About the SCIIA
What is internal auditing's role in preventing, detecting, and investigating fraud?
Internal auditors support management's efforts to establish a culture that embraces ethics, honesty, and integrity. They assist management with the evaluation of internal controls used to detect or mitigate fraud, evaluate the organization's assessment of fraud risk, and are involved in any fraud investigations.
Although it is management's responsibility to design internal controls to prevent, detect, and mitigate fraud, the internal auditors are the appropriate resource for assessing the effectiveness of what management has implemented. Therefore, depending on directives from management, the board, audit committee, or other governing body, the internal auditors might play a variety of consulting, assurance, collaborative, advisory, oversight, and investigative roles in an organization's fraud management process.
Competent professional internal auditors are highly proficient in techniques used to evaluate internal controls. That proficiency, coupled with their understanding of the indicators of fraud, enables them to assess an organization's fraud risks and advise management of the necessary steps to take when indicators are present.
Prevention
Establishing a culture of integrity is a critical component of fraud control. Executive management must set the tone at the top and model the highest level of integrity. The internal auditors may advise management on methods to ensure integrity and may become involved in communicating or interpreting those methods. They also may help develop training related to integrity policies and fraud.
As a part of their assurance activities, internal auditors watch for potential fraud risks, assess the adequacy of related controls, and make recommendations for improvement. They also can help benchmark statistics related to the probability of occurrence and consequences of fraud.
Detection
Because the internal auditors are exposed to key processes throughout the organization and have open lines of communication with the executive board and staff, they are able to play an important role in fraud detection. In many organizations, the chief audit executive (CAE) is responsible for responding to issues raised on the ethics hotline or through another process that may lead to detection of fraud.
When developing their annual audit plan, the internal auditors consider the organization's assessment of fraud risk, and periodically might make assessments of management's fraud detection capabilities. They design tests that use audit techniques like data mining to ensure the controls in place are effective.
Investigation
Internal audit skills relate to gathering evidence, analysing the breakdown in controls that could enable a fraud, and making recommendations for improvement. And reporting directly to the board or governing body provides the internal auditors with a level of independence and objectivity necessary for them to undertake investigations of a sensitive nature.
Although the internal auditors may either have a direct role in investigating fraud incidents, or act as a resource to those responsible, they generally are not expected to have the expertise of those whose primary responsibility is detecting and investigating fraud.
When the internal auditors have the primary responsibility for fraud they must have the key competencies for this work - typically obtained through specialized training and related experiences. They also may be certified as fraud or forensic investigators.
References: IIA Professional Practices Framework: Practice Advisories on Fraud
Source: http://www.theiia.org/theiia/about-the-profession/internal-audit-faqs/?i=3087
- back to About the SCIIA