Managing fraud risk: The audit committee perspective

The audit committee guide series

Effective audit committees are critical to the quality of nancial reporting and the proper conduct of business. This guide is one of a series that is meant to help audit committees meet their oversight and duciary responsibilities.
Trent Gazzaway, National Managing Partner of Audit Services

Contents 2 Denitions 4 Fighting corporate fraud 6 The external auditors responsibilities 11 The internal auditors responsibilities 12 Investigating known fraud 13 The audit committees oversight approach 17 Grant Thorntons forensic accounting, fraud and investigations services 20 Suggested reading 21 Grant Thornton LLP ofces

The audit committee guide series has been adapted from The Audit Committee Handbook, Fifth Edition, published by John Wiley & Sons and available for purchase at www.GrantThornton.com/ACHandbook and through major online booksellers and bookstores nationwide.

In the aftermath of corporate scandals and the passage of the Sarbanes-Oxley Act of 2002 (SOX), the audit committee is vested with greater authority to oversee nancial reporting and the appropriation of assets. As a result, the audit committee is responsible for adequate supervision and reporting and for responding to: fraud in a nancial statement audit; actual, perceived or potential conicts of interest; anonymous tips and complaints; and through interaction with general counsel, compliance matters such as those that relate to the Foreign Corrupt Practices Act (FCPA).

How will nancial reform impact your company? The regulatory landscape is changing for companies and their audit committees. Go to www.GrantThornton.com/FinancialReform to review Grant Thorntons outline of key nancial reform issues and actions you can take to guide your company through them: Financial reform: What public companies and their audit committees need to know about the Dodd-Frank Act. Visit our Audit Committee Resource Center at www.GrantThornton.com/AuditCommittees for relevant and timely information that companies and their audit committees need to know.

Managing fraud risk: The audit committee perspective 1

Denitions

With different industry denitions and viewpoints, fraud can be a tough issue for audit committee members to grasp for oversight purposes. The Institute of Internal Auditors (IIA), the American Institute of Certied Public Accountants (AICPA) and the Association of Certied Fraud Examiners (ACFE) collaborated in 2008 on landmark guidance that denes fraud. Fraud is any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain.1 Separately, the IIA has dened fraud as: [a]ny illegal acts characterized by deceit, concealment or violation of trust. These acts are not dependent upon the application of threat of violence or of physical force. Frauds are perpetrated by individuals and organizations to obtain money, property or services; to avoid payment or loss of services; or to secure personal or business advantages.2 Overseeing fraud management efforts is further complicated by frauds differing look and impact in various situations. The chameleonlike nature of fraud requires a customized response to the highest-risk areas of individual and organizational fraud. Efforts to mitigate the risk of defalcation, for example, may differ from efforts to counter the risk of management fraud.

Institute of Internal Auditors, American Institute of Certied Public Accountants and Association of Certied Fraud Examiners, Managing the Business Risk of Fraud: A Practical Guide (2008), 5 Institute of Internal Auditors, The Professional Practices Framework (Altamonte Springs, FL: IIA, 2009)

2 Managing fraud risk: The audit committee perspective

Fraud in a nancial statement audit

From the auditors perspective, the Auditing Standards Board of the AICPA describes fraud in this way: Fraud is a broad legal concept and auditors do not make legal determinations of whether fraud has occurred. Rather, the auditors interest specically relates to acts that result in a material misstatement of the nancial statements. The primary factor that distinguishes fraud from error is whether the underlying action that results in the misstatement of the nancial statements is intentional or unintentional. For purposes of the Statement, fraud is an intentional act that results in a material misstatement in nancial statements that are the subject of an audit.3 Misstatements can arise from fraudulent nancial reporting and/or from misappropriation of assets (sometimes referred to as theft or defalcation). The Auditing Standards Board denes misstatements, and describes the types of misstatements that anti-fraud measures are intended to mitigate, as follows: Misstatements arising from fraudulent nancial reporting are intentional misstatements or omissions of amounts or disclosures in nancial statements designed to deceive nancial statement users where the effect causes the nancial statements not to be presented, in all material respects, in conformity with generally accepted accounting principles (GAAP). Fraudulent nancial reporting may be accomplished by the following: Manipulation, falsication or alteration of accounting records or supporting documents from which nancial statements are prepared Misrepresentation in or intentional omission from the nancial statements of events, transactions or other signicant information Intentional misapplication of accounting principles relating to amounts, classication, manner of presentation or disclosure 4 Misstatements arising from misappropriation of assets involve the theft of an entitys assets where the effect of the theft causes the nancial statements not to be presented, in all material respects, in conformity with GAAP. Misappropriation of assets can be accomplished in various ways, including embezzling receipts, stealing assets, or causing an entity to pay for goods or services that have not been received. 5
3

4 5

Statement on Auditing Standards No. 99, Consideration of Fraud in a Financial Statement Audit (New York: AICPA, 2002), par. 5 Ibid., par. 6 Ibid. Managing fraud risk: The audit committee perspective 3

Fighting corporate fraud

The legal obligations of audit committee members have intensied because their standard duty of care and loyalty to the entity has increased in light of management fraud activities. This heightened obligation is linked directly to the 2002 passage of SOX, which raised the bar of regulatory expectations with regard to board responsibilities for preventing fraud especially management fraud. Since top executives perpetrate management fraud, their processes are generally sophisticated. Therefore, audit committee members must rely on the professional expertise of external and internal auditors, legal counsel and special investigators when investigating management fraud. To support anti-fraud efforts, the IIA, AICPA and ACFE issued Managing the Business Risk of Fraud: A Practical Guide, which provides guidance to the board, senior management and internal auditors in their ght against corporate fraud. The guidance outlines ve key principles that organizations can follow to establish an environment that will help effectively manage fraud risk: 1. As part of an organizations governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk. 2. Fraud risk exposure should be assessed periodically by the organization to identify potential schemes and events that the organization needs to mitigate.

4 Managing fraud risk: The audit committee perspective

3. Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization. 4. Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized. 5. A reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely.6

Institute of Internal Auditors, American Institute of Certied Public Accountants and Association of Certied Fraud Examiners, Managing the Business Risk of Fraud: A Practical Guide (2008), 6

Managing fraud risk: The audit committee perspective 5

The external auditors responsibilities

The external auditor is a key member of the fraud management team, and Statement on Auditing Standards No. 99, Consideration of Fraud in a Financial Statement Audit (SAS 99), provides external auditors with revised and expanded guidelines on considering fraud risk. Under SAS 99, external auditors are not only responsible for planning and performing the audit to obtain reasonable assurance about whether the nancial statements are free of material misstatement, whether caused by error or fraud, but are also required to consider fraud throughout the audit. The standard covers two types of material fraud: (1) fraudulent nancial reporting involving intentional material misstatements or omissions of material amounts or disclosures in the nancial statements; and (2) misappropriation of assets involving the theft of an entitys assets. SAS 99 requires external auditors to: gather information necessary to identify the risks of material misstatements, identify risks of material misstatements, assess identied risks, respond to the results of the assessment, evaluate audit evidence, communicate any evidence of fraud to interested parties, and document the auditors consideration of fraud.7

Statement on Auditing Standards No. 99, Consideration of Fraud in a Financial Statement Audit (New York: AICPA, 2002), par. 2. For further reference, see Carmichael, Douglas R., The Auditors New Guide to Errors, Irregularities and Illegal Acts, Journal of Accountancy 166, No. 3 (September 1988): 4048.

6 Managing fraud risk: The audit committee perspective

Identifying a risk of material misstatement due to fraud requires auditors to use professional judgment and to consider the attributes8 of the risk, including: type whether the risk involves fraudulent nancial reporting or misappropriation of assets; signicance whether the risk could lead to a possible material misstatement of the nancial statements; likelihood the probability that the risk will result in a material misstatement in the nancial statements; and pervasiveness whether the risk affects the nancial statements as a whole or is related specically to a particular assertion, account or class of transactions. External auditors have a responsibility not only for detecting fraud in a nancial statement audit but also for detecting illegal acts by client companies, as dened by the Auditing Standards Board: The term illegal acts, for purposes of this Statement, refers to violations of laws or governmental regulations. Illegal acts by clients are acts attributable to the entity whose nancial statements are under audit or acts by management or employees acting on behalf of the entity. Illegal acts by clients do not include personal misconduct by the entitys personnel unrelated to their business activities.9

8 9

Ibid., pars. 3840 Statement on Auditing Standards No. 54, Illegal Acts by Clients (New York: AICPA, 1988), par. 2. For further discussion, see Neebes, Donald L.; Guy, Dan M.; and Whittington, O. Ray, Illegal Acts: What Are the Auditors Responsibilities? Journal of Accountancy 171, No. 1 (January 1991): 8284, 86, 88, 9093.

Managing fraud risk: The audit committee perspective 7

Although the external auditor may recognize that the client has committed an illegal act, the auditor should consult with legal counsel or await a court ruling, depending on the circumstances, for a determination of illegality. Listed in Exhibit 1, however, are some warning signs that may indicate possible illegal acts.
Exhibit 1: Warning signals of possible illegal acts10 Unauthorized transactions, improperly recorded transactions, or transactions not recorded in a complete or timely manner in order to maintain accountability for assets Investigation by a governmental agency, an enforcement proceeding, or payment of unusual nes or penalties Violations of laws or regulations cited in reports of examinations by regulatory agencies that have been made available to the auditor Large payments for unspecied services to consultants, afliates, or employees Sales commissions or agents fees that appear excessive in relation to those normally paid by the client or to the services actually received Unusually large payments in cash, purchases of bank cashiers checks in large amounts payable to bearer, transfers to numbered bank accounts, or similar transactions Unexplained payments made to government ofcials or employees Failure to le tax returns or pay government duties or similar fees that are common to the entitys industry or the nature of its business

10

Ibid., par. 9

8 Managing fraud risk: The audit committee perspective

The external auditors examination is not a guarantee that fraud does not exist. The audit committee should obtain reasonable assurance from the external auditors that management has taken the necessary actions to protect the assets of the entity. This requires the audit committee to determine, through inquiries of the audit partner, the auditors alertness to the possibility of fraud. Guiding the audit committee in these efforts are the time-tested warning signals of fraud issued by the AICPAs standing committee on methods, perpetration and detection of fraud (Exhibit 2).
Exhibit 2: Warning signals of the possible existence of fraud11 1. Highly domineering senior management and one or more of the following, or similar, conditions are present: An ineffective board of directors and/or audit committee. Indications of management override of signicant internal accounting controls. Compensation or signicant stock options tied to reported performance or to a specic transaction over which senior management has actual or implied control. Indications of personal nancial difculties of senior management. Proxy contests involving control of the company or senior managements continuance, compensation, or status. 2. Deterioration of quality of earnings evidenced by: Decline in the volume or quality of sales (e.g., increased credit risk or sales at or below cost). Signicant changes in business practices. Excessive interest by senior management in the earnings per share effect of accounting alternatives. Business conditions that may create unusual pressures: Inadequate working capital. Little exibility in debt restrictions such as working capital ratios and limitations on additional borrowings.

3.

11

American Institute of Certied Public Accountants, CPA Letter 59, No. 5 (March 12, 1979), 4 Managing fraud risk: The audit committee perspective 9

Rapid expansion of a product or business line markedly in excess of industry averages. A major investment of the companys resources in an industry noted for rapid change, such as a high technology industry.

4.

A complex corporate structure where the complexity does not appear to be warranted by the companys operations or size. Widely dispersed business locations accompanied by highly decentralized management with inadequate responsibility reporting system. Understafng which appears to require certain employees to work unusual hours, to forego vacations, and/or to put in substantial overtime. High turnover rate in key nancial positions such as treasurer or controller. Frequent change of auditors or legal counsel. Known material weaknesses in internal control which could practically be corrected but remain uncorrected, such as: Access to computer equipment or electronic data entry devices is not adequately controlled. Incompatible duties remain combined.

5.

6.

7. 8. 9.

10. Material transactions with related parties exist or there are transactions that may involve conicts of interest. 11. Premature announcements of operating results or future (positive) expectations. 12. Analytical review procedures disclosing signicant uctuations which cannot be reasonably explained, for example: Material account balances. Financial or operational interrelationships. Physical inventory variances. Inventory turnover rates. 13. Large or unusual transactions, particularly at year-end, with material effect on earnings. 14. Unusually large payments in relation to services provided in the ordinary course of business by lawyers, consultants, agents, and others (including employees). 15. Difculty in obtaining audit evidence with respect to: Unusual or unexplained entries. Incomplete or missing documentation and/or authorization. Alterations in documentation or accounts. 16. In the performance of an examination of nancial statements unforeseen problems are encountered, for instance: Client pressures to complete audit in an unusually short time or under difcult conditions. Sudden delay situations. Evasive or unreasonable responses of management to audit inquiries.
10 Managing fraud risk: The audit committee perspective

The internal auditors responsibilities

Working closely with the audit committee, the internal audit function plays an important role in contributing to the overall governance of a fraud risk management program. It provides objective assurance to the board and management that the controls in place to manage fraud risks are designed adequately and operate effectively. Internal auditors may conduct proactive audits to search for corruption, misappropriation of assets and nancial statement fraud acting both to detect and to deter fraud. As described in AU 316.86, other dual-purpose activities include determining whether: appropriate authorization policies for transactions are established and maintained; policies, practices, procedures, reports and other mechanisms are developed to monitor activities and safeguard assets, particularly in high-risk areas; and recommendations need to be made for establishing or enhancing cost-effective controls to help deter fraud.

Managing fraud risk: The audit committee perspective 11

Investigating known fraud12

Organizations should have a designated chief compliance ofcer that oversees fraud investigations. However, the audit committee may, from time to time, wish to engage special investigators and/or external auditors to aid in investigations. The audit committee should oversee the efforts of all internal and external parties to an investigation to ensure proper coordination among them. In particular, the audit committee should ensure that: the suspect has not been notied of the present investigation; all documents and electronic data are immediately secured; the investigation has been properly planned in advance and will be conducted expeditiously to prevent its obstruction; all corporate transactions involving the suspect and the methods used to perpetrate the fraud have been properly investigated and documented; the existence of possible collusion has been carefully considered; the dollar amount of the defalcation has been properly ascertained and the funds have been recovered; and any legal action, if appropriate, has been taken against the perpetrator(s).

12

For further reference, see Causey, Denzil Y., The CPA Guide to Whistle Blowing, CPA Journal 58, No. 8 (August 1988): 2637. See also Williams, Timothy L. and Albrecht, W. Steve, Understanding Reactions to Fraud, Internal Auditor 47, No. 4 (August 1990): 4551. The reader should review Section 806, which deals with whistleblowing protection for employees.

12 Managing fraud risk: The audit committee perspective

The audit committees oversight approach

As part of overseeing the audit process, fullling SAS 99 requirements and maintaining good governance, audit committees need to report to the full board of directors any indications of possible illegal acts or fraud and managements actions to remedy them. A review of fraud risk areas requires adequate planning; therefore, audit committee members must be familiar with the entitys: business model and industry, business risks and internal control environment, policies and procedures for detecting fraud and illegal acts, accounting industry practices, complex business transactions and signicant contracts, and nancial reporting process. Likewise, audit committees need to review the following: The operational characteristics of the entity and the vulnerability of the industry to changing economic conditions and competitive pressures13 Managements risk assessment process and related internal controls Managements policies and procedures with respect to the following: Conict-of-interest statements Corporate code of conduct Laws and regulations Management override of controls

13

Such a review would usually include recent annual and interim nancial statements, SEC lings (1O-Qs and 10-Ks), annual proxy statements, the entitys website, and analytical review procedures (e.g., absolute data comparison, nancial ratio data). In addition, an evaluation of management integrity would include biographical information on senior executives and nancial management.

Managing fraud risk: The audit committee perspective 13

 Industry accounting practices, with particular emphasis on the appropriateness of accounting principles Complex business transactions (e.g., restructuring charges) Financial reporting process at the individual nancial account and transaction class level Internal and external communication processes Internal and external auditing processes Document-retention program Whistleblower process In addition, the audit committee members must know what questions to ask with respect to the auditors assessment of fraud risk and their response to the overall audit approach. Exhibit 3 provides questions that audit committees can ask during pre-audit meetings to set objectives and implementation measures related to fraud prevention and detection. For post-audit meetings, Exhibit 4 lists some representative questions dealing with fraud detection, illegal acts and internal control breakdowns identied during the audit engagement.

14 Managing fraud risk: The audit committee perspective

Exhibit 3: Representative questions for the pre-audit meeting fraud risk planning To what extent can the planned audit scope be relied on to detect fraud? What steps were taken by the audit engagement team in assessing the likelihood that fraud, which may affect nancial information, may be occurring? Inquiries of management and employees other than management Observations with regard to preliminary analytical procedures, including procedures related to revenue recognition (i.e., unusual and unexpected results) Consideration of fraud risk factors relative to fraudulent nancial reporting and misappropriation of assets (incentives/pressures, opportunities, and attitudes/rationalizations) Consideration of other information (e.g., integrity of management) Identication of fraud risks, including type of risk, signicance, likelihood and pervasiveness Assessment of identied fraud risks and consideration of the entitys programs and controls to prevent, detect and mitigate fraud Response to fraud risk assessment in the overall audit approach, including the nature, timing and extent of audit procedures as well as additional procedures related to management override of controls What areas will be emphasized in response to the heightened likelihood of fraud? What areas require special attention by the audit committee (e.g., SOXs corporate and criminal fraud accountability provision, including record retention and destruction procedures as well as whistleblower protection)? Were there any allegations of unethical behavior in the nancial reporting process?

Managing fraud risk: The audit committee perspective 15

Exhibit 4: Representative questions for the post-audit meeting fraud risk areas To what extent did the actual scope of the fraud risk audit ndings differ from the pre-audit plan? What were the causes for the difference? Did management restrict the scope of the audit or access to requested information? Were there disagreements with management on accounting policies and practices, including estimates and assumptions? What recommendations were made to management to improve the system of internal control? What assessment was given to the entitys policies and procedures for detecting conicts of interest (e.g., related-party transactions) and management override of controls, including directives of the board of directors? Were there any incidents of noncompliance with laws and regulations, including SOX provisions? Were there any incidents of noncompliance with the corporate code of conduct? What were the accounting treatments with respect to complex transactions, unusual transactions and material contracts? Were there any proposed accounting adjustments, including immaterial uncorrected adjustments?

In their review of the nancial statements, audit committees should request a fraud risk assessment at the nancial-account and transaction level and be alert to breakdowns in the system of internal controls. Finally, audit committees should be concerned with material audit adjustments, immaterial uncorrected misstatements including aggressive versus conservative accounting policies and any changes in accounting principles and potential illegal acts such as FCPA violations. To meet heightened legal obligations, audit committee members must be prepared to dig deep into the many aspects of an entitys fraud risk management program, providing adequate oversight and ensuring its effectiveness. But audit committee members are not alone in their efforts. With front-line support from a team of fraud experts including external and internal auditors, special investigators, and legal counsel and knowledge of the right questions and the warning signs, audit committee members can more fully meet their obligations to oversee nancial reporting and the appropriation of assets.
16 Managing fraud risk: The audit committee perspective

Grant Thorntons forensic accounting, fraud and investigations services

Todays white-collar criminals are sophisticated, using advanced technology and schemes to commit complex frauds. Fighting state-of-the-art criminal fraud requires state-of-the-art investigators and technologies. Grant Thorntons professionals are experienced in identifying and evaluating fraud risks, designing controls to deter them, and monitoring compliance. We also develop and implement corporate integrity programs, perform antifraud training, prepare corrective action plans, monitor antifraud internal control compliance systems, and conduct whistleblower investigations for public, private, governmental and nonprot enterprises. Our proprietary Model Accounting Complaint Handling (MACHSM) process maximizes the effectiveness and accountability of corporate whistleblower claim systems. Our diverse forensics accounting team is made up of CPA auditors and tax professionals, certied fraud examiners, certied anti-money laundering specialists and certied electronic data discovery technologists. They are trained to uncover such corporate crimes as fraud, insider trading, bribery, embezzlement, money laundering, tax scams and forgery. We identify, acquire, analyze and report nancial and economic evidence to help parties determine a disputed amount or prove a claim.

Managing fraud risk: The audit committee perspective 17

If you suspect wrongdoing in your company, Grant Thorntons forensic accounting professionals can address your areas of concern and provide real, cost-effective and timely solutions to rapidly contain the situation.
Our services include:

Forensic accounting Fraud investigation Fraud prevention and deterrence Whistleblowers complaints Asset tracing Forensic due diligence Fraud assessment and controls

Anti-corruption Anti-money laundering and Foreign Corrupt Practices Act (FCPA) compliance Compliance monitoring False Claims Act investigations Background investigations

Contacts Larry Redler

Warren Stippich

National Managing Partner of Economic Advisory Services T 816.412.2426 E Larry.Redler@gt.com

Partner and National Governance, Risk and Compliance Solution Leader T 312.602.8499 E Warren.Stippich@gt.com

18 Managing fraud risk: The audit committee perspective

Subscribe to Grant Thornton publications at www.GrantThornton.com/Subscribe Receive relevant white papers and timely updates on industry issues and the regulatory environment. CorporateGovernor white paper series Ensure your public company is run well and in accordance with applicable laws and regulations. Explore a range of topics from fraud prevention and detection to nancial reporting control and SOX compliance: Fraud in the economic recovery As companies pick up the pieces following a bruising bout of the economic blues, they need to be on the lookout for fraud. From heightened fraud risk to due diligence strategies for companies purchasing distressed assets, this CorporateGovernor white paper provides a sound overview of fraud prevention in todays economic environment.

Enterprise risk management: Creating value in a volatile economy discusses why implementing an enterprise risk management (ERM) program can benet companies in a down economy and how ERM can help enhance business strategy.

Hear that whistle blowing! Establishing an effective complaint-handling process addresses an important mandate of the Sarbanes-Oxley Act: the requirement that audit committees establish procedures for receiving, documenting and handling complaints related to accounting and auditing matters.

Timely updates Tailored to management, boards and audit committees of mid-cap public companies, these updates help you stay abreast of issues that affect the marketplace and your business. Information overload: How to make data analytics work for the internal audit function Learn how your internal audit department can effectively use data analytics to add value to your organization.

Conict-of-interest internal audit What is the conict-of-interest internal audit and why is it important to organizations?

Managing fraud risk: The audit committee perspective 19

Suggested reading

The Audit Committee Handbook, Fifth Edition (Wiley, 2010, ISBN: 978-0-470-56048-8, U.S. $95.00).

The Audit Committee Handbook is co-authored by Grant Thornton LLP audit committee experts R. Trent Gazzaway, national managing partner of Audit Services, and Robert H. Colson, partner in Public Policy and External Affairs, along with Louis Braiotta Jr., professor of accounting at SUNY Binghamtons School of Management, and Sridhar Ramamoorti, principal at Infogix Advisory Services. The Audit Committee Handbook provides practical, in-depth guidance on all audit committee functions, duties and responsibilities. This latest edition features regulatory updates, new chapters on audit planning and oversight, heightened focus on fraud risk, and broad international coverage. The Audit Committee Handbook is available at www.GrantThornton.com/ACHandbook and through major online booksellers and bookstores nationwide.
The Anti-Corruption Handbook: How to Protect Your Business in the Global Marketplace (Wiley, 2010, ISBN: 978-0-470-61309-2, U.S. $75.00)

Todays demanding marketplace expects CFOs, auditors, compliance ofcers and forensic accountants to take responsibility for fraud detection. These expectations are buoyed by such legislation as the Foreign Corrupt Practices Act, which makes it a crime for any U.S. entity or individual to obtain or retain business by paying bribes to foreign government ofcials. Written by William P. Olsen, the national practice leader of Forensics, Litigation and Investigation Services at Grant Thornton LLP, The Anti-Corruption Handbook provides guidelines addressing the challenges of maintaining business integrity in the global marketplace.

20 Managing fraud risk: The audit committee perspective

Grant Thornton LLP ofces

National Ofce 175 West Jackson Boulevard Chicago, IL 60604 312.856.0200 National Tax Ofce 1900 M Street, NW, Suite 300 Washington, DC 20036 202.296.7800 Arizona Phoenix California Irvine Los Angeles Sacramento San Diego San Francisco San Jose Woodland Hills Colorado Denver Florida Fort Lauderdale Miami Orlando Tampa Georgia Atlanta

Kansas Wichita Maryland Baltimore

316.265.3231

Oklahoma Oklahoma City Tulsa Oregon Portland Pennsylvania Philadelphia

405.218.2800 918.877.0800

410.685.4000

Massachusetts Boston 617.723.7900 Michigan Detroit Minnesota Minneapolis Missouri Kansas City St. Louis Nevada Reno New Jersey Edison

503.222.3562

215.561.4200

248.262.1950

602.474.3400

South Carolina Columbia 803.231.3100 Texas Austin Dallas Houston San Antonio Utah Salt Lake City Virginia Alexandria McLean Washington Seattle

612.332.0001

949.553.1600 213.627.1717 916.449.3991 858.704.8000 415.986.3900 408.275.9000 818.936.5100

816.412.2400 314.735.2200

512.391.6821 214.561.2300 832.476.3600 210.881.1800

775.786.1520

801.415.1000

732.516.5500

303.813.4000 New York Long Island Downtown Midtown 631.249.6001 212.422.1000 212.599.0100

703.837.4400 703.847.7500

954.768.9900 305.341.8040 407.481.5100 813.229.7201

206.623.1121

404.330.2000

North Carolina Charlotte 704.632.3500 Greensboro 336.271.3900 Raleigh 919.881.2700 Ohio Cincinnati Cleveland

Washington, D.C. Washington, D.C. 202.296.7800 Wisconsin Appleton Milwaukee

Illinois Chicago 312.856.0200 Oakbrook Terrace 630.873.2500

920.968.6700 414.289.8200

513.762.5000 216.771.1400

Managing fraud risk: The audit committee perspective 21

 Grant Thornton LLP All rights reserved U.S. member rm of Grant Thornton International Ltd The people in the independent rms of Grant Thornton International Ltd provide personalized attention and the highest quality service to public and private clients in more than 100 countries. Grant Thornton LLP is the U.S. member rm of Grant Thornton International Ltd, one of the six global audit, tax and advisory organizations. Grant Thornton International Ltd and its member rms are not a worldwide partnership, as each member rm is a separate and distinct legal entity. In the U.S., visit Grant Thornton LLP at www.GrantThornton.com.