Strategic Planning for 2011? Changes in Business Can Compromise the Effectiveness of Internal Controls

If we have learned anything from the Sarbanes-Oxley era and the scandals that brought down the economy, it is that internal controls have to be effective. The first step is control design. When done properly, the design will include preventive controls to preclude undesirable activities and detective controls to alert management when exceptions occur. An appropriate design of preventive and detective controls is critical, but not sufficient. Control environments are dynamic. Changes in the business often result in workload shifts. When this happens, roles and assignments are informally swapped to make the work load more equitable. As informal process changes evolve, the control design is often unintentionally compromised, sometimes with significant consequences.

For example, an Accounts Payable Manager has the responsibility to review all vendor master file changes before payments to vendors are made. However, if the Accounts Payable Manager is suddenly swamped with a new system implementation she may not have the time to review the master file changes and she may not be available when the payable checks are ready.

In situations like this, the Accounts Payable Manager might assign the vendor master file review to an employee who is responsible for processing checks but does not have system access to enter invoices. On the surface, this appears to be a viable alternative since the responsibilities for invoice processing and vendor change review are segregated. However, this informal role change has just compromised the control system.

What happens if this employee creates an invoice from a fictitious vendor? Since the employee has been given the responsibility to review new vendor additions, the fictitious vendor is not questioned. After the invoices are processed, she simply prints the check and pockets the payment.

This is only one example to illustrate how a “quick fix” may not be in the best interests of the company. Informal reassignments are common as new pressures develop. When workloads shift, it is worth the time to review the internal control design in total. If there is no time for a total control design reevaluation, enlist the help of the Internal Audit department. In any case, when responsibilities are reassigned make sure that there are adequate mitigating controls throughout the entire process. Having “trusted” employees does not always protect against errors or fraud.

‘Tis the Season to be Internal Audit Planning

As the holiday season is rapidly approaching, good tidings are regularly shared as should be the case.  It is time to be joyous and celebratory for the year that was and hopeful for the year that shall come.

It is also a time for Internal Auditors to take stock in their year that was and plan for the year that shall come.  I presume most Internal Audit Departments have completed their annual risk assessment, are trying to wrap up any remaining items from the 2010 Internal Audit schedule, and are putting together their 2011 Internal Audit Plan.

Here are some questions I recommend Internal Auditors ask themselves:

• How has the economy impacted the audits I complete?
• How responsive is my audit plan to changes in risks?
• How was the 2010 plan better than the 2009 plan and how is 2011 going to improve upon 2010?
• What were my significant accomplishments in 2010?
• Were these accomplishments significant to only me or did they have a profound impact on the company?
• What significant accomplishments are going to be made from the 2011 audit plan?
• How is the 2011 audit plan going to enhance the strategic relevance of Internal Audit?

The easiest thing to do is keep everything the “same as last year” - and there could be logic in it like... the economic conditions, staffing shortages, resource constraints, regulatory requirements, and so on.  But, the CEO can’t go to the Board and say "the company's 2011 strategic plan is the same as our 2010 plan" and neither should the Internal Auditor.  Take whatever flexibility you have and think strategic, think relevance, and think profound impact.  Successfully do that now and in 12 months the 2012 planning will become much more fun!

For more information on Internal Audit’s strategic role please review The 2010 Report on the Strategic Role of Internal Audit.

Maximizing the Asset: Inventory Management in a Sluggish Economy

If you are experiencing shrinking margins, cash flow may become your primary concern. Increased sales will produce increased cash input, but purchases and investments lead to cash outlays, and what about inventory? Inventory sits in the warehouse. Inventory not only freezes cash flow but generates expense by requiring handling and storage space. Unless it is on the way out the door to a customer, inventory contributes nothing of value to an organization.

Inventory management is a tradeoff between the ability to meet customer expectations and the necessity of keeping assets fluid to meet unexpected demands and higher costs. Before investing in more storage space or warehouse management tools, consider using resources in ways to decrease inventory.

1. Time is money
The inventory level needed to achieve a given customer fill rate is roughly related to the square root of the lead time. That means that if all other impacts are the same, inventory levels can decrease by 50% when the lead time shortens from four weeks to one week.

One of the strategies to reduce lead time is to develop the ability to customize products at the final stages of production. This allows for the flexibility needed to respond to changes in customer demand. This not only reduces the lead time, but decreases the risk of producing the wrong products.

2. Forecasts are always wrong
Forecasts, by definition, will always be wrong. If forecasting must be used, avoid using financial projections to plan production. Although finance is a vital function in any organization, financial projections do not capture demand. Understanding demand is the key to having the right products in the right places. If a demand forecasting and deployment system is not in the budget, a simpler spreadsheet model can be used quite effectively. Even better, develop relationships with customers to directly access their needs.

3. Negotiate with vendors
Many vendors will manage inventories. Some will replenish daily, leaving only a small safety stock on the premises.

4. Standardize components
Fewer components needed across product lines mean a lower overall inventory. Examine the bills of material for similar types of components and work with engineering to consolidate wherever possible.

5. Get rid of obsolete products and components
Obsolete parts take up valuable space and require handling. If a component is custom made and may be used in the future to service product, move it to after-market stocks. Otherwise, find a buyer on the internet or simply throw the parts away.

The value of an investment in inventory is measured only by how quickly it disappears. The optimal amount of inventory is no inventory at all. This is not a realistic expectation, so the next best strategy is to minimize it wherever possible.

To conduct an audit of your inventory management process, give us a call.

Internal Audit - Adding Value in the Not-for-Profit World

While not-for-profit organizations perform many of the same accounting functions as public corporations, not-for-profits are inherently different in many ways and require a unique Internal Audit focus. In 2006, the American Society of Association Executives (ASAE) published the results of a research project undertaken by The Center for Association Leadership to identify characteristics of the most successful not-for-profit organizations. The study found the following factors to be common in the most successful associations: Commitment to Purpose, Commitment to Analysis and Feedback, and Commitment to Action.

By focusing on the conclusions of this study, auditors can go beyond assurance and provide insight that will help to identify and mitigate risk. An entity level assessment should ask questions to identify the risks associated with each factor listed above.

Commitment to Purpose
A successful organization aligns its products and services with a customer focused mission. Its reason for being is measured by its relevance to the customers and/or members. Questions for auditors to ask include:

• Are strategies aligned with the interests of the customer and/or member before the generation of revenue or the promotion of an image?
• How can upcoming changes in the external environment affect the commitment to the mission? Are underlying values constant?
• Does the association periodically and clearly define the customer? Does it best serve the customers and/or membership directly or through chapter organizations? Are the needs of special interest groups being prioritized effectively?

Commitment to Analysis and Feedback
Communication and data-driven strategies are vital to the success of a not-for-profit organization. The organization should be the ultimate authority concerning the needs and issues of its customers and/or members as well as the state of the business environment. To evaluate the risk associated with poor analysis and feedback, the following questions will be helpful:

• Are initiatives and strategic goals supported by data and research?
• How is information shared throughout the organization? Are all levels of employees actively involved?
• Are computer systems and models appropriate and sufficient?

Commitment to Action
A successful organization is flexible and adapts quickly to crisis situations. For not-for-profits, these situations typically involve a financial setback or a leadership void. Leading not-for-profit organizations also actively pursue alliance opportunities that will leverage services for the membership. The following questions assess the organization’s commitment to continuous improvement and adaptability:

• Does the organization have an action plan that will support quick decision-making in the event of a crisis?
• Are there “sacred cow” programs or services that cannot be changed?
• How does the organization identify and evaluate potential alliances?

Internal Audit has a responsibility to monitor risks particular to the not-for-profit environment. By using the 2006 study as a guideline, a partnership between audit and organization leadership can help foster success and better results for the membership community.

Data Analytics: Providing Greater Internal Audit Depth During A Turbulent Economy

Data Analysis through Computer Assisted Audit Techniques (CAATs) is an efficient way to test transactions, providing 100% assurance on the effectiveness of Internal Controls. Using basic tools such as Microsoft Excel and Access, advanced tools such as ACL or IDEA, or the tools embedded in ERP applications has been a best practice for years but has often been viewed as a luxury, not a necessity. This year, during this economy, using CAATs has become absolutely critical.

Obviously budget pressures have gone through the roof, resulting in massive global layoffs. Reductions in work force, especially to the accounting department, create enormous pressure on the employees who remain. Requiring employees to take on more responsibility often increases the likelihood of errors and misstatements. Added pressures like salary freezes combined with less oversight can tempt an otherwise honest employee to cut corners or commit fraud. The risk of financial misstatement doesn’t get any higher.

A critical way to respond to these challenges is to increase (or initiate) the use of data analytics. This approach evaluates and monitors data from every transaction processed by a company to identify anomalies. Applying data analytics to review transactions in accounts payable, advertising, freight, health benefits, construction, and other areas can yield hundreds of thousands or more in savings and recoveries. When this process is done by management instead of internal audit, errors are identified sooner and with more precision.

CAATs have been around for more than 20 years and those experienced in using CAATs have had experience ranging from good to fabulous. Unfortunately CAATs have typically been used only by Internal Audit Departments and only on selected audit projects. The inconsistent usages of CAATs make it difficult to maintain the knowledge and experience to make CAATs a regular and sustainable part of the audit process.

With the status of the economy, CAATs have become an essential part of effective Corporate Governance. The first step is gaining the basic knowledge to make CAATs part of the oversight process. The second step is sharing the knowledge throughout the Internal Audit department and management ranks. The third step is imbedding the process into the fabric of the organization to make it sustainable and continuous. Getting more oversight with less effort is possible today by simply leveraging CAATs, a technology most companies already employ.

To learn more about how to make CAATs a routine part of the audit process, please contact Vonya Global for a free consultation. Leveraging readily available software tools in combination with proprietary methodologies, our team of data analysis experts focus data analytics at common problem areas to help our clients recover overpayments and develop a sustainable approach to continuous auditing.

ACL is a registered trademark of ACL Corporation and IDEA is a registered trademark of Caseware IDEA.

---

This article was contributed by Joe Oringel and Kim Jones of Visual Risk IQ, a thought leader in Continuous Auditing and Monitoring. For more information on Visual Risk IQ, please visit their web site at www.visualriskiq.com.

Data Analytics: Identifying and Responding to Business Risks Efficiently

Every time a company processes a transaction there is risk. Be it accidental errors such as duplicate entry, incorrect posting, and transposing numbers or intentional misconduct, all might be difficult to spot. As technology has advanced, so has the speed and volume of transaction processing. More is done in less time, which potentially increases the likelihood of error.

What can be done to prevent or mitigate these risks? Internal Controls. When designed properly, Internal Controls can detect a risk once it happens, or better yet, prevent a risk from happening in the first place.

Under the COSO Internal Control-Integrated Framework, internal control is broadly defined as a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: a) Effectiveness and efficiency of operations; b) Reliability of financial reporting; and c) Compliance with laws and regulations.*

An example of an internal control is the three way match between a Purchase Order, a receipt of the goods and the related invoice. The control is that the match ensures that the invoice has the authorized price from the Purchase Order and that the quantity agrees to what has been received.

Designing an effective system of Internal Controls is just the beginning. Once designed, it is important to test the Internal Controls to make sure they are operating effectively. The traditional method for testing would investigate a sample size of roughly 25 invoices. If there are exceptions, the sample size will be increased. If there are no exceptions in the first 25, the Internal Controls were deemed effective. Without automation, this is the typical way to test the transactions and make assumptions on the entire population by extrapolation since there are too many transactions to manually test each one.

But what if there were errors, just not represented within the sample? Using CAATTs is the answer.

Computer Assisted Audit Tools and Techniques (CAATTs), is the practice of using software such as Excel or Access, or specialized Audit software such as ACL or IDEA, or ERP specific tools built into SAP or Oracle to automate or simplify the audit process. CAATTs are an efficient way to test all transactions, providing 100% assurance on the effectiveness of Internal Controls.*

What are the benefits?

• Large amount of data can be examined efficiently
• Timely identification of business risks and exceptions
• Business days are not interrupted with information requests to pull paper samples
• Once established, running the tests is simple and very cost-effective

What are the drawbacks?

• Setup time requires IT resource knowledge and availability
• Knowledge of the software to create the tests accurately
• Different system applications at different locations requires different tests to be created

To learn more about using CAATTS to identify and respond to business risks more efficiently visit www.vonyaglobal.com or contact Vonya Global for a free consultation.

* Excerpts taken from www.wikipedia.com

Use Internal Audit to Reduce Costs of Major Construction Projects

Organizations involved in major capital projects are missing out on significant opportunities to strengthen internal controls and reduce costs. This is not to say that construction managers are fiscally irresponsible, conversely they are very reluctant to spend money where it is not absolutely necessary. So much so that in an effort to contain costs, most organizations don’t budget funds for construction audits until the project is complete or nearing completion. However, this “Close-out” audit is only one component of a successful control and cost containment program. Vonya Global believes that investing in internal audit early in the construction process may save thousands or hundreds of thousands of dollars throughout the project. “Full-scope” construction auditing optimizes the effectiveness of internal controls, reduces total project costs, and maximizes cost recovery.

Close-out Audit - At the project’s conclusion, the owner requires assurance that the General Contractor/Construction Manager (CM) has completed the work in accordance with the contract. A close-out audit provides the owner confidence that the contracted obligations were fulfilled and the billing was accurate per the contract terms. While this is a critical step to verify compliance with the contract, it doesn’t solve other problems caused by a poorly written contract. In fact, contracts rarely protect all the interests of the owner.
Involving construction audit services at the beginning, rather than the end of a construction project is far more effective because it mitigates risk before it materializes. Audit’s first responsibility is to protect the owner’s interest by creating favorable contractual agreements and improving the project control environment. Keeping Vonya Global engaged throughout the construction project assures the effectiveness of the control environment and identifies inappropriate cost overcharges.

In creating the contract (the binding agreement between the owner and all parties involved in the construction process), many owners place their trust in the knowledge of the General Contractor/CM and Architect to include all the appropriate provisions in the contracts. Most owners will then seek legal counsel to review the contract focusing on the insurance and indemnification sections. Additionally, the General Contractor/CM and Architect are often relied upon to track and control project costs. The result is an agreement which may not contain the necessary terms and conditions to adequately protect the interests of the owner, may not establish an effective system of internal controls, and may not establish a systematic means of monitoring contract compliance.

The American Institute of Architects (AIA) provides standard construction contracts, such as the:

• AIA A101 for stipulated sum projects
• AIA A111 and A121 agreements for cost reimbursable projects
• A201 which contains the related General Conditions to the agreement

However, even these contract provisions require modification to fully protect the interest of the owner. For example, the Accounting Records or “Right-to-Audit” clause should be strengthened, and the Changes or “Change Order” clauses often require clarification. These modifications improve the owner’s control over project costs, and allow for recoveries.

An effective “Full-scope” audit program utilizing the construction audit services of Vonya Global establishes an effective control environment, defines expectations for all parties, reduces the potential for conflict, reduces total project costs, and reduces the owner’s risk. Performing a “Full-scope” construction project audit is a best practice, and the earlier a qualified Construction Auditor is involved in the project life-cycle, the greater the benefits to the project owner.

Internal Auditors – Playing a Strategic Role

"We believe Internal Auditors can play a more strategic role; whether they do in their specific organization is up to the Audit Committee, Executive Management, and the Internal Audit Department. We have released a report that will provide a starting point for a conversation between the three groups." - Vonya Global

Vonya Global announced today that the Final Report on the Strategic Role of Internal Audit has been released. In compiling information for the study, Vonya Global surveyed a cross-section of Executives and Internal Auditors from both public and private organizations in a variety of industries to evaluate their opinions regarding the strategic role of Internal Audit. The study set out to determine whether it is Internal Audit’s role to evaluate strategic risks and if Internal Audit is equipped to do so effectively. The primary goal was to provide a benchmark for Internal Auditors and Executives on the strategic role of Internal Audit.

The 2010 study is a follow up to a similar study conducted in 2008 and was designed to compare opinions in 4 areas:

1. Vision, Goals, and Objectives of Internal Audit
2. Mission and Value Relative to Strategic Risks
3. Process, Skills, Time, and Budget
4. Compliance Requirements

In 2008 it was revealed that a gap exists between Executive Management and Internal Auditors on the function of Internal Audit. The 2010 study set out to explore whether this gap still exists or if it has been closed. In addition, the new study provides a more detailed comparison between Executive Management and Internal Auditors.

While the 2010 Report on the Strategic Role of Internal Audit reveals that many gaps still exist between Executives and Internal Auditors, there are encouraging findings as well. One assumption going into the study was that Internal Audit plays a critical role in a company’s ability to meet its strategic objectives and there appears to be general agreement between Executives and Internal Auditors in many categories. The report provides details and quotes from the participants, such as:

"We make understanding the strategic direction and goals a priority in our risk assessment process so that we can link our audit plan to the strategies and goals of the company.”

"Internal Audit is at the table for senior management discussions, for input on operational challenges and control risks, for the implementation of new systems and replacement of outdated processes, and for risk management.”

“The only risks that management should fear are the ones that they do not know about - it is Audit's job to provide that information.”

The full report can be downloaded by following the link on the Vonya Global home page.

IFRS Best Practice - Early Conversion

A change in accounting standards, shifting from GAAP to IFRS, is virtually inevitable in the U.S. The shift globally is well underway with 100 countries having switched from country specific accounting standards to IFRS. Based on the experience of these countries, adoption impacts all aspects of operations and will affect a company’s people, processes, information systems and internal controls. IFRS conversion is a significant endeavor; Vonya Global contends that an early start will make a significant difference reducing both effort and cost.

There are parallels between IFRS Conversion and the initial Sarbanes-Oxley Compliance initiatives and applying the lessons learned from Sarbanes-Oxley will significantly reduce the cost of conversion. The most important lesson is to prepare early and start early.

The changing requirements of Sarbanes-Oxley compliance in the first years after the legislation was initially passed gave most companies a false sense of security in pushing off the start date. Each company in this situation found significant resource shortages, an inefficient compliance process, and increased fees from professional services firms. Starting early could have made the compliance process far easier and would have spread the cost over multiple financial periods.

Similarly, early IFRS conversion will streamline the process and spread the cost out over multiple financial periods. IFRS implementation has enterprise wide application – with implications beyond finance and financial reporting – reaching and affecting all parts of the business. It requires modification of processes and systems to support the new accounting and reporting requirements. Companies should begin embarking on their initiatives to achieve timely convergence with IFRS, taking a slower and methodical approach. Some of the advantages to early conversion to IFRS include:

- Simplified reporting
- Reduced operating costs
- Greater transparency
- Comparability for investors
- Improved access to capital

Eventually, GAAP will go away, and IFRS will be the lone standard. This is a historic event. It is accelerating. And it is inevitable. Those who embrace this early will be rewarded.

Study Launched on the Strategic Role of Internal Audit

Vonya Global is surveying a cross-section of Executives and Internal Auditors from both public and private organizations in a variety of industries to evaluate their opinions regarding the strategic role of internal audit. This is a follow up study to one conducted in 2008. The results of the 2008 study revealed a expectation gap in the strategic role internal auditors play in their organizations. This follow up study will compare how expectations may have changed in light of continued risks of fraud, financial statement errors, environmental risks, security breaches, and privacy concerns.

One executive from the previous study stated the following: "Internal Audit could improve its capabilities in evaluating the effects of strategic and business risk on the overall risk profile of the Company. This would also enhance the primary mission of internal audit to look for potential financial issues.” This statement, along with many others, reveal the importance of internal audit becoming more than a financial compliance function. The results of this new study will highlight whether or not internal audit has taken steps in this direction.

To participate in the study, please visit the Vonya Global website: http://www.vonyaglobal.com

Social Media - is it Friend or Foe?

Social media is rapidly becoming a critical tool for communication not only bringing benefits, but also risks. For many organizations, social media is a vital channel for communication to customers, partners and stakeholders. However, some organizations see it as a distraction to their employees and a potential security threat and reputation risks. The key, of course, is to maximize the opportunities it presents and minimize the risks.

As an alternative to simply banning or limiting employees from using social media, organizations should understand the role that these innovative services have in today’s world. With the appropriate amount of governance, organizations can leverage social media to help reach their objectives.

In order to develop, implement, monitor and improve social media activities within an organization, an effective governance framework is imperative. A social media strategy and policy should be established followed by a risk assessment. Based on the outcome of the risk assessment, embed key controls, including an acceptable use agreement, corporate image rules and branding guidelines. Implementation of operational best practice guidelines should cover blogging and usage of popular sites such as LinkedIn, Twitter, Facebook, and YouTube.

Finally, ensure that roles and responsibilities are defined, metrics and monitoring procedures are established, and training and communication organization-wide takes place to help provide awareness and conformity.

Whether your objectives are to generate exposure for your business, increase traffic to your site, build new business partnerships or bring in new, qualified leads, benefits from social media can be realized as long as there is an effective governance structure in place to mitigate the associated risks.

Vonya Global is Lowering the Cost of a SAS 70 Assessment

Statement on Auditing Standards Number 70 (SAS 70) issued by the AICPA requires service organizations to obtain an external opinion assessing internal controls. Issued in 1993, the SAS 70 is not a new requirement but it has increased in relative importance since the enactment of the Sarbanes-Oxley Act of 2002 (SOX, Sarbox), Gramm-Leach-Bliley Act (GLBA), and other new regulatory requirements. Any service organization holding third party data must provide assurance that the data is protected. The certification process can be quite costly for all service organizations, and disproportionally so for smaller companies.

Vonya Global has a history of working with companies on SAS 70 readiness. The work completed by Vonya Global helps companies streamline their internal processes and controls making it easier for the certifying agent to complete the assessment. The easier it is to certify, the lower the cost of certification. As the SAS 70 is an annual requirement, the cost savings are realized each year.

For a limited time, Vonya Global is offering its SAS 70 readiness services at a discounted price. For more information please contact a representative of the firm.

The New SEC Proxy Disclosure Rules and the Relationship Between the Board and Management

The way to effectively hold a company accountable for their actions is through transparency. On December 16, 2009, the U.S. Securities and Exchange Commission (SEC) approved new rules requiring public companies to increase their transparency around proxy disclosure, specifically:
• Board risk oversight practice and philosophy
• Executive compensation practices and policies
• Board leadership structure
• Board diversity
• Director qualifications and their “value add”

SEC Commentary on the rule states “Disclosure of the board’s oversight of the risk management process should provide important information to investors about how a company perceives the role of its board and the relationship between the board and senior management in managing the material risks facing the company.”

The relationship between the board and management has become of greater importance and will need to continue to strengthen.

Management is responsible for identifying, monitoring, managing, and communicating the risks to the board. As management it is important to use the time with the board and the committees to help them understand the real objective and risk exposure is in relation to the risk culture of the company. The board continually needs to access management’s understanding of risks, attitude towards risk, and their performance. Furthermore, the board must ensure that only well informed decisions are made.

Management manages risk and the board oversees management, therefore the continuous communication between the two, including the committees, is vital for success. The new proxy disclosure rules itself and any additional changes in corporate governance are going to push for continued improvement in this relationship.

Responding to Fraud Risk: the CAE’s Role

Background: The Association of Certified Fraud Examiners (ACFE) conducts a bi-annual study on fraud investigations, the results of which get summarized in the ACFE Report to the Nation. The most recent report was issued in 2008 and revealed the following:

- U.S. organizations lose 7% of their annual revenues to fraud
- There is approximately $994 billion in fraud losses each year
- Fraud schemes typically last for at least 2 years before they are caught
- Corruption was the #1 scheme at 27% of all reported fraud cases
- False Billing was the #2 scheme at 24% of all reported fraud cases
- Frauds are most likely to be uncovered by a “tip” rather than any other method, including audit
- Roughly 38% of Frauds happened at small companies (>100 employees)
- Roughly 42% of Frauds happened at large companies (1,000+ employees)
- Roughly 39% of Frauds happened at Private Companies
- Roughly 28% of Frauds happened at Public Companies

What these statistics prove is while fraud may not happen at every company; no company is immune to fraud risk. As an inherent risk to business, fraud should be included in Enterprise Risk Management (ERM). Methods for managing and controlling the risk of fraud should include strategies for fraud prevention, fraud detection, and fraud deterrence.

The Chief Audit Executive (CAE) must be involved in the organizational anti-Fraud strategy. As with other business risks the CAE should be assessing Fraud Risk and evaluating the effectiveness of the anti-Fraud strategies. Here is a sample list of strategies:

Fraud Prevention

- Anti-Fraud Tone at the Top
- Strong Corporate Governance and Internal Control Environment
- Policies and Procedures to reflect mindset and actions
- Hire ethical employees (Background checks, signed forms, etc.)
- Code of Conduct – signed by every employee
- Conflict of Interest Statement (employees and business partners)

Fraud Detection

- Establish a Hotline
- Fraud Risk Assessment
- Fraud Penetration Study based on Schemes and Concealment Strategies
- Incorporate Fraud in every phase of an audit (SAS 99)
- Create/utilize a Red Flags Database
- Implement effective SOX Fraud Controls
- Data mine instead of sample testing
- Create a Toolkit including a resource roster of experts (Fraud expert, Investigator, Data mining, etc.)
- Continuously Monitor Transactions for possible Fraud

Fraud Deterrence

- Create an Internal Audit department
- Publicize Ethics Hotline
- Publicize Internal Fraud Cases and Punishment
- Publicize Continuous Monitoring Program

Vonya Global and the ACFE are not affiliated. Information in the opening paragraph is sourced from the ACFE 2008 Report to the Nation, which can be downloaded at the ACFE website.

NACD Directorship names its Top 50 Companies

The National Association of Corporate Directors magazine, "Directorship", has recently released its list of the top 50 "Best Performing, Best Governed Companies in the Fortune 500." Vonya Global applauds the publications effort to recognize the companies which place an emphasis on Corporate Governance, Ethics, Integrity, and Citizenship. There are hundreds of lists that rank companies based on revenue, profit margin, growth potential, and many other financial and non-financial metrics, but this is the first (and only that we know of) that includes these other, arguably more important metrics to the evaluation equation.

The article stated: "A great employer posts poor earnings or a great profit maker is not a terrific corporate citizen. These facts suggested that something should be done to recognize companies that are both far sighted in terms of corporate governance and producing returns for their shareholders."

The top rated company in the "Nifty Fifty" was Goldman Sachs and their CEO, Lloyd Blankfein, was named the "Directorship" CEO of the Year. Our heartfelt congratulations goes out to Mr. Blankfien and all the other companies which made it on the list.

Vonya Global and the NACD are not related organizations