Fraud Risk Assessment and Monitoring Services
Statement on Auditing Standards (“SAS”) No. 112 “Communicating Internal Control Related Matters in an Audit” (SAS 112) is in effect and resulted in a substantial change in how management and auditors must assess internal controls. SAS 112 focuses more on the organization and its internal control and lowers the effectiveness of controls. Additionally, the new Risk Assessment SASs (SAS 104-111) are effective for 2008 audits, and as a result, auditors will be requesting their clients to provide documentation of their risk assessments and components of internal control.
Some entities simply do not have the time or resources to dedicate to the preparation of the required risk assessment and internal control related documentation due to high workloads or lack of expertise. In an effort to assist you in meeting these new requirements, Thurman, Shinn and Company is pleased to offer various ‘corporate governance’ services to assist your entity. Some of the available services are discussed in greater detail below. We take a risk-based, top-down approach to our projects, keeping in mind the fiduciary responsibilities and reputational risk unique to governmental entities.
Each Project follows a multi-phase methodology to assist management in achieving compliance. Our methodology includes the following major phases, depending upon the project:
Internal Control Risk Assessment and Documentation
Management is ultimately responsible for ensuring that internal controls are established, well documented, and operating effectively. Without clear internal control documentation, management cannot demonstrate an understanding or the activities that are being undertaken to meet its control objectives. In addition, without the documentation, management is not able to assess whether controls are operating as intended and where control gaps may exist. A better understanding of an entity’s internal controls will ultimately reduce reporting errors and increase operational effectiveness by improving the design of existing controls and eliminating redundant controls.
To prepare your entity’s internal control documentation, Thurman, Shinn and Company will:
Internal Control Risk Assessment (on existing Documentation)
A risk assessment is the process of identifying and analyzing relevant risks to the achievement of an entity’s objectives. A risk assessment also involves forming a basis for determining how the risks should be managed. An internal control risk assessment performed by Thurman, Shinn and Company requires sufficient internal control documentation. As part of completing an internal control risk assessment, Thurman, Shinn and Company will:
Fraud Risk Assessment
Antifraud programs and controls are the policies and procedures put in place by an entity to help ensure that management directives are carried out. It is important to realize that fraud can occur in entities of any size, and almost any employee may be capable of perpetrating a fraudulent act given the right set of circumstances. A fraud risk assessment will help identify, analyze and manage the risk of fraud occurring. A fraud risk assessment performed by Thurman, Shinn and Company will include the following:
Policy and Procedure Review and Development
Documentation of an entity’s significant operational and accounting processes is essential in times of employee transition and for training purposes. Documenting a process involves identifying and gaining an understanding of the events or transactions that trigger performance of the process, the automated or manual procedures used in performing the process, the person(s) or position(s) responsible for performing the procedures, the source documents used or generated, the procedures for approval and review and correction of any errors detected, and the financial or operations entries or reports summarizing the result of the process. Procedures that may be used to gain an observation of them performing their duties; inspection of documents, forms, and performing a “walk through” of the procedures performed in the process. Thurman, Shinn and Company an assist in reviewing, updating or streamlining the existing procedures and existing documentation, and providing value-added recommendations based on our experience. Additionally, we can assist in the process to gather existing documentation, organize it, and identify any gaps in an effort to meet SAS 112 requirements.
To assist your organization in developing a comprehensive fraud policy, Thurman, Shinn and Company will primarily make inquiries of management to determine the unique aspects of your organization’s stance on fraud. We will use this information to create a fraud policy that has been customized specifically to your entity.
Thurman, Shinn and Company will be glad to meet with members of management, your board and others charged with governance to discuss the specific needs of your entity and build an engagement to address the circumstance unique to you.
* * * * *
EXPERIENCE – We are committed to providing services to Governmental Entities
We believe our long service record to governmental entities in the area, our working relationships and associations with governmental auditors, accountants and other professionals across the nation and our recent appointment to the State & Local Government Expert Panel of the American Institute of Certified Public Accountants (“AICPA”) demonstrates our expertise and experience in governmental accounting. This means we understand the intricacies of governmental operations and will complete our work efficiently and effectively (i.e., less overall hours).
VALUE – We provide value to our clients beyond simply a reasonable cost structure
Our methodology has, at its core, a philosophy of simplifying the process by focusing on the significant transactions and account balances first. Our approach includes offering suggestions to clients on process improvement to help create a return on investment for the process. We are able to provide numerous related services to support management in various areas as we explained above. What this means to your entity is that Thurman, Shinn and Company will identify opportunities to use the SAS 112 initiative to help create more efficient internal processes either through the rationalization of controls (i.e., eliminating those that are not necessary) or through process improvement suggestions that will make processes more efficient.
If you have questions about any of these services or would like more information, please feel free to call 573-760-9400. As always, we are available to help management, those charged with governance and your entity comply with the new requirements, and we look forward to working with you.