TheIIC e-Newsletter

           "Supporting Internal Controls Excellence"

                         Vol.13, Issue #1-2018       Fall 2018

Attention:

TheIIC e-Newsletter is a quarterly publication featuring timely articles, membership information, industry insights and member benefits to readers. There is an opportunity to earn CPE credits at the conclusion of the e-Newsletter with the successful completion of an online quiz based on the material contained within.  Read TheIIC e-Newsletter carefully, master the material and take the quiz to earn those CPE credits! Lets continue to support excellence in Internal Controls!



Inside This Issue:

FEATURED MEMBER

Clarence Traynham


Member Profile

This month we feature one of our long-time certified members, Clarence Traynham. Clarence was awarded the CICA in 2007 and will achieve the ten year member status in November.  Clarence currently serves as the Acting Director for the Office of Audits for the Maryland Transit Administration (MTA).  He joined the agency in March 2016.  In this capacity, Clarence is responsible for conducting entrance and exit conferences with agency management, establishing, , implementing, maintaining and enforcing internal auditing standards, reviewing audit findings, conducting fraud investigations, reviewing, and approving work papers prepared by staff auditors, and assisting the Audit Director with the day to day operations of the Audit Office.

Clarence has an extensive background in Compliance auditing in State government with over 22 years of experience as a state employee. Clarence started his career as a state employee in 1994 as a Correctional Officer with the Department of Public Safety and Correctional Services where he obtained the rank of Correctional Officer Sergeant. After an 11 year career as a Correctional Officer, Clarence began his auditing career in 2005 with the Office of Legislative Audits as a staff auditor.  As a Legislative Auditor he was introduced to electronic work papers or Team Mate (a software program that promotes efficiency while performing audits).In 2007 Clarence moved to the Maryland State Department of Education as a staff auditor where he performed audits of the local school boards. In 2010 Clarence moved to the Maryland State Lottery where he was hired as one of the first Gaming auditors in the State of Maryland, performing audits of the local casinos. It was at the Maryland State Lottery where Clarence was promoted to Internal Auditor Supervisor and again used electronic work papers Auto Audit. In 2014 Clarence moved to the Department of Labor, Licensing and Regulation as an Internal Auditor Supervisor where he helped rebuild the Internal Audit Office and convinced the Director of Audit to obtain electronic work papers Auto Audit.

Clarence holds a BS degree in Accounting from the University of Baltimore.  In addition to the CICA designation he also holds professional designations as a Certified Fraud Examiner (CFE) and Certified Fraud Specialists (CFS).  


ABOUT TheIIC

The Institute for Internal Controls, commonly referred to as TheIIC or IIC, is a global organization dedicated to promoting an effective internal controls environment in all organizations by providing high quality research and education in all areas of internal controls. As an indicator of expertise in internal controls, The Institute for Internal Controls grants the designation of Certified Internal Controls Auditor (CICA) and Certified Controls Specialist (CCS). 



CONTACT INFORMATION 

 Institute for Internal Controls

109 Mullen Drive 
Sicklerville, NJ 08081
856.982.2410

TheIIC e-Newsletter is published by TheIIC Press Division of the
 Institute for Internal Controls, Inc.

Copyright 2018
All rights reserved.


COMPLETE YOUR MBA 
PART-TIME 18-MONTH 
ACCELERATED PROGRAM

Link for Additional Information 
on the MBA Program



NOW AVAILABLE! 
TEXT/
REFERENCE BOOK "CORPORATE STRATEGIC & OPERATIONAL CONTROLS"

Controls Book

Link to TheIIC Bookstore 
15 and Members Discount



IS YOUR INFO CURRENT?


Has your information changed lately? Click the button below in order to complete TheIIC Member Change Information Form to update your records!



EARN a MASTERS

 DEGREE ONLINE or ON-CAMPUS Now!


CLICK HERE FOR PROGRAM INFORMATION 

Application fee ($50) will be refunded for members who are in good standing. Insert "IIC" under thev'how you learned about us?' question for a credit of the $50 application fee!


Partnerships and Alliances

These are just some of the major institutions worldwide that have partnered with TheIIC


 Professional Societies


PBA Canada (Professional Business Accountants Society of Canada


Colleges and Universities


Arcadia University MBA 




 

 





 

 



TheIIC e-Newsletter

email: 

e-newsletter@theiic.org

phone: (856) 982-2410

Web Url:

http://www.theiic.org




A Message from the Chairman 

For those who have accessed our website, you may have noticed that we have activated our new website, with many new features and additional layers of security. 

The main objective of the design of the new website was to make it simple to navigate while providing add
itional resources for our members. 

For those who are members of some of the other large certification organizations, one thing you may notice in using their website is how large they are in the number of pages and how crowded some pages may be. In designing the new website we have tried to ensure that this is not the case and that visitors not only can find the information they need but also can access it easily. You will notice we have a search function on almost every webpage. We also have a site map at the bottom of every page. Both of these gadgets can assist you in finding what you need. Also, we have in some cases multiple access points to web pages and forms. For example, you can access the various Application forms from several different webpages. We also used Jotform to design all of the Applications and forms, with tabs for navigating the longer applications and forms, as well as including an automatic link to pay any fees and dues by PayPal. 

You will also notice in the URL field that the website shows the hypertext transfer protocol as secured with the display of both "https://" and the lock icon. Note that the site is multi layered with security with our use of secured vendors accessed within the website (Jotform, PayPal, etc.) providing their own security protocol. 

In Phase 2 of the release of the new website we will integrate a Membership Management System (MMS) with access limited to members in good standing. The MMS will allow members to access their membership account and profile as well as vital resources for members such as ICQs, the IIC e-Newsletter, the IIC e-Magazine, which we will limit access to once the MMS is completed. We hope to complete Phase 2 project by the end of the year.


If you have any comments about the website feel free to email me directly at chairman@theiic.org or you can use the blog on the Home page of the website. Let us know of any additional features you would like to see while maintaining the simplicity of the new website.

NOTICE to ALL readers of the IIC e-Newsletter:

With the recent introduction of the new IIC website and the MEMBERS ONLY PORTAL before year end, the IIC e-Newsletter will be accessible ONLY by members in GOOD STANDING via the Members Only Portal. A member in good standing is a member of the IIC who has maintained their membership of the IIC via annual renewal. Notice of release of the e-Newsletter will be emailed to all members for access via the IIC website.

Dr. Frank 

CAQ Publication Release - Critical Audit Matters: 

Key Concepts and FAQs for Audit Committees, Investors, and Other Users of Financial Statements

Critical audit matters are required to be included in auditors’ reports for large, accelerated filers beginning with fiscal years ending on or after June 30, 2019, and for other applicable companies for fiscal years ending on or after Dec. 15, 2020.

The report provides information to explain critical audit matters and compares them to the key audit matters required in auditor reporting performed under the rules of the International Auditing and Assurance Standards Board (IAASB).

According to the report:

  • Critical audit matters should not have much effect on communication between the auditor and the audit committee because these matters should already have been discussed in the past. Some topics that are discussed with the audit committee will not rise to the level of a critical audit matter.
  • A significant deficiency in internal control cannot be a critical audit matter because this determination is not related to an account or disclosure. But a significant deficiency could be a consideration in determining that an issue is a critical audit matter.
  • Although critical audit matters may relate to significant risk areas in the audit, some significant risks may not be critical audit matters.
  • Critical audit matters will relate to the current period rather than all periods presented, but the standard allows the auditor to choose to include in the auditor’s report critical audit matters for prior periods.
  • Only in limited circumstances are auditors expected to be required to provide information on critical audit matters that has not already been made public by management.
  • There is no set number of matters to be reported as critical audit matters, although it is expected that in most audits, auditors would determine at least one matter that meets the definition of a critical audit matter.

For addition points for discussion read the publication at the link below.

Click Link to CAQ Publication


U.S. G.A.O. Issues Revised Yellow Book

Note: Although the yellow book is applicable to government audits in the U.S., much valuable information is contained in it and may be of value to all audits as it relates to internal controls. Also of value is what the GAO refers to as the Green Book titled Standards for Internal Control in the Federal Government (links included below).

JOA – July 2018 - Extract (revised)

On July 17, 2018, the U.S. Government Accountability Office (GAO) issued revised standards which are designed to provide a framework for high-quality governmental audits, which include audits of government entities and entities receiving government awards. The new Government Auditing Standards (referred to as the Yellow Book) reinforce the principles of transparency and accountability for auditors as they provide objective analysis and information in service to the public. The revision supersedes the 2011 revision of the standards. The changes include:

  • Presentation of all chapters in a revised format that differentiates requirements from application guidance.
  • New treatment of supplemental guidance from the appendix of the 2011 version of the standards, which is either removed or incorporated into the individual chapters.
  • Expansion of the independence standard to state that preparing financial statements from a client-provided trial balance or underlying accounting records generally creates significant threats to auditors' independence. The revision also states that auditors should document the threats and safeguards applied to eliminate and reduce threats to an acceptable level — or decline to perform the services.
  • Modification of the peer review standard to require that audit organizations comply with their respective affiliated organization's peer review requirements and GAGAS peer review requirements. Additional requirements are provided for audit organizations not affiliated with recognized organizations.
  • The addition of a definition for waste and related examples.
  • Specific considerations for when internal control is significant to the audit objectives for performance audits.

The revision takes effect for financial audits, attestation engagements, and reviews of financial statements for periods ending on or after June 30, 2020, and for performance audits beginning on or after July 1, 2019. It should be noted that early implementation is not permitted.

Click link to view revised Yellow Book

Click Link to view Green Book

Click Link to view JOA article referenced above


How the Evolution of Language Affects Fraud Risk

Source: Journal of Accountancy (August 1, 2018)

(includes extract from JOA article and insights from TheIIC)

As we know, auditors are required to use Professional Skepticism during their audits especially during their interviews, reviews of documentation, walk-throughs, and other processes used during the audit, to determine and verify the information needed by the auditors in their evaluation of internal controls, financial statements, etc. In addressing the above it has been agreed that most auditors are not trained in the use of professional skepticism and there has been a debate on how we train auditors to exhibit professional skepticism. TheIIC will be presenting a White Paper on the subject for release by year-end. In our research, we noted the recent article released by the Journal of Accountancy on how language affects fraud risks. Changes in the words we use and the ways we communicate may make it even trickier to ferret out financial malfeasance.

The JOA article notes the following:

A large part of uncovering fraud involves picking up clues during interviews, in routine discussions with clients, and in written communications and documents. Gaps in the professional's knowledge of the current or relevant language can diminish his or her ability to draw context and meaning from these communications. Additionally, words that sound innocent based on prior use can become new words to obscure illicit activity, so accountants (and internal controls professionals) need to know what to watch for.

Another dramatic change that affects the ability to detect fraud is the move to electronic channels as the dominant modes of business communication. The shift to emails, instant messages, and app-based communications has corresponded with fewer in-person conversations.

According to research cited in the article, there is some concern that auditors' use of technology decreases the desired attitudes and behaviors, such as critical thinking, and increases distraction during engagements.

Additionally, many people, including many auditors and internal controls professionals, are less experienced and even more uncomfortable communicating face-to-face or voice-to-voice than in the past. This can present huge challenges for auditors, especially when trying to discern the veracity of the information they're being given.

In addition, the social cues and body language displayed during an interview give vital context to the words being said. Seasoned auditors have long known that both how something is said and what is not said are often as important as what is said, especially in situations where there is a reason to doubt the accuracy of the information being provided. And important signs of stress in verbal conversations — voice modulations, pauses before answering, stammering, or starting answers over — are absent in many forms of electronic communication.

The evolution of digital communications might also complicate auditing work when it comes to document retention and an organization's ability to comply with investigations. Employees' business use of text messaging and other non-email technologies is a concern for organizations facing requests for such content during an investigation. Compounding the challenge, almost half of organizations that allow their employees to use texting for business communications do not have retention mechanisms in place regarding these communications.

All internal control professionals are encouraged to read the entire article located on the JOA website.

Click Link to JOA Article


IIC is Developing ICQ Library for Members

As part of the design of the new IIC website, which will contain a Members' Only Portal, the IIC is soliciting members to donate Internal Control Questionnaires for use by members. It should be noted that all ICQs should be non-copyrighted or if copyrighted, contain a release to allow use by the IIC and its members. 

An email alert will be sent to the membership providing more details on this project. As an incentive, all members who donate an acceptable ICQ will be awarded one raffle ticket for a drawing for the award of a $100 gift card.


IIC Releases Certification via Curriculum Program

Commencing in 2018/2019, candidates can earn the CICA or CCS certification by completing a curriculum of courses in the areas of internal controls. The program will entail corporate ethics and governance courses, how to courses, and tools and technique courses. The curriculum syllabus will be outlined in the new IIC website which will be released this year. The courses will initially be held in live group sessions, and then converted to a high-quality DVD/CD-ROM format, with examinations held online at the end of each course. Once all course requirements are met, the candidate can apply for the CICA or CCS and candidates who meet all the requirements for certification will be awarded the professional designation. The program will be phased in over a one year period as courses become available.


Scholarship Fund Established

college-images.jpg

As part of the changes implemented by the Office of the Chairman last year, a Scholarship Fund has been established for award to undergraduate students who are majoring in accounting/auditing, IT, finance or Security. The scholarships will be funded by donations from members at renewal time, as well as direct contributions from the IIC, and shared profits from the sale of the Internal Controls Case Study book to be released in 2019. Scholarships will be awarded based on set amounts collected. Plans are to award at least one scholarship each year. Scholarships will be awarded based on financial need. Student Members of Student Chapters will be given priority for the award of all scholarships.


FREE Job Posting Service


As a service to our members, the IIC offers all members, their organizations, and recruiters FREE Job Posting Service. The IIC will post any appropriate job opening the may be of interest to the membership. Postings must include the title of the position, the organization and department, and the location of the position. Salary information is optional but recommended to prevent frivolous inquiries. In addition, a "direct link" to the job posting at the organization's website must be provided. Doc files will no longer be accepted. Note that when listing certifications required or preferred for the position, the list MUST include the CICA or CCS as a preferred certification at a minimum. Job postings will be posted for 60 days or until notice is received by the IIC that the position has been filled. In addition to posting on the IIC website, the Office of the Chairman may email the membership alerting them of the opening. All requests for posting should be emailed to the Office of the Chairman at chairman@theiic.org


Details for this service are available on the Job Openings page of our website as well as the Resources page.


The Board’s Role In Promoting An Ethical Culture

Extract (Modified with comments by TheIIC Chairman)

Journal of Accountancy - July 1, 2018

Comment from the Chairman:

In a recent article in the JOA (discussed below), the author states Boards that prioritize corporate culture, watch for red flags, and set clear expectations will encourage ethical behavior throughout the company.’ But in reality, it is really happening. Although SOX, PCAOB, and international regulatory and professional association sources have placed emphasis on promoting an ethical culture within via what is commonly referred to as the “Tone at the Top”, we consistently have seen unethical behavior since the downfall of Enron and Arthur Andersen. Frightening is the increase in sanctions and fines against the remaining major accounting firms for violations in the international marketplace including violations of the FCPA including bribery.

JOA Article (Extract-Modified)

Research over the past 20 years has continued to underscore that integrity drives performance. Corporate culture and tone at the top are considered key drivers of ethical behavior, but boards of directors often devote little time to the topic.

Board members generally recognize their responsibility to oversee ethics and compliance, said Pat Harned, CEO of the Ethics and Compliance Initiative. What they struggle with, she said, "[is] to know what questions to ask and what information to look for. I don't think directors are particularly well-versed in recognizing red flags."

Serving on a board is a big job, Harned said. Business strategy and expansion, risks, and enforcement frequently take priority. Board members are aware of the importance of an ethical corporate culture and that it is driven from the top down, but 87% considered culture and engagement a top challenge, according to a Deloitte survey published in 2015. A separate Deloitte study published in 2016 found that just 28% of executives said they understand their organizational culture and 12% thought their company was driving the "right culture."

The problem often starts right in the boardroom. Research from a 2016 survey by the Rock Center for Corporate Governance at Stanford University and The Miles Group suggested that only 46% of board members strongly believe their board tolerates dissent. The same percentage believes that a few directors have an outsize influence on board decisions.

A 2017 Blue Ribbon Commission of the ­National Association of Corporate Directors (NACD) suggested that boards can tackle the challenges. What they need to do is become as disciplined in overseeing corporate culture as they are in overseeing risk management, commission members said.

Of interest is the author’s comment in stressing the importance of ethics is the notation that employees in high-integrity cultures are 67% less likely to observe significant instances of business misconduct compared with employees at companies with low-integrity cultures, according to a 2010 Corporate Executive Board report. And businesses with the best organizational culture earned an average return on assets that was 40% higher than those with the lowest-rated organizational culture, according to a study by Denison Consulting.

READ full article for discussion on:

  • LOOKING FOR RED FLAGS
  • 10 RECOMMENDATIONS THAT DRIVE ORGANIZATIONAL CULTURE

Click link to JOA Article 


URGENT! Update Your Profile!

All members are reminded that the IIC is a GREEN organization, and as such, minimizes all paper mailings. Most communications from the IIC to the membership is via email. Therefore it is imperative that the IIC have your current preferred email address. Please provide ALL changes to both your personal and work email immediately to ensure you received all communications from the IIC, including the e-newsletter, notices of Job Openings, as well as important communications. 

Note that this information will also be used to set up the Members Only Portal on our new website, which will allow members to change their information online. This information will also be used for mailings and invoicing. Click the button below to update your information.




ACFE Releases 2018 Report to the Nations

2018 Global Study on Occupational Fraud and Abuse

The 2018 Report to the Nations on Occupational Fraud and Abuse, released to the public on April 17th by the Association of Certified Fraud Examiners (ACFE( is the largest and most comprehensive study of occupational fraud. The survey was administered to members of the ACFE and explores the costs, schemes, victims, and perpetrators of fraud. CFEs who took part in the study estimate a typical organization loses 5 percent of its annual revenues to fraud. Applied to the estimated 2016 Gross World Product, this figure translates to potential global fraud losses approaching $4 trillion.

The report is based on 2,690 real cases of occupational fraud that collectively caused more than $7 billion in actual damages. The frauds represented in the study were committed against organizations in 125 different countries across 23 major industry categories, ranging from small local businesses to multinational corporations with thousands of employees.

The report focuses on five critical aspects of occupational fraud cases:

1.      the methods used to commit fraud;
2.      how the schemes were detected;
3.      the characteristics of the victim organizations;
4.      the characteristics of the perpetrators; and
5.      the results of cases after the frauds had been detected.

As a service to the profession and public a copy of the report is available both to members and non-members and can be download at the link at the bottom of this article or at the ACFE website (www.acfe.org).

Key findings from the report include:

  • Occupational fraud is extremely costly. Twenty-two percent of occupational frauds caused at least $1 million in losses.
  • Fraud schemes can be very difficult to detect. The typical occupational fraud lasted 16 months before it was discovered.
  • Tips are the most effective way to detect fraud. Forty percent of cases were detected by a tip, far more than by any other method.
  • Anti-fraud controls work. Eighteen anti-fraud controls were analyzed, and every one correlated to lower fraud losses and faster fraud detection.
  • High-level perpetrators do the most damage. The median loss in frauds committed by owners/executives, was $850,000. Among non-owners/executives, the median loss was $100,000.
  • Criminal fraud referrals are declining. Over the past 10 years, the percentage of occupational frauds referred to law enforcement has declined by 16 percent.

Of interest to the internal controls professional, the Report discussed internal controls issues at the victim organization and the effectiveness of anti-fraud controls. The Report noted that the presence of a robust system of anti-fraud controls can be a powerful deterrent, as well as a proactive prevention and detection mechanism, in the fight against fraud. Thus, organizations can benefit from knowing which anti-fraud controls are commonly used by their peers, as well as which tend to be the most effective. To help explore this information, we provided survey respondents with a list of 18 entity-level, anti-fraud controls and asked which, if any, were present at the victim organization at the time the fraud occurred.  80% of the organizations acknowledged that they had a code of conduct and underwent external financial statement audits, while 73% had internal audit departments, and 72% had company management certify the financial statements. On the other end of the spectrum, 19% of organizations had policies requiring job rotation or mandatory vacation, and only 12% provided rewards for whistleblowers

In evaluating the effectiveness of Anti-Fraud Controls the survey sought to compare the losses experienced by the victim organizations that had specific controls in place against the losses experienced by those that had not implemented each control. The results of this analysis are provided in the report and noted that the presence of every control analyzed was correlated with lower fraud losses. For example:

  • Use of proactive data monitoring and analysis and surprise audits were associated with a more than 50% reduction in fraud losses;
  • Duration of fraud schemes based on the presence or absence of each anti-fraud control had a relationship to the duration of the fraud scheme;
  • Data monitoring and analysis and surprise audits were correlated with the most significant reductions in fraud duration; and  
  • As these two controls were also associated with some of the largest loss reductions, the data indicates that they are among the most useful tools in the fight against fraud.

For reference a complete reading of the Report is recommended for the internal controls professional.  Click link below to access the full article.


LINK TO ACFE REPORT to the NATIONS


A Call for Papers and Articles

Mag cover

A key resource for members is the sharing of information among the membership via papers and news articles. Subject matter including techniques for reviewing internal controls, discussion of available tools, case studies, etc. can assist both the new and experienced internal controls auditor/specialist. 

If you would like to submit a paper, article or monograph on any subject matter that may be of interest to the overall membership, we encourage you to do so. You can direct any materials for review directly to the Chairman at chairman@theiic.org.


A Message from the Editor of the IIC e-Newsletter


For first timers, I would like to welcome you to the TheIIC e-Newsletter. In the design of the newsletter, we completed extensive research on how to make the e-newsletter successful. As you can see, the layout is a little different than you see in other e-newsletters. While most e-newsletters only give you a few lines of the article, with a link to the full article, we have decided to present an abstract type summary of each, with a link to the full article, when available. We feel that this allows you to get the substance of the article without having to link to another site. However, we do provide a link for those who want any additional details available. This also provides you with the ability to print out the newsletter and read it at your leisure. 

NOTE that to successfully pass the QUIZ you will need to download some of the articles or reference material via the links provided. 

We encourage any comments or suggestions for improving the e-newsletter. Comments, as well as contributions including manuscripts for publication, should be sent to the Office of the Editor at 
e-newsletter@theiic.org.


Call for Volunteers


As discussed in previous communications from the IIC, we are currently seeking volunteers for the following positions:

  • Organizers to commence operations to start local chapters.

  • Volunteers to present as instructors training courses.

  • Volunteers to develop courses on internal controls, ethics, auditing, etc.

  • Authors and contributors for articles for the upcoming Internal Controls Magazine.

  • Educators and researchers to present articles on research related to internal controls for publication in the upcoming Journal of Internal Controls.

All interested members should contact the Chairman at chairman@theiic.org


Instructions for CPE Quiz

An active member in good standing is eligible to earn one CPE via completion of the quiz below with a passing grade of at least 70%. Click on the button below to take the quiz online. Select the best answer listed for each question, and complete the quiz before the deadline. The CPE quiz will be open for 30 days after publication of The IIC e-Newsletter. The quiz is self-grading and you will know your results immediately. A Certificate of Completion for 1 CPE credit will be emailed to members with a passing grade of 70%.  You may take the CPE quiz multiple times and there is no time limit on the quiz other than the deadline date 30 days from publication. NOTE NO QUIZ WILL BE ACCEPTED AFTER THE DEADLINE LISTED ON THE QUIZ

*NOTE: Quizzes are based on e-Newsletter content as well as information contained in the link to the full article. Links should be opened to read entire article.










 TheIIC e-Newsletter

TheIIC e-Newsletter

Produced by TheIIC Press Division  Fall 2018

No reproduction or redistribution is permitted without prior authorization from TheIIC

email: e-newsletter@theiic.org phone: (856) 982-2410  website: http://www.theiic.org

Powered by Wild Apricot Membership Software