P R E PA R E D BYS H E I K S H A M I U L L A H C H O W D H U RY

( I D 2 0 1 2 1 2 1 0 1 5 )KA Z I N E H A L A H M E D

( I D 2 0 1 1 4 2 1 0 1 5 )M D. I S M A I L H O S S A I N

( I D 2 0 1 2 1 2 1 0 1 0 )

PREPARED FORMR. KHWAJA ARAFAT ABDULLAH

CO -ORDINATOR AND FACULTYSCHOOL OF BUSI NESS, BAC

BUSINESS RISK, CONTROL SYSTEMS AND RISK OF FRAUD

WHITIN BISON HOSPITALITY LTD.

2

Components of Business Risk

An organizations board of directors implements internal control System in order to assure :

o Reliability of Financial Information.

o Effectiveness and Efficiency of Operation.

o Compliance with Applicable Laws & Regulations.

Not only that, an effective internal control system also helps protect assets from misappropriation or mishandling and it also minimize the potential for waste & loss.

3

Risks & Limitations of Internal Controls

All internal controls have some limitations which reduce their effectiveness.

Caused By:Human Error (Carelessness, Inexperience or Error in Judgment)Breakdowns (Failure to capture unusual activities within system)Management Override (Senior management ignoring Policies)Collusion (employees bypassing control by working with

outsiders)

4

Identification & Assessment

In order to perform an audit, an auditor needs to understand the organization’s internal control system.

The auditor can then plan and define the scope of the audit.

Based on preliminary evidence, the auditor assesses the internal controls as being at maximum risk, below the maximum and effective, or below the maximum and somewhat effective.

Finally the auditor determines how much and what types of testing to plan for in the audit.

5

According to SAS (Statement of Auditing Standard) Audit Risk has Three Components:

Inherent risk – Means that there is susceptibility of an account balance or

class of transactions leading toward material misstatement.

Control risk – Arises when misstatement in balances or classes, are not

being prevented, or detected and corrected by the accounting and internal control systems.

Detection risk – The possibility that the auditors’ substantive procedures

are not detecting a material misstatement in the records.

Standards for Auditors on Assessing Audit Risk

6

LEVEL OF RISK WHITIN BISON HOSPITALITY LTD.

In case of Bison Hospitality Ltd. Internal Control Risk can be assessed as being Maximum. Because, The risk of a material misstatement being

present in the financial reports are High. The risk that the control will fail to operate as designed are critical as well.This means, no Tests of Controls are needed since the internal control procedures are ineffective.

However, we should plan to perform a large amount of Substantive Tests to see whether the financial statement’s objectives are met or not.

7

The Control Systems Of Bison Hospitality Ltd.

8

Some more picture of Ideas Manzil – Bison Hospitality Ltd.

9

Control Environment Vision is clearly set, written objectives missing, policies are missing/not being implemented therefore expectations not met. Operations have an ‘adhoc’ feel.

Risk Assessment As the objectives are not clearly set, risk assessments are based on managerial skills/initiative rather than system, no written protocols at play

Internal Controls Active but not synced together. (Details given in the internal control activities)

Information & Communication

Internal communication is based on one to one meets, Requisitions with implications on finance follows predefined routes and requires authorization. Job responsibilities needs to be drawn up which will assist in the disbursement of information throughout the hierarchy.

Monitoring Monitoring is usually one dimensional (downward), interventions required to formalize the monitoring process, reports etc.

Bison Hospitality Ltd. through COSO Framework ‘Lens’

10

Segregation of duties Job Responsibilities not in writing, jobs are verbally delegated, overlapping of duties observed primarily amongst the front and mid level staff.

Authorization Follows this route – requisition goes into accounts, passes to get recommendation from General Manager, passes to get clearance from Managing Director, comes back to be disbursed or explained why withheld from the accounts. Lacking: Often funds are disbursed directly by the managing director instead of following the route.

Documentation & record keeping

Documentation are properly done and in place. Vouchers and bills are properly kept and monitored. Market assessed randomly for price justifications. Even though unavailability of pre done formats of requisitions, leave forms etc often creates excess work load for the accountant.

Physical control Access to information is strictly limited. Hard copies are kept in locked cabinets and access of soft copies protected through passwords. Entry of physical items are cleared in the entrance and cross checked with the requisition whereas outgoing items require gate pass/es from the General Manager.

Objective performance checks

Monitoring depends on the initiatives of the managers as proper guidelines, objectives and therefore a proper framework is not in place. Monitoring therefore is also ‘adhoc’.

Bison Hospitality Ltd. – Internal Control Activities

11

Recommendation

Further tests are recommended to be carried

out to assess the internal control procedures and

possible fraud.

12

FraudIn criminal law, a fraud is an

intentional deception made for personal gain or to damage another individual.

13

Corporate FraudFraud occurring within an organisation is

known as corporate fraud.  

This involves:Deliberate dishonesty to deceive the public,

investors or lending companies.Usually resulting in financial gain to the

criminals or organisation.

14

According to CNN

At least, 67% of firms that had at least one incident of fraud in the past year laid the blame on insiders such as junior employees, senior managers and agents of the company.

15

Corporate Frauds can Include:

Account takeover Application fraud Bankruptcy-related fraud Betting scams Business directory fraud Charitable publication scams Cheque fraud Cheque overpayment fraud Domain name scams Exploiting assets and

information Fake invoice scams False accounting Fixed line fraud Government agency scams

Insurance fraud Intellectual property fraud Long and short firm fraud Mobile phone fraud Mortgage fraud Office supply scams Payment fraud Personnel management Plastic card fraud Ponzi schemes Premium rate phone line

scams Procurement fraud Pyramid schemes Receipt fraud

16

Types of Frauds

There are three types of fraud:i. Misappropriation of corporate assets.ii. Manipulation of accounting information.iii. Deception of a specific party.

17

Most Common or Popular Frauds

18

Fraudulent Trading

Fraudulent trading is where a company carries on a

business with the intention of defrauding creditors or for

any fraudulent purposes.

Fraudulent trading is normally done for:The company has ceased trading.The company is in the process of being wound

up.

19

Share Ramping

Share ramping (also known as 'pump and dump' and

'book ramping') is where criminals influence the share

price of a company and then take advantage of it.

Share ramping is normally done for: It is commonly done by bringing a company to

the market with false expectations of its profitability.

Alternatively it can be done by buying shares in a company when they are at a low price and then starting a rumor that the company is being taken over. When the share price rises, the shares are sold at a profit.

20

Asset stripping

Asset stripping is taking company funds or assets ofvalue while leaving behind the debts.

Stripping of company assets is normally done for twomain reasons:The fraudsters deliberately target a company or

companies to take ownership, move the assets and then put the stripped entity into liquidation.

"Phoenixing" - directors move assets from one limited company to another to 'secure' the benefits of their business and avoid the liabilities. Most or all the directors will usually be the same in both companies.

21

Publishing False Information

Publishing false information is a type of fraudcommitted when a criminal creates, destroys,

conceals,or falsifies an account, record or report which isdeliberately misleading on the company's

financialposition.

This is usually done to mislead investors and creditors and to keep a failing company trading.

22

Top 5 Most Expensive Corporate Frauds of the 20th & 21st Centuries

23

Enron & Arthur AndersonEnron’s collapse in 2001 from a company worth $63.4

billion, to one seeking bankruptcy reorganization, came as a shock to the general public. Considered to be a major accounting failure, it led to the dissolution of Arthur Anderson, one of the world’s largest accounting farms also. Over 15,000 employees of the corporate had most of their savings in stock, which fell from $83.01 in early 2001 to $0.01 in October 2001.

24

Bernie MadoffJune 29, 2009, Bernie Madoff was sentenced to 150 years in

prison, the maximum sentence that could be given to anyone convicted of corporate fraud. He ran an amazing ‘Ponzi” scheme for his clients, showing falsified profits, and gains with the money that they had given him for investment. SEC authorities believe the actual net fraud will be between $ 14 & $17 billion.

25

Subprime Mortgage Crisis

This was not the crisis of a single corporate but it led to the demise of many other corporate. The repercussions can still be felt throughout the US and even Europe. It has had an adverse effect on most of the banks and financial institutions, and has led to large scale reform in the financial sector rules and regulations.

26

Satyam Computers

India’s biggest corporate scam was disclosed when Ramalinga Raju, the CEO of Satyam Computers declared that the company’s profits had been overstated for many years. Inflated bank figures, understated liabilities and over 10,000 non-existent employees were among the many fraudulent practices being indulged in to cross 7000 crone rupees.

27

Worldcom

July 21, 2002, when Worldcom filed for bankruptcy under Chapter 11, it was USA’s largest corporate failure. The accounting scandal covered $ 11 billion and it seems the workings of the company were masked by painting a false picture of growing profits and margins. In 2004, it emerged from the bankruptcy proceedings with $5.7 billion in debt and $ 6 billion in cash.

28

Frauds of Bison Hospitality Ltd.

Maybe Bison Hospitality Ltd. does two types of fraudulence.

i. Misappropriation of corporate assets.ii. Deception of a specific party.

29

Misappropriation of corporate assets

Take extra credit for buying service materials.

Fake invoice scams.Payment fraud.Receipt fraud.

30

Deception of a specific party

They do it on their financial statements.To show less profit to the tax practitioner.

So that they can pay small amount of tax.

31

References:

I. Risk Management – Defining Inherent Risk vs. Residual Risk. Retrieved on 12.12.12 From http://www.savidtech.com/blog/it-security/risk-management-defining-inherent-risk-vs-residual-risk/

II. Internal Control. Retrieved on 12.12.12 From http://www.cliffsnotes.com/study_guide/Internal-Control.topicArticleId-21081,articleId-21006.html

III. Assessing Fraud Risk. Retrieved on 12.12.12 From http://www.journalofaccountancy.com/Issues/2007/Oct/AssessingFraudRisk.htm