Thank You!

You are attempting to access subscriber-restricted content.

Are You Ready to Experience Everything Internal Auditor (Ia) Has to Offer?

​Where Were the Internal Auditors?

When it comes to managing fraud risk, practitioners need to make their presence known.

Comments Views

​Most internal auditors dread hearing management ask, “Where were the auditors?” — particularly when it relates to fraud. The moment fraudulent activity is uncovered, organizational stakeholders often blame the auditors even before holding perpetrators accountable. As a result, auditors can find themselves on the defensive and fail to engage in valuable activities such as consulting — they lack trust and fear reprisal in the event of any unforeseen fraud or operational errors in the areas for which they provided services. So rather than covering their organizations against fraud, internal auditors frequently seek to cover their backs. It is time for that to change.

Clinging to a fear-based approach represents a disservice to the organization and its stakeholders, depriving them of internal audit’s expertise and assurance. Auditors need to help ensure systems are established throughout the organization to manage fraud risks effectively. They can accomplish that by addressing several areas.

First, internal auditors need to partner with the board and management to fraud-proof their organizations. Developing relationships with these stakeholders is critical to identifying potential risks, as they possess key information regarding where those risks may lie. Additionally, practitioners need to share their knowledge and ensure stakeholders have the benefit of internal audit’s unique purview of the organization. 

They also must help ensure anti-fraud controls are strong and robust. Auditors play an important role in assessing the effectiveness of key anti-fraud controls, such as the presence of an effective code of conduct, whistleblowing system, and external audit selection and oversight process. Auditors should proactively diagnose process weaknesses; they should also push for the implementation of preventive automated controls. 

Furthermore, auditors must take governance considerations into account. They should conduct a governance audit with a specific focus on conflicts of interest, segregation of duties, and related-party transactions. They also should audit culture and provide recommendations that can help align the organization’s value system with the behaviors of all stakeholders. Moreover, conducting a thorough assessment of nomination and remuneration policies can enhance the organization’s ability to hire qualified, ethical board members and executives and help ensure remuneration policies do not incentivize fraud.

Although internal auditors are not responsible for identifying a specific fraud, they may be held accountable for not addressing foundational weaknesses that can enable and promote fraud within the organization. Helping to fortify anti-fraud controls and ensure the organization constructs processes with the potential for fraud in mind is essential to organizational health. Once auditors address fraud risk effectively, they can answer the question “Where were the auditors?” with a simple reply: “We were here all along.”  

Mohamad Kaissi
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.

About the Author

 

 

Mohamad A. KaissiMohamad A. Kaissi<p>​Mohamad A. Kaissi, CIA, CRMA, CFE, CAMS, is a consultant and training services provider and former chief audit executive for Banque Misr Liban in Beirut.<br></p>https://iaonline.theiia.org/authors/Pages/Mohamad-A.-Kaissi.aspx

 

Comment on this article

comments powered by Disqus
  • IIA-Canada-Conference-June-2021-Premium-1
  • AuditBoard-June-2021-Premium-2
  • GRC-June-2021-Premium-3

 

 

Thanks, We Already Know Thathttps://iaonline.theiia.org/blogs/jacka/2020/Pages/Thanks-We-Already-Know-That.aspxThanks, We Already Know That
U.S. SEC: Environmental, Social, and Governance Risks Better Be on Your Radarhttps://iaonline.theiia.org/blogs/chambers/2021/Pages/US-SEC-Environmental-Social-and-Governance-Risks-Better-Be-on-Your-Radar.aspxU.S. SEC: Environmental, Social, and Governance Risks Better Be on Your Radar
Six Data Privacy Predictions for 2020https://iaonline.theiia.org/blogs/Jim-Pelletier/2020/Pages/Six-Data-Privacy-Predictions-for-2020.aspxSix Data Privacy Predictions for 2020
Public Servants Are Vital to Defeating COVID-19https://iaonline.theiia.org/blogs/chambers/2020/Pages/Public-Servants-Are-Vital-to-Defeating-COVID-19.aspxPublic Servants Are Vital to Defeating COVID-19