Achilles' heel: management override of internal controls a weak link in fraud prevention.
| Author | Morrow, John |
| Position | FRAUD PREVENTION |
ControlCo.'s audit committee chair was stunned when the company's counsel informed him that the prior year's revenue and earnings may have been overstated.
"How could that happen?," the audit committee chair asks. "We have good internal controls and management, and the auditors both signed off that they were effective."
And that's when it became apparent: those who design and implement internal controls--management--also can override or bypass those controls.
Many financial statement frauds have been perpetrated by senior management's intentional override of what might otherwise appear to be effective internal controls.
Among other methods, management may override internal controls to intentionally misstate the nature or time of revenue by recording fictitious business transactions or changing the timing of legitimate transactions; establishing or reversing reserves to manipulate results; and altering records related to significant or unusual transactions.
So how can audit committees address the risk of management override of internal controls as part of their oversight of the financial reporting process?
MAINTAINING SKEPTICISM
An audit committee should exercise an appropriate level of skepticism when considering the risk of management override of internal controls.
The committee should begin by acknowledging that fraud risks, including the risk of management override, exist in every entity. Skepticism requires an alertness to potential fraud risk factors and a willingness to ask the sometimes difficult, and perhaps even embarrassing, questions.
This stance also requires an environment that encourages open discussion among audit committee members and sufficient time to consider "what if" scenarios related to fraud possibilities. The audit committee should set aside any beliefs about the integrity of management because override most often is committed by "good executives gone bad" rather than consistently dishonest people.
Additionally, an open display of skepticism, in itself, can be a deterrent to management override of controls.
UNDERSTAND THE BIZ
Audit committees need a solid knowledge of the industry and business to form the foundation for effective oversight.
Most businesses plan legitimate reactions to variances from expected financial performance. But when a business is unable to achieve desired results legitimately, the temptation to override internal controls to manipulate reported results can become too great to overcome.
...
To continue reading
Request your trialCOPYRIGHT GALE, Cengage Learning. All rights reserved.
