Internal Audit’s Role:  Fraud and Reputation Risks

Now there is more pressure than ever on executive management and internal auditors to mitigate corporate fraud and misconduct.  Job security can be at risk for internal audit directors when they don’t develop an antifraud action plan and fail to address stakeholders’ expectations.

Management can be liable for two types of misconduct – failing to have sufficient internal controls and the offense itself.  The increased concern for fraud prevention is easily understood in light of the billions at stake due to fraud.

Companies have changed their management of fraud from a compliance-driven approach to proactive prevention.  New regulations place stronger emphasis on the COSO control framework.

Even though senior management most likely has direct antifraud responsibility, internal auditors are likely to be given the operational responsibility for fraud monitoring.  Also, internal audit is typically the one to lead an investigation of any reported violations.

The general role of internal auditors will most likely include the following jobs:

• helping management build an auditable antifraud program,
• assessing fraud and reputation risks,
• merging antifraud control activity to fraud risks that have been identified,
• monitoring and testing the effectiveness of antifraud programs,
• auditing fraud,
• coordinating investigations of suspected fraud,
• leading remediation efforts,

• communicating to audit committee on organization’s efforts to manage fraud.

A good antifraud plan consists of 10 steps for the internal auditor:

• anticipate questions and develop responses,
• evaluate existing controls and antifraud programs,
• engage management and audit committee in antifraud effort to create positive tone at the top,
• provide fraud expertise within audit,
• coordinate a fraud/reputation-risk evaluation,
• link control activities with the fraud they are designed to mitigate,
• monitor the effectiveness of internal controls,
• redesign audit plan to include fraud auditing,
• develop process for the communication of allegations or suspicions of fraud,

• learn from fraud incidents to improve internal controls and prevent reoccurrence.

Internal auditors can clearly bring value to an organization by following the steps above.  When fraud is reduced, an organization improves profitability and easily makes up for the costs of stringent antifraud programs.