Question

The Institute of Internal Auditors (IIA) has taken many proactive steps to educate professionals on how to detect fraud. What is the IIA all about? How is it going to help us detect fraud?

Answer 1

SOLUTION

IIA focuses on proficiency & due professional care to be taken by internal Auditors while conducting internal audit.

Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud.

Further as per IIA Standard 1220 on Due professional care

Internal auditors must exercise due professional care by considering the following.

1)Extent of work needed to achieve the engagement’s objectives.

2)Related complexity, materiality, or significance of matters to which assurance procedures are applied.

3)Adequacy and effectiveness of governance, risk management, and control processes.

4)Probability of significant errors, fraud, or noncompliance.

5)Cost of assurance in relation to potential benefits

Fraud detection is an art of always applying questioning mind i.e Professional Skeptisism.

Detective controls are designed to provide warnings or evidence that fraud is occurring or has occurred. Effective internal controls are one of the strongest deterrents to fraudulent behavior and fraudulent actions. Simultaneous use of preventive and detective internal controls enhances any fraud risk management program’s effectiveness. Although detective internal controls may provide evidence that fraud exists, detective internal controls are not intended to prevent fraud

Fraud detection methods need to be flexible, adaptable, and continuously changing to meet the changes in the risk environment

An effective way for an organization to learn about existing fraud is to provide employees, suppliers, and other stakeholders with a variety of methods for reporting their concerns about illegal or unethical behavior. Ways to collect this information include:

1)Code of conduct confirmation — When employees sign an annual code of conduct outlining their responsibilities in the prevention and detection of fraud, they can be asked to report any known violations.

2)Whistleblower hotline — This can take the form of a telephone hotline or Web-based reporting system where the whistleblower can remain anonymous.

3)Exit interviews — Conducting exit interviews of terminated employees or those who have resigned can help identify fraud schemes. They may also help determine whether there are issues regarding management’s integrity, and may provide information regarding conditions conducive to fraud.

4)Proactive employee survey — Routine employee surveys can be conducted to solicit employee knowledge of fraud and unethical behavior within the organization. A proactive survey could elicit anonymous information from employees, which would aid organizations in catching fraud sooner than if they wait for employees to volunteer such information

Other methods for fraud detection include surprise audits in high fraud risk areas by either internal auditing, external  auditing, or management; continuous monitoring of critical data and related trends to identify unusual situations or variances.