This practice guide summary will discuss how Internal audit can add value to the organization through its role in helping to deter and identify fraud. Fraud results in negative financial, reputational, psychological, and social effects on an organization. To minimize the risk associated with fraud it is important for organizations to have a strong fraud program that includes awareness, prevention, and detection programs.
Fraud Awareness
Fraud schemes are often ongoing and can last for months or years. Employees commit fraud when they have access to confidential information and internal controls are inadequate or management can override controls without question.
Most frauds have the following characteristics:
- Pressure or incentive – need the fraudster is trying to satisfy by committing the fraud.
- Opportunity – the fraudster’s ability to commit the fraud.
- Rationalization – the fraudster’s ability to justify the fraud in his or her mind.
There are often red flags to indicate individuals might be committing fraud such as spending lavishly, becoming more secretive of their activities, and reluctance to take vacation or sick time. While none of these red flags means an employee is actually committing fraud, a combination of occurrences may indicate the need for inquiries and increased audit attention.
Internal Audit’s Role
The following Standards relate to internal audit’s responsibilities related to fraud detection:
- Due Professional Care (Standard 1220)
- Risk Management (Standard 2120)
- Engagement Objectives (Standard 2210)
There are various ways the internal audit function can consider fraud in its activities including:
- Auditing management’s controls over fraud
- Auditing to detect likely fraud by testing high-risk processes
- Considering fraud as part of every audit
- Consulting assignments to help management identify, assess risk and determine the adequacy of the control environment
Internal audit’s main fraud responsibilities during an engagement include:
- Consider fraud risks in the assessment of internal control design and determination of audit procedures
- Identify red flags
- Be alert to fraud opportunities
- Evaluate if management is retaining responsibility for oversight of the fraud risk management program
- Recommend investigation when appropriate
Tests performed by internal audit increase the likelihood of detection of fraud indicators providing opportunities for further testing.
Fraud Risk Assessment
Fraud risk assessment is a critical component or an organization’s enterprise risk management program. Fraud risk assessment can help identify where and how fraud may occur and who may be in a position to commit fraud.
There are five key steps to fraud risk assessment:
- Identify relevant fraud risk factors
- Identify potential fraud schemes and prioritize them based on risk
- Map existing controls to potential fraud schemes and identify gaps
- Test operating effectiveness of fraud prevention and detection controls
- Document and report the fraud risk assessment
Fraud Prevention and Detection
Organizations can never eliminate the risk of fraud but they can increase the chances of preventing or detecting fraud. Combined use of preventive and detective internal controls enhances the effectiveness of a fraud risk management program.
Instilling a strong ethical culture, setting the correct tone at the top, providing fraud training, and establishing effective internal controls are essential elements in preventing fraud. Organizations detect fraud through employee tips, surprise audits, continuous monitoring of critical data and assessment of trends to identify unusual situations.
Fraud Investigation
Fraud Investigations occur when there is a suspicion of wrongdoing. Suspicions can result from a formal complaint process, informal complaint process such as tips, or an audit. Most fraud is uncovered via tips from a third party. In addition to having the means for people to report suspected fraud or abuse, the organization must encourage reporting and have an effective means to conduct the investigation.
Steps of the investigation include:
- Gathering evidence
- Documenting and preserving evidence
- Determining the extent of the fraud
- Determining the techniques used to perpetrate the fraud
- Evaluating the cause of the fraud
- Identifying the perpetrators
- Reporting results
- Analysis of lessons learned
Conclusion
Implementation of a fraud prevention and detection program is key to reducing the opportunities and uncovering fraud within an organization. This includes activities such as, providing means for reporting suspicions, raising fraud awareness, training in red flags, and ongoing monitoring via inclusion of fraud objectives in internal audits.
McKonly & Asbury is available for consultation on this or other Internal Audit matters. Please do not hesitate to contact, Elaine Nissley, MBA, CISA, PMP, CRISC, Principal, in charge of the Risk Management Services group. ENissley@macpas.com.
[1] The Practice Guide – Internal Auditing and Fraud is located at http://www.theiia.org/guidance/standards-and-guidance/ippf/practice-guides/internal-auditing-and-fraud-1/
.jpg){kind=logo}
.jpg){kind=logo}
.jpg){kind=logo}
.jpg){kind=logo}
.jpg){kind=logo}
.jpg){kind=logo}
It is great that people are able to take the loan and that opens new chances.
Posted by: FrazierMolly29 | 12/01/2011 at 08:17 PM