Sarbanes-Oxley antifraud guidance

Internal Auditor, Feb, 2004 by D. Salierno

IN LIGHT OF FRAUD-related provisions within the U.S. Sarbanes-Oxley Act of 2002, PricewaterhouseCoopers recently released a white paper aimed at helping organizations establish an effective antifraud program. The paper, Key Elements of Antifraud Programs and Controls, provides recommendations for program design and operating effectiveness and discusses the types of deficiencies that may result when one or more of the program's key elements is absent or ineffective.

Using The Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) Internal Control--Integrated Framework as a basis for its main discussion, the white paper lists key program attributes under the framework's five interrelated components: control environment, risk assessment, control activities, information and communication, and monitoring. According to the authors, the COSO framework was applied "because most companies and auditors in the United States use it to assert and audit the effectiveness of internal controls."

The paper places particular emphasis on the organization's control environment, covering topics such as whistleblower programs, hiring and promotion activities, audit committee and board oversight, and investigation and remediation measures. The authors stress the importance of tone at the top, stating that senior management's example influences the "control consciousness of its people." The control guidance also covers codes of ethics and recommends that written codes include all employees.

As part of a fraud risk assessment program, the authors advise that organizations consider incorporating fraud reviews into their enterprise risk assessment processes or risk management programs and suggest that management perform fraud risk assessments "on a comprehensive and recurring basis." The guidance also provides a listing of essential attributes of an effective fraud risk assessment.

In addition to antifraud program elements, the white paper includes background information on the Sarbanes-Oxley Act, as well as a definition of fraud that encompasses fraudulent financial reporting, misappropriation of assets, expenditures and liabilities for improper purposes, and fraudulently obtained revenue and assets. The document's appendices provide highlights of antifraud laws, regulations, and standards; a table listing indicators of "significant deficiencies"; and a quick reference guide of actions to consider.

To download a free copy of Key Elements of Antifraud Programs and Controls, visit the PricewaterhouseCoopers Web site at www.pwc.com.