 0.0
adjusted risk profile
132. “The adjusted risk profile shows
upper and executive management is
the source of greatest source of risk
to the company.”
134. “External data is not enough. It helps
you benchmark your risk analysis, but
the key to developing risk-focused
controls is collecting your own
internal data.”
137. “When you need unfiltered data about
your company, you cannot rely on risk
experts, because they don’t know
what is happening with manager-level
and line-level employees.”
company constituents
138. “You need to discover open secrets
that everyone knows on the shop floor
but that never reach management.”
company constituents
140. “Employees know who is lazy in their
organization. They might not turn in
their co-workers, but they will tell you
the steps people skip.”
human laziness
142. “Employees know who is careless in
their organization. They might not turn
in their co-workers, but they will tell
you the mistakes people make.”
human carelessness
144. “Employees know who is dishonest in
their organization. They might not turn
in their co-workers, but they will tell
you how people steal from the
company.”
human dishonesty
149. “A formal risk assessment is time
consuming. It requires putting all your
constituents in a room having each of
them teach you about the risks they
see every day.”
formal risk assessment
158. 1. segregation of duties
2. retention of records
3. super vision or monitoring
4. information processing
5. authorization of transactions
6. top-level reviews
7. electronic security
8. physical security
159. “But your work is not done. You also
have to assess the effectiveness of
your proposed controls.”
162. “Every internal control has a price. It
may be the financial cost to
implement, or the loss of operational
efficiencies due to burdensome
process steps or procedures.”
cost of mitigating or avoiding
163. “Do not allow the cost of mitigation to
exceed the value of the risk. You
need to know the effectiveness of
each internal control.”
cost of mitigating or avoiding
165. “Effectiveness is measured by the
reduction in median losses of
organizations with an internal control
versus organizations without the
same internal control.”
166. Hotline 59.2%
Employee Support Programs 59.0%
Surprise Audits 51.5%
Fraud Training for Managers/Execs 50.0%
Fraud Training for Employees 50.0%
Job Rotation/Mandatory Vacation 46.8%
Code of Conduct 46.6%
Management Review 40.0%
Anti-Fraud Policy 40.0%
External Audit of ICOFR 34.9%
Internal Audit Department 30.6%
Independent Audit Committee 30.0%
External Audit of F/S 25.0%
Management Certification of F/S 25.0%
Rewards for Whistleblowers 23.2%
effective loss reduction
167. “Hotlines were the most effective, but
the top 5 internal controls yielded
50% or greater median loss
reduction.”
168. Hotline $100 $245
Employee Support Programs $100 $244
Surprise Audits $97 $200
Fraud Training for Managers/Execs $100 $200
Fraud Training for Employees $100 $200
Job Rotation/Mandatory Vacation $100 $188
Code of Conduct $140 $262
Management Review $120 $200
Anti-Fraud Policy $120 $200
External Audit of ICOFR $140 $215
Internal Audit Department $145 $209
Independent Audit Committee $140 $200
External Audit of F/S $150 $200
Management Certification of F/S $150 $200
Rewards for Whistleblowers $119 $155
benefit of loss reduction
169. “Companies without hotlines suffered
median losses of $245k per event.
Companies with hotlines suffered
only $100k median losses per
event.”
170. “Since hotlines have the greatest
effective loss reduction, let’s do a
quick case study to examine hotlines
further and compare them with other
sources of risk detection.”
180. “Hotlines are the most effective
internal control, reducing median
losses by almost 60%. Tips are the
number one source for detecting risk,
resulting in 13% more tips.”
“Why is this important?”
importance of hotlines
182. “Regulators are paying whistleblower
bounties to get tips. If you don’t have
a hotline, you are telling 13% of
people with tips to take them
somewhere else.”
whistleblower bounties
191. 1. segregation of duties
2. retention of records
3. super vision or monitoring
4. information processing
5. authorization of transactions
6. top-level reviews
7. electronic security
8. physical security
198. License and Credits
This presentation, excluding the images, is provided under creative commons attribution license.
http://creativecommons.org/licenses/by/3.0/
You are free to share, copy, distribute, and transmit this work; to remix, adapt this work; and to make commercial use of the work; under the condition that you attribute
this work to me by including the following attribution “Effective Internal Controls by Eric Pesik. Used with permission,” and URL Link:
http://www.slideshare.net/ericpesik/
Microsoft Office Online:
Except as noted below, all images in this presentation are from Microsoft Office Online. Used with permission from Microsoft:
http://office.microsoft.com/en-us/images/
Flickr Creative Commons:
The following images are from flickr creative commons and are licensed and used under creative commons attribution license:
http://creativecommons.org/licenses/by/2.0/deed.en
Art Coffee House Waitress by Wonderlane
http://www.flickr.com/photos/wonderlane/293137892/
Waitress by Adikos
http://www.flickr.com/photos/adikos/4319818916/
Rutherford Grill by Neeta Lind
http://www.flickr.com/photos/neeta_lind/2517034517/
Serving Food by Adrian Nier
http://www.flickr.com/photos/adriannier/4004167201/
Donut Shop Owner by Robert Couse-Baker
http://www.flickr.com/photos/29233640@N07/7104455917/
Two chorizo burritos with cheese and sour cream by Rick
http://www.flickr.com/photos/spine/1994814081/
Waiter by Hans Van Den Berg
http://www.flickr.com/photos/myimage/4353456304/
Blue Telephone by UggBoy♥UggGirl
http://www.flickr.com/photos/uggboy/5345135964/
Association of Certified Fraud Examiners:
All data is from the Association of Certified Fraud Examiners, Report to the Nations on Occupational Fraud and Abuse, 2010 Global Fraud Study based on 1,843 cases
of occupational fraud that were reported by the Certified Fraud Examiners who investigated them. http://www.acfe.com
Committee on Sponsoring Organizations of the Treadway Commission:
The Internal Control — Integrated Framework was commissioned by the Committee on Sponsoring Organizations of the Treadway Commission. It establishes a common
definition of internal control that services the needs of different parties for assessing and improving their control systems. http://www.coso.org