Audi alteram partem is a principle of natural justice which prohibits a judicial decision which impacts upon individual rights without giving all parties in the dispute a right to be heard.
Monday, August 30, 2010
Audi Alteram Partem
Audi alteram partem means that the employee has the right to defend himself/herself by stating his/her defense. The accused employee will also have the right to adequate notice of the proceedings, right to information, the right to call witnesses, the right to a translator, and above all: the right to a procedurally and substantively fair hearing. The employee also has the right to appeal a finding, or to take the matter to the CCMA or the Labor Court.
Audi alteram partem is a principle of natural justice which prohibits a judicial decision which impacts upon individual rights without giving all parties in the dispute a right to be heard.
Audi alteram partem is a principle of natural justice which prohibits a judicial decision which impacts upon individual rights without giving all parties in the dispute a right to be heard.
Onus of Proof
Onus of proof: A duty placed upon a civil or criminal defendant to prove or disprove a disputed fact.
Burden of proof can define the duty placed upon a party to prove or disprove a disputed fact, or it can define which party bears this burden. In criminal cases, the burden of proof is placed on the prosecution, who must demonstrate that the defendant is guilty before a jury may convict him or her. But in some jurisdiction, the defendant has the burden of establishing the existence of certain facts that give rise to a defense, such as the insanity plea. In civil cases, the plaintiff is normally charged with the burden of proof, but the defendant can be required to establish certain defenses.
The different onuses of proof for the Criminal and Civil Courts:
• Criminal Courts require proof beyond all reasonable doubt, meaning it has to be 99% factual evidence or proof.
• Civil Courts only require proof which has a balance of probability, meaning the evidence or proof has more than a 50% probability.
Burden of proof can define the duty placed upon a party to prove or disprove a disputed fact, or it can define which party bears this burden. In criminal cases, the burden of proof is placed on the prosecution, who must demonstrate that the defendant is guilty before a jury may convict him or her. But in some jurisdiction, the defendant has the burden of establishing the existence of certain facts that give rise to a defense, such as the insanity plea. In civil cases, the plaintiff is normally charged with the burden of proof, but the defendant can be required to establish certain defenses.
The different onuses of proof for the Criminal and Civil Courts:
• Criminal Courts require proof beyond all reasonable doubt, meaning it has to be 99% factual evidence or proof.
• Civil Courts only require proof which has a balance of probability, meaning the evidence or proof has more than a 50% probability.
Follow-up and Remedial Action
Analysis:
Analysis means that after every fraudulent loss, the victim should examine the entire situation of the fraud, carefully taking into account which internal controls failed to either prevent the fraud, or failed to identify the fraud earlier.
The purpose of this stage is to learn from prior mistakes, and to ensure that the same mistakes aren’t made in the future, to protect the organization from further losses. If this step isn’t taken into consideration, the aftermath would be that the organization exposes itself to similar, re-occurring fraud. It is recommended to maximize the analysis stage, that after every fraud, all the parties involved should brainstorm new fraud prevention methods, ensuring a greater success rate.
Publication:
It can be beneficial to publicize details of fraud, if the delicate details and names of offenders are left out, except if the entire disciplinary process has been completed up to the final appeal or CCMA resolution, to ensure that no person’s reputation is slandered.
The advantages of publication are:
• Managing the negative rumors that always arise.
• Visible signs that decisive action is taken.
• Sending a clear message about zero tolerance towards fraudulent activity.
• And lastly, the deterrent effect it has if a person has been “named and blamed”.
Implement controls:
As stated in the analysis stage, fraud occurs if internal controls aren’t effective enough, and the ideas that were brainstormed should now be implemented to ensure that internal controls are effective enough to identify and prevent fraud.
Implementing controls consists of better segregation of duties, greater supervisory controls, and better custodial controls.
Testing and training:
After implementing controls, the new internal controls have to be tested, and staff members need to be trained on their new and improved responsibilities regarding the new internal controls.
This stage is used to maximize the efficiency and effectiveness of the implemented controls, and to ensure that the whole process is a success.
Proactive fraud auditing:
The best way to protect an organization against fraud is by identifying it as soon as possible, making sure that the losses are minimal, and the perpetrator is caught, and in effect, not suffering devastating long term fraud. Actively seeking out fraud is better than accidental discovery, and should be performed by suitably qualified people who should carefully identify and consider all red flags. After every fraud in a department, all other departments should be tested for similar frauds, based on red flags identified during the analysis stage. Basically the proactive fraud auditing stage is to get all the bad apples out of the tree.
Analysis means that after every fraudulent loss, the victim should examine the entire situation of the fraud, carefully taking into account which internal controls failed to either prevent the fraud, or failed to identify the fraud earlier.
The purpose of this stage is to learn from prior mistakes, and to ensure that the same mistakes aren’t made in the future, to protect the organization from further losses. If this step isn’t taken into consideration, the aftermath would be that the organization exposes itself to similar, re-occurring fraud. It is recommended to maximize the analysis stage, that after every fraud, all the parties involved should brainstorm new fraud prevention methods, ensuring a greater success rate.
Publication:
It can be beneficial to publicize details of fraud, if the delicate details and names of offenders are left out, except if the entire disciplinary process has been completed up to the final appeal or CCMA resolution, to ensure that no person’s reputation is slandered.
The advantages of publication are:
• Managing the negative rumors that always arise.
• Visible signs that decisive action is taken.
• Sending a clear message about zero tolerance towards fraudulent activity.
• And lastly, the deterrent effect it has if a person has been “named and blamed”.
Implement controls:
As stated in the analysis stage, fraud occurs if internal controls aren’t effective enough, and the ideas that were brainstormed should now be implemented to ensure that internal controls are effective enough to identify and prevent fraud.
Implementing controls consists of better segregation of duties, greater supervisory controls, and better custodial controls.
Testing and training:
After implementing controls, the new internal controls have to be tested, and staff members need to be trained on their new and improved responsibilities regarding the new internal controls.
This stage is used to maximize the efficiency and effectiveness of the implemented controls, and to ensure that the whole process is a success.
Proactive fraud auditing:
The best way to protect an organization against fraud is by identifying it as soon as possible, making sure that the losses are minimal, and the perpetrator is caught, and in effect, not suffering devastating long term fraud. Actively seeking out fraud is better than accidental discovery, and should be performed by suitably qualified people who should carefully identify and consider all red flags. After every fraud in a department, all other departments should be tested for similar frauds, based on red flags identified during the analysis stage. Basically the proactive fraud auditing stage is to get all the bad apples out of the tree.
Thursday, August 19, 2010
Five Phases of an Investigation
1. First receipt of allegation and mandate to investigate:
Internal and external forensic auditors have to ensure that a mandate for an investigation is obtained. Internal auditors need a signed letter of instructions from their employers, to obtain clarity in an investigation and protect the forensic auditor, and it can be presented to a witness to prove the identification of the forensic auditor. External auditors obtain mandate to investigate through an engagement letter from a client. If a forensic auditor receives an allegation of possible economic crime, the auditor needs to evaluate the given information about the possible crime and if there is sufficient evidence, the auditor can proceed to the planning and execution phase, but if there is only a limited amount of evidence, the auditor has to start a preliminary investigation. A preliminary is also needed to determine if a crime was committed, the extent of the crime, and who the perpetrators are.
2. The preliminary investigation:
Purpose:
• To determine whether allegations that a crime has been committed can be proven or disproven.
• To determine the nature of the crime.
• To determine who the perpetrators are.
• To determine what resources will be needed to investigate the crime.
• To compare the expenditure of the investigation with the success of an investigation.
A preliminary investigation is a fact finding mission to asses whether or not a full scale investigation should be conducted, and might not necessarily lead to prima facie proof of a crime.
Preliminary investigation focuses on:
• The lifestyle of the accountant (person in question).
• Other possible sources of income.
• Further indications that the person in question is living beyond his/her means.
• The sources of money that the person is receiving.
• A cursory evaluation of the company’s books in order to determine if there are any obvious shortages or manipulations.
If large electronic transfers were made from the company’s bank account by a person in question, or VAT or tax statements seem to have been manipulated by the accountant, or the accountant has a sudden change in spending patterns that can’t be explained, a full scale investigation has to be conducted.
The preliminary investigation ends as soon as soon as it is confirmed that there are objective reasons that a crime has been committed and that the accountant’s income is questionable. The mandatory must then be informed of all the findings by the forensic auditor, and the mandatory is then responsible for requesting a full scale investigation.
The main objective of a preliminary investigation is thus to determine if a full scale investigation is necessary.
3. Assessment, preliminary reporting and planning:
As previously stated, the mandatory is responsible for requesting a full scale investigation. This decision is based on a preliminary report where the forensic auditor has to report all facts that where discovered during the preliminary investigation pointing to the commission of a crime, and/or facts that prove the innocence of suspects and indicators that may point to the suspension of the investigation. If the preliminary report shows that further investigation is needed, and the mandatory decides that further investigation is necessary, the execution phase of the investigation is continued.
4. The execution phase:
The forensic auditor must perform all procedures in accordance with the investigation plan, and gather all evidence necessary for a successful prosecution. Two of the procedures that will always be performed are taking of affidavits and the gathering and interpretation of documentary evidence. The compilation of a case docket and the maintenance of an investigation diary are also important elements of all investigations.
There are numerous procedures that may be performed during an investigation, but there are no definitive blueprints that will fit all investigations. Some procedures may apply in some cases, and some may not. It is crucial to also know the law relating to investigation as described in the Criminal Procedure Act and other legislation. If the forensic auditor has no knowledge of the law, he or she would not know that the Police may apply for a search warrant in terms of the Criminal Procedure Act for the searching of premises and the seizure of evidence, or that a subpoena in terms of section 205 of the Criminal Procedure Act can grant the Police access to important information held by private persons and entities such as the banks, that would otherwise not be accessible for investigation purposes.
It should be noted that it is often beneficial for the forensic auditor to work and co-operate with the Police. It should be borne in mind that all evidence collected by the Police in terms of powers extended to them in the Criminal Procedure Act or other legislation are for the use of the Police in a criminal trial only. There are certain exceptions and permission may be obtained from the Director of Public Prosecution to utilize information in a police case docket for the purposes such as disciplinary hearings, etc.
A forensic auditor’s mandate very often includes assisting the Police with the investigation in order to prepare the matter for submission to the prosecutor.
5. Reporting:
The reporting phase could be regarded as the most important phase of a forensic audit. Regardless of how well the work was done, if the report is not written properly, the perception of the reader will be that the audit was not a success. The report must reflect the quality of an investigation.
Internal and external forensic auditors have to ensure that a mandate for an investigation is obtained. Internal auditors need a signed letter of instructions from their employers, to obtain clarity in an investigation and protect the forensic auditor, and it can be presented to a witness to prove the identification of the forensic auditor. External auditors obtain mandate to investigate through an engagement letter from a client. If a forensic auditor receives an allegation of possible economic crime, the auditor needs to evaluate the given information about the possible crime and if there is sufficient evidence, the auditor can proceed to the planning and execution phase, but if there is only a limited amount of evidence, the auditor has to start a preliminary investigation. A preliminary is also needed to determine if a crime was committed, the extent of the crime, and who the perpetrators are.
2. The preliminary investigation:
Purpose:
• To determine whether allegations that a crime has been committed can be proven or disproven.
• To determine the nature of the crime.
• To determine who the perpetrators are.
• To determine what resources will be needed to investigate the crime.
• To compare the expenditure of the investigation with the success of an investigation.
A preliminary investigation is a fact finding mission to asses whether or not a full scale investigation should be conducted, and might not necessarily lead to prima facie proof of a crime.
Preliminary investigation focuses on:
• The lifestyle of the accountant (person in question).
• Other possible sources of income.
• Further indications that the person in question is living beyond his/her means.
• The sources of money that the person is receiving.
• A cursory evaluation of the company’s books in order to determine if there are any obvious shortages or manipulations.
If large electronic transfers were made from the company’s bank account by a person in question, or VAT or tax statements seem to have been manipulated by the accountant, or the accountant has a sudden change in spending patterns that can’t be explained, a full scale investigation has to be conducted.
The preliminary investigation ends as soon as soon as it is confirmed that there are objective reasons that a crime has been committed and that the accountant’s income is questionable. The mandatory must then be informed of all the findings by the forensic auditor, and the mandatory is then responsible for requesting a full scale investigation.
The main objective of a preliminary investigation is thus to determine if a full scale investigation is necessary.
3. Assessment, preliminary reporting and planning:
As previously stated, the mandatory is responsible for requesting a full scale investigation. This decision is based on a preliminary report where the forensic auditor has to report all facts that where discovered during the preliminary investigation pointing to the commission of a crime, and/or facts that prove the innocence of suspects and indicators that may point to the suspension of the investigation. If the preliminary report shows that further investigation is needed, and the mandatory decides that further investigation is necessary, the execution phase of the investigation is continued.
4. The execution phase:
The forensic auditor must perform all procedures in accordance with the investigation plan, and gather all evidence necessary for a successful prosecution. Two of the procedures that will always be performed are taking of affidavits and the gathering and interpretation of documentary evidence. The compilation of a case docket and the maintenance of an investigation diary are also important elements of all investigations.
There are numerous procedures that may be performed during an investigation, but there are no definitive blueprints that will fit all investigations. Some procedures may apply in some cases, and some may not. It is crucial to also know the law relating to investigation as described in the Criminal Procedure Act and other legislation. If the forensic auditor has no knowledge of the law, he or she would not know that the Police may apply for a search warrant in terms of the Criminal Procedure Act for the searching of premises and the seizure of evidence, or that a subpoena in terms of section 205 of the Criminal Procedure Act can grant the Police access to important information held by private persons and entities such as the banks, that would otherwise not be accessible for investigation purposes.
It should be noted that it is often beneficial for the forensic auditor to work and co-operate with the Police. It should be borne in mind that all evidence collected by the Police in terms of powers extended to them in the Criminal Procedure Act or other legislation are for the use of the Police in a criminal trial only. There are certain exceptions and permission may be obtained from the Director of Public Prosecution to utilize information in a police case docket for the purposes such as disciplinary hearings, etc.
A forensic auditor’s mandate very often includes assisting the Police with the investigation in order to prepare the matter for submission to the prosecutor.
5. Reporting:
The reporting phase could be regarded as the most important phase of a forensic audit. Regardless of how well the work was done, if the report is not written properly, the perception of the reader will be that the audit was not a success. The report must reflect the quality of an investigation.
Thursday, August 5, 2010
Motivation for Internal Control
• The effectiveness and efficiency of operations.
• Safeguarding of the company’s assets.
• Safeguarding of the company’s information.
• Compliance with applicable laws, regulations, and supervisory requirements.
• Supporting business sustainability under normal as well as adverse operating conditions.
• The reliability of reporting.
• Behaving responsibly to stakeholders.
• Safeguarding of the company’s assets.
• Safeguarding of the company’s information.
• Compliance with applicable laws, regulations, and supervisory requirements.
• Supporting business sustainability under normal as well as adverse operating conditions.
• The reliability of reporting.
• Behaving responsibly to stakeholders.
Five Components of Internal Control
• Control environment - The control environment provides the company with the discipline and structure required for all aspects of risk management and control. It includes integrity, ethical values, organizational culture, and competence of employees, management’s philosophy and operating style, assignment of authority.
• Risk assessment - The risk assessment process involves the identification, evaluation, and management of risks that are significant to the achievement of an organization’s objective. The forensic auditor should obtain an understanding of the significant fraud risks and identify the implications of any such risks for the organization.
• Information and communication - All organizations should have information systems that measure process results and compare them with objectives. They should also have communication practices to ensure that senior management promptly receives all such information, both positive and negative.
• Control activities - These are the policies and procedures established by management as a response to internal and external risks.
• Monitoring - Management’s monitoring procedures involve the assessment of actual performance and the comparison of actual and anticipated performance. The board must fully understand the business risk issues and key performance indicators that could affect the ability of the organization to achieve its purpose in the long term. Business risk and key performance indicators should be benchmarked against industry norms and best practice.
• Risk assessment - The risk assessment process involves the identification, evaluation, and management of risks that are significant to the achievement of an organization’s objective. The forensic auditor should obtain an understanding of the significant fraud risks and identify the implications of any such risks for the organization.
• Information and communication - All organizations should have information systems that measure process results and compare them with objectives. They should also have communication practices to ensure that senior management promptly receives all such information, both positive and negative.
• Control activities - These are the policies and procedures established by management as a response to internal and external risks.
• Monitoring - Management’s monitoring procedures involve the assessment of actual performance and the comparison of actual and anticipated performance. The board must fully understand the business risk issues and key performance indicators that could affect the ability of the organization to achieve its purpose in the long term. Business risk and key performance indicators should be benchmarked against industry norms and best practice.
Limitations of Internal Control
• Cost versus budget - The cost of an implemented control should not exceed its anticipated benefit. In circumstances where management has assessed the risk of loss and has decided to “accept” the risk as insignificant, this could lead to an absence of controls in areas where they could have prevented fraud.
• Routine versus non-routine transactions - Most controls are directed at routine rather than non-routine transaction processes, for example a business where thousands of sales transactions occur daily, such transactions are likely to be tightly controlled, with specific approval, processing, and monitoring controls in place. On the other hand, infrequent transactions such as the purchase of fixed assets for high values, usually formally approved by directors’ minutes may not have formalized procedures in place to identify, capture, and communicate the transactions. As a result, the completeness and measurement or accuracy of the recorded transactions may be in doubt.
• Human error - This relates to the potential for human error due to carelessness, distractions, poor judgment, and the misunderstanding of instructions. Temporary or permanent changes in personnel, systems, or procedures may contribute to human errors.
• Collusion - This refers to the possibility that a member of management or an employee colludes with parties inside or outside the organization to circumvent internal controls. An example of internal collusion is collusion between a staff member in human resources and a staff member dealing with funds transfers: The human resources staff member adds fictitious employees and/or additional employee back accounts onto the standing data files of the payroll, and the other staff member then authorizes the electronic fund transfers to these fictitious bank accounts.
• Management override - This revolves around the possibility that a person responsible for exercising a control could abuse that responsibility, for example, when a member of management overrides a control. Management override may be associated with aggressive earning policies, personal expenses processed through the business, the improper authorization of transactions, and deliberately misleading representations to secure financial benefits. These actions may be associated with deliberate attempts by management to mislead the auditors.
• Changes in conditions - This relates to the possibility that procedures may become inadequate owing to changes in conditions, and that compliance with control procedures may deteriorate. Examples are changes in the IT environment, and changes in the entity owing to large acquisitions, reorganizations, the development of new products or services operations in regions that are economically unstable, the application of new accounting standards, off-balance sheet finance, etc.
• Routine versus non-routine transactions - Most controls are directed at routine rather than non-routine transaction processes, for example a business where thousands of sales transactions occur daily, such transactions are likely to be tightly controlled, with specific approval, processing, and monitoring controls in place. On the other hand, infrequent transactions such as the purchase of fixed assets for high values, usually formally approved by directors’ minutes may not have formalized procedures in place to identify, capture, and communicate the transactions. As a result, the completeness and measurement or accuracy of the recorded transactions may be in doubt.
• Human error - This relates to the potential for human error due to carelessness, distractions, poor judgment, and the misunderstanding of instructions. Temporary or permanent changes in personnel, systems, or procedures may contribute to human errors.
• Collusion - This refers to the possibility that a member of management or an employee colludes with parties inside or outside the organization to circumvent internal controls. An example of internal collusion is collusion between a staff member in human resources and a staff member dealing with funds transfers: The human resources staff member adds fictitious employees and/or additional employee back accounts onto the standing data files of the payroll, and the other staff member then authorizes the electronic fund transfers to these fictitious bank accounts.
• Management override - This revolves around the possibility that a person responsible for exercising a control could abuse that responsibility, for example, when a member of management overrides a control. Management override may be associated with aggressive earning policies, personal expenses processed through the business, the improper authorization of transactions, and deliberately misleading representations to secure financial benefits. These actions may be associated with deliberate attempts by management to mislead the auditors.
• Changes in conditions - This relates to the possibility that procedures may become inadequate owing to changes in conditions, and that compliance with control procedures may deteriorate. Examples are changes in the IT environment, and changes in the entity owing to large acquisitions, reorganizations, the development of new products or services operations in regions that are economically unstable, the application of new accounting standards, off-balance sheet finance, etc.
Subscribe to:
Posts (Atom)
