Integration Of Fraud Risk Factor In IFC Framework

Preface

In today's business world, drastic changes are occurring within management. Hierarchical organizational structures, with many layers of management who supervise and control the work of those under them, are disappearing. They are being replaced with flat organizations that have self-directed work teams composed of employees formerly assigned to separate and segregated departments. Team members are empowered to make decisions and no longer must seek multiple layers of approvals to complete their work. There is an emphasis on continuous improvement rather than the periodic reviews and appraisals characteristic of earlier evaluators. These changes have an enormous impact on a company's organizational structure and on the nature and type of controls used in organizations.

As the economy and regulatory environments change, management might need to alter operations to adapt to these external changes. One of the key changes was caused by the pandemic due to COVID -19 was the way the business was conducted as most of the business was done from home or alternate methods were adopted. When management changes how it does business, such as adding a new product line or expanding operations to a foreign market, or working from home it affects the business model. This shift in operations usually results in changes to previously identified risks. Some risks might be eliminated, some might increase, and new ones might be identified. Regardless of how the business model is impacted, management should be proactive in identifying risks especially the risk which may result in fraud risks in all processes affected. 

Risk assessment Procedure (including fraud risk)

A risk assessment helps management determine whether their objectives are attainable. The following principles relate to risk assessments:

• Management specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.
• Management identifies risks to the achievement of its objectives across the entity and analyses risk as a basis for determining how the risks should be managed.
• Management considers the potential for fraud in assessing risks to the achievement of its objectives.
• Management identifies and assesses changes that could significantly impact the system of Internal Control.

An important part of assessing risk is identifying the potential for fraud. Fraud that goes undetected can result in significant monetary loss and ruin an organization's reputation. When considering the potential for fraud risk, management should consider:

• What types of fraud could occur (e.g., loss of assets or fraudulent reporting)?
• What incentives or pressures can contribute to potential fraud?
• What opportunities are available for unauthorized use of assets, disposing of assets, or altering financial records?
• How might management or others engage in or justify their actions if caught?

Top management is ultimately responsible for ensuring that adequate controls are in place, so it usually oversees the risk assessment process; it might, however, select competent individuals within the organization to perform the assessments or reviews. The number and type of individuals involved in this process varies based on the size of the company, the complexity of its functions, and the type of services or products provided.

An effective fraud risk identification process includes an assessment of the incentives, pressures, and opportunities to commit fraud.

Role of Internal Financial Control (IFC)

The management needs to have a certain benchmark to assess the adequacy of controls for the mitigation of risks. Without these benchmarks, the risk assessment will be subjective without any guiding post. Section 134 (5) ( e) of Companies Act, 2013 provides an explanation to Internal Financial Control as policies and procedure adopted by the company for ensuring:

• The orderly and efficient conduct of its business, including adherence to company polices
• Safeguarding of its assets
• Prevention & deduction of frauds and errors
• Accuracy & completeness of accounting records and
• Timely preparation of reliable financial information

Risk identification & controls to mitigate the risks remains one of the prime areas in the Internal Financial Controls. Identified below are some fraud risk areas in various processes which can be identified in the Internal Financial Control.

Entity Level

1. Analysing the industry to which the organization belongs to, size and location of the entity
2. Understand the structure of the organisation and the decision-making authorities
3. Corporate governance principles adopted by the organization
4. Use of technology in the organization
5. Communication channels adopted by the organisation and creating awareness in the organization
6. Reporting procedure and protection of whistle-blower in the organisation
7. Appropriate segregation of duties across all the processes
8. Effectiveness of control to prevent and detect fraud

Process: Order to Cash

Sub process: Customer Management

1. Entering into agreements with third parties at higher rate of commission to enable generation of extra cash.
2. Sales conducted through several third-party intermediaries
3. Performing due diligence / back ground check while vendor on-boarding
4. Range of commission charge may not be at par with the Industry standard
5. Customer visits and the purpose of visit duly documented

Process: CAPEX

Sub Process: Capitalization

1. Policies defining employees using the asset of the company

Sub Process: Procurement of assets

1. Segregation of duties with respect to procurement and maintenance of assets and recording of assets
2. Policy for regular physical verification of assets
3. Reconciliation of shipment records with sales invoices
4. Review of vendor master for the identification of bogus vendors

Process: Human Resource

Sub Process: Payroll Management

1. Regular reconciliation of the HR master with the Payroll master
2. Finding the incomplete record of employees
3. Employee incentive programs and the metrics on which they are based
4. Hiring and evaluation policy of the organization

Process: Treasury

Sub Process: Cash outflow

1. Availability of money trail and end use of funds
2. Diversion of loan funds to its subsidiaries and associates
3. Genuiness of transaction with third parties
4. Review of inward / outward foreign remittances and related documentation