The Institute of Internal Auditors wants more organizations to put in place anti-fraud controls and decide on the role that internal audit will play.
In a new position paper, “
Ideally fraud investigations should be conducted by people who are experienced in undertaking such assignments. It’s essential that any fraud investigation be carried by qualified experts to reduce the risk of compromising evidence, accusing someone wrongfully, or undermining any future legal action.
The IIA believes every organization should have an anti-fraud response plan laying out the main policies and investigation methods. The plan should define the role of internal auditors when fraud is suspected and internal controls fail.
Boards of directors and other governing bodies should ask their organizations five important questions:
- Does the organization have a fraud response plan in place that outlines key policies and investigation methodologies?
- Who carries out fraud investigations within the organization?
- Is internal audit tasked with identifying where fraud risk is present, and does it audit controls in these areas?
- When fraud has occurred, does internal audit investigate to understand how the controls failed and how they can be improved?
- Is internal audit tasked to investigate fraud, and, if so, does it possess the proper skill sets to carry out such investigations?
"The threat of fraud is one of the most common challenges to governance that organizations face without regard to size, industry or location," said the paper. "Having proper internal control procedures in place that include an appropriate response plan is fundamental to battling fraud. Internal audit possesses intimate control knowledge of the organization. A combined assurance approach is key in this regard to understand the gaps in controls to allow for the manifestation of fraud."
