Every year billions of dollars are lost due to fraud and corruption resulting in inefficiencies, aborted projects, financial challenges, organizational failure, and, in extreme cases, humanitarian disaster. In fact, often fraud occurs because of poorly designed controls and weak governance undermining the organization’s processes.
Organizations should have robust internal control procedures to limit the risk of fraud, and internal audit’s role is to assess these controls.
Fundamental fraud facts
Fraud can be defined as any illegal act characterized by deceit, concealment, or violation of trust. Fraud is not unique to any organization type. The opportunity to commit fraud exists everywhere. It hinders performance, wastes money and scarce resources, and inflicts damages on the organization, its reputation and its competitiveness. This damage is not restricted to financial losses, but it may take other forms as well. It could be a loss in the organization’s performance, its reputation and credibility, and the trust of its investors.
How organizations deal with the risk of fraud may be influenced by legal jurisdiction and the organization’s own risk assessment and appetite. Consistent with the International Standards for the Professional Practice of Internal Auditing on proficiency, internal auditors must have sufficient knowledge to evaluate risk of fraud and the manner in which it is managed by the organization. Internal auditors should not investigate fraud unless they have the specific experience and expertise required to do so.
The Institute of Internal Auditors’ Perspective
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. Managing fraud risk is something every organization faces. Governing bodies and executive management can help clarify roles in fraud risk management, including internal audit’s role. Its role includes detecting, preventing, and monitoring fraud risks and addressing those risks in audits and investigations. The internal auditor should not be expected to have the expertise of a person whose primary responsibility is to investigate fraud. Such investigations are best carried out by those experienced to undertake such assignments. The organization should have a suitable anti-fraud response plan outlining key policies and investigation methodologies. The plan should make clear the role of internal audit when there is suspected fraud and associated control failure.
Many factors, including available resources, influence how organizations respond to fraud. Some organizations include fraud awareness and response mechanisms within the internal audit activity, and some internal auditors may investigate fraud. If internal audit is required to investigate fraud, the internal auditor should have the necessary skills and experience to undertake the investigation and discharge their professional responsibility without jeopardizing the investigation and associated evidence.
Conclusion
Internal auditors typically assess the facts of investigations and advise management relating to remediation of control weakness that lead to fraud. Fraud investigations are best carried out by those experienced to undertake such assignments. Internal audit should support the organization’s anti-fraud management efforts by providing necessary assurance services over internal controls designed to detect and prevent fraud. If circumstances require internal audit to take on an investigatory role, internal auditors should exercise due professional care.
The threat of fraud is one of the most common challenges to governance that organizations face without regard to size, industry, or location. Having proper internal control procedures in place that include an appropriate response plan is fundamental to battling fraud. A combined assurance approach is key in this regard to understand the gaps in controls to allow for the manifestation of fraud.
Source:
Fraud and Internal Audit. (2019, January) IIA Position Paper.
We are committed to keep you updated of all developments that may affect the way you do business in Puerto Rico.
Please contact us for assistance in relation to this or any other matter, we will be glad to assist you.
