Establishing the internal audit department is part of internal control and risk management in the organization, which is why the internal audit department exists. The risks that internal auditors should oversee are limited to internal control, operational risks, compliance risks, financial risks, and the risk of fraud.
In this article, we will discuss the role of an internal auditor in fraud investigation, fraud prevention, and fraud detection in the organization.
Does internal audit responsible for fraud?
Based on International Standard for the professional practice of internal auditing, 1210A—Internal auditors must have sufficient knowledge to evaluate the Risk of Fraud and the manner in which it is managed by the organization but are not expected to have the expertise of a person whose primary responsibilities are detecting and investigating fraud.
Based on this, we are very clear that the Internal Auditor is expected to have and maintain its knowledge—qualification and awareness about the industry, organization as well as the business activities to help them to be able to assess the risks of fraud which could happen in the company.
However, the responsibilities to detect fraud in the company are not auditor primary responsibilities, and also they do not require to be an expert in this area. The risk of fraud still primarily responsible for management.
However, 2120.A2 stated that the audit activity must evaluate the potential for fraud and how the organization manages fraud risk.
This means internal audit has to have the proper risk assessment in what areas that the risk of fraud is likely to happen.
At this point, the internal audit does also has responsibilities on fraud risk, but the responsibilities are indirect.
The gaps of misunderstanding among shareholders, public, management, and audit about the roles of internal audit-related to fraud still big, and there are many debates about this.
For example, when there is fraud in an organization, there will be questions from the shareholders, management, and the public about the internal audit doing? Why are the frauds not detected by them?
Internal Audit is independent of the operation as an external auditor, and the main responsibilities to fraud are still with management. Fraud is an action that intentionally commits by people, and it isn’t easy to detect.
Moreover, its management is the one who committed that fraud, then it’s hard for both external and internal auditors to control and detect.
To avoid these Responsibilities, any audit engagements must clearly define the internal audit role about the fraud so that the confusion may be minimized.
The auditor might need to have properly met and explained to them verbally before going into a formal agreement.
Hopefully, this article provides you with some more understanding about the role and responsibilities of internal auditors related to fraud that happens in the organization.
In case you have any questions and want us to clarify some points in this article. Please just leave a comment below.