Internal Audit Fraud Consideration Checklist

Retrieving information that might point towards fraud risks requires significant judgment and requires knowing where and how to direct inquiries. You might consider speaking with operating personnel who could corroborate or add perspective to any claims made by others.

Inquiries may involve asking for procedures such as monitoring inventory counts at unexpected locations unannouncedly, or counting cash at the end of every period to reduce risk from inappropriate manipulation.

1. Identifying Fraud Risks

Start by identifying which types of fraud internal auditors need to keep an eye out for, using what we call ‘thinking like a fraudster’: can someone exploit your organization’s processes or bypass controls in order to commit fraud?

An audit engagement should always consider fraud as part of its objective. Auditors should keep an eye out for signs that a scheme might involve incomplete or inaccurate disclosures or concealment of material misstatements.

Audits should include an assessment of how fraud could occur and the potential risk associated with material misstatements. To achieve this goal, one should carefully consider both potential effects of fraud as well as whether their internal control system effectively mitigates them.

When expenses seem to always end in even numbers or with similar amounts, this could be an indicator of fraudulent activity.

2. Identifying Fraud Mitigation Strategies

Fraud prevention may never be fully realized, but businesses can take steps to substantially lower the chances of fraudulent transactions by employing strong risk assessment and mitigation strategies and anti-fraud technologies. By doing this they can minimize chargebacks, increase revenue streams, strengthen user account security, enhance customer satisfaction and build brand trust.

Internal auditors must also be able to identify the most effective fraud deterrence mechanisms by assessing whether internal control structures can effectively address all three elements of the Fraud Triangle. For example, segregating cash register receipt tally functions from deposit functions and record keeping functions can ensure that one person cannot alter transactions or conceal fraudulent schemes.

Internal audit can supplement COSO’s 2013 Internal Control — Integrated Framework used for Sarbanes-Oxley (SOX) compliance purposes by applying best practices from other industries or organizations that have demonstrated success at mitigating fraud risks, such as installing systems of checks and balances, requiring multiple approvals for financial transactions, or segregating purchasing and disbursement functions.

3. Performing Fraud Detection

As important as it is to have prevention systems in place, it’s also critical that detection methods be put in place. According to the Association of Certified Fraud Examiners (ACFE), tips are the primary form of fraud detection and account for about 44% of detections. One way of ensuring employees can make reports anonymously is having an open whistleblower hotline which welcomes employee input.

The ACFE states that one of the best ways to avoid fraud is implementing a system for reviewing financial records regularly; however, during periods of economic instability this step is often ignored as managers prioritize business survival over reviewing documents on a regular basis.

Fraudsters often conceal their activity by falsifying paperwork such as shipping documents and disbursement authorizations, while auditors frequently fail to fulfill their responsibility of detecting material misstatements due to fraud when reviewing these transactions. The Commission has seen multiple examples where auditors did not meet their duties to detect material misstatements due to fraud when reviewing these transactions.

4. Performing Fraud Investigation

An internal audit group must establish a process to investigate fraud allegations in accordance with Institute of Internal Auditors standards and to evaluate whether anti-fraud programs within an organization are working effectively.

Fraud investigations typically consist of conducting background checks, evaluating data analysis techniques and interviewing suspects and witnesses. Depending on the circumstances surrounding each investigation, police officers or other outside professionals may also be called upon for assistance.

Fraud examiners must recognize that their work will depend on the effectiveness of your organization’s anti-fraud program and culture, the scope and level of management involvement in audits, as well as responses to fraud risks from within their companies. Auditing standards suggest considering these factors when planning each engagement engagement; then evaluate their effect on your ability to obtain reasonable assurance with adaptable assessment processes that accommodate changing business environments.