Internal Control/Anti-Fraud Program Design for the Small Business

STEVE DAWSON, CPA, CFE, is president and founder of Dawson Forensic Group, a firm devoted to the investigation of fraud and the education of the small business community in internal control/anti-fraud program design and implementation. For the past thirty years, he has performed forensic investigations and related forensic services for various businesses and agencies. He is a nationally recognized speaker in fraud detection, prevention, and internal control design methodologies. He is a graduate of Texas Tech University with a Bachelor's of Science degree in Accounting and holds a certified public accountant certificate in Texas as well as a certificate as a certified fraud examiner.

Preface: Maybe It’s Time We Get Back to the Basics xi

Acknowledgments xvii

PART I: THE ANTI‐FRAUD ENVIRONMENT: THE BLUEPRINTS, THE FOUNDATION, THE GROUND FLOOR

Chapter 1: The Architect’s Blueprint: Establishing the Framework 3

The Elements of Anti‐Fraud Program Design 3

Anti‐Fraud Environment 4

Fraud Risk Assessment 4

Control Activities 5

Information: Program Documentation 6

Communication: The Company Fraud Training Program 6

Monitoring and Routine Maintenance 7

Chapter 2: Foundational Policies: The Fraud Policy 9

Foundational Policies 10

The Fraud Policy: The Essential Elements of an Effective Fraud Policy 10

Case Presentation 17

Chapter 3: Foundational Policies: The Fraud Reporting Policy 19

The Essential Elements of an Effective Fraud Reporting Policy 20

Chapter 4: Foundational Policies: The Expense Reimbursement Policy 29

Case: “No Questions Asked” 29

Case: “It Will Never Be Missed” 30

Case: Larry the Chief Financial Offi cer 31

The Elements of an Effective Expense Reimbursement Policy 32

Appendix 4A: Expense Report Form 39

Appendix 4B: Supplemental Business Meal and Entertainment Charges Form 40

Chapter 5: The Ground Floor: The Fraud Risk Assessment Process 41

Ground Rules for Fraud Risk Assessment 42

An Example of Risk Assessment 43

Procedural Steps for Performing a Fraud Risk Assessment 44

Cash in Bank 48

Case: The Trail Is Gone 50

Case: Friends in Low Places 51

Asset Misappropriation 52

Corruption 53

Financial Statement Fraud 53

PART II: ANTI‐FRAUD CONTROL ACTIVITIES: RAISING THE WALLS

Chapter 6: Control Activities: The Absolutes 57

Critical Principles of Control Activity Design 57

Foundational Control Activities 59

Case: The Mail Drop in Las Vegas 64

Appendix 6A: Confl ict of Interest Form 67

Appendix 6B: New Vendor Establishment Form 68

Chapter 7: Control Activities: The Segregation of Duties Dilemma 69

But I Only Have Two Employees 69

Prevention versus Detection Controls 70

The Necessary Review Processes 72

Chapter 8: Control Activities: General Processes 75

Two Operational Questions 75

Common Control Activities 81

Case: The Cell Phone Reimbursement 91

Chapter 9: Control Activities: Specific Control Areas 95

Financial Statement Line Item Control Activities 95

PART III: COMPLETING THE ANTI‐FRAUD PROGRAM: THE CEILING, THE ROOF, AND ROUTINE MAINTENANCE

Chapter 10: The Ceiling: Documenting the Anti‐Fraud Program 103

Information 103

Documentation—Keeping It Simple 104

The Elements of High‐Quality Documentation 104

Chapter 11: The Ceiling: The Company Fraud Training Program 111

The Elements of Effective Communication 112

The Company Fraud Training Program 114

Chapter 12: The Roof: Monitoring and Routine Maintenance 119

Monitoring and Routine Maintenance Defi ned 120

The Monitoring and Routine Maintenance Structure 120

Chapter 13: The Sample Anti‐Fraud Program 129

Appendix 13A: Fraud Risk Assessment Framework Form 137

Appendix 13B: Control Activities Form 138

Appendix 13C: Documentation of Control Activities 139

Appendix 13D: Compliance Audit Programs and Related Compliance Audit Working Papers 154

Appendix A: The Fraud Policy 171

Appendix B: The Fraud Reporting Policy 175

Appendix C: The Expense Reimbursement Policy 179

Appendix D: Forms 185

About the Author 193

Index 195