I first noticed the faint drum beat around internal auditors reengaging on fraud about a year ago. In recent weeks, the drums have become almost deafening. For example, last week, the South Florida Chapters of The IIA and the Association of Certified Fraud Examiners held a joint full-day conference focused on fraud, and more than 230 local professionals turned out to participate. Later today, The IIA will host a one-hour webcast for North American members on "Taking Fraud Awareness to the Next Level: The Risk Universe, Technology, and Internal Audit's Role." More than 7,000 internal audit professionals have registered for the event — making it the largest single professional development event The IIA has ever hosted.
So what is going on? Is fraud on the rise, or are internal auditors refocusing on this enduring risk after several years of having their attention diverted to U.S. Sarbanes-Oxley Act of 2002 compliance and financial control assurance? The answer is probably both. There is little doubt that the current economic crisis creates greater financial pressures on management, employees, and vendors. Such pressures have historically given rise to greater fraud risks. However, it is also true that fraud has not been viewed by internal auditors as a risk not warranting the levels of coverage traditionally seen. So in many respects, "everything old is new again," and internal auditors are reengaging in fraud prevention, detection, and investigation.
Last month, The IIA hosted a roundtable of chief audit executives (CAEs) from leading North American companies to explore internal auditing's role in fraud prevention and detection. The participants agreed that fraud risks are increasing in the current economy. Some fraud schemes that roundtable participants believe are on the rise are:
- Technology fraud.
- Cyber security.
- Industrial espionage.
- Intellectual property theft.
- Strategic fraud.
- Leakage of mergers and acquisition intelligence.
- Check schemes.
- Vendor and contract fraud.
- Bid fixing.
- Fraud related to employee benefit programs.
Last December The IIA published an excellent Practice Guide titled Internal Auditing and Fraud. This guide discusses fraud and provides general guidance to help internal auditors comply with professional standards. To help organizations and internal auditors combat fraud, the guide discusses:
- Fraud awareness (e.g., reasons for and examples of fraud and potential fraud indicators).
- Fraud roles and responsibilities.
- Internal audit responsibilities during audit engagements (e.g., execution responsibilities and communicating with the board).
- Fraud risk assessment (e.g., identifying relevant fraud risk factors and mapping existing controls to potential fraud schemes and identifying gaps).
- Fraud prevention and detection.
- Fraud investigation.
- Forming an opinion on internal controls related to fraud.
The guide also includes reference material, questions to consider, and a fraud risk assessment template.
Additionally, a companion Global Technology Audit Guide (GTAG) was published on Fraud Prevention and Detection in an Automated World (PDF). And The IIA's latest Knowledge Alert,
Emerging Trends in Fraud Risks (PDF) (AEC member access only) provides CAEs and other internal auditors with thought-leadership pertaining to the role of internal auditors in fraud risk management. These valuable resources are available at no cost to IIA members by following the links embedded in the titles above.
In the coming weeks and months, we will continue to focus on this important topic. In the meantime, I encourage you to share your thoughts on internal auditing's role in fraud prevention and detection, as well as specific fraud schemes/risks that you believe are on the rise.