Establishing the internal audit department is part of the organization’s internal control and risk management, which is why the internal audit department exists.
The risks that internal auditors should oversee are limited to internal control, operational risks, compliance risks, financial risks, and the risk of fraud.
In this article, we will discuss the role of an internal auditor in fraud investigation, fraud prevention, and fraud detection in the organization.
Does internal audit responsible for fraud?
Based on International Standard for the professional practice of internal auditing, 1210A—Internal auditors must have sufficient knowledge to evaluate the Risk of Fraud and the manner in which it is managed by the organization but are not expected to have the expertise of a person whose primary responsibilities are detecting and investigating fraud.
Based on this, we are very clear that the Internal Auditor is expected to have and maintain knowledge—qualification, and awareness about the industry, organization, as well as business activities to help them to be able to assess the risks of fraud which could happen in the company.
However, the responsibilities to detect fraud in the company are not the auditor’s primary responsibilities, and they are not required to be an expert in this area. The risk of fraud is still primarily responsible for management.
However, 2120.A2 stated that the audit activity must evaluate the potential for fraud and how the organization manages fraud risk.
This means internal audit has to have the proper risk assessment in what areas that the risk of fraud is likely to happen.
At this point, the internal audit also has responsibilities for fraud risk, but the responsibilities are indirect.
The gaps of misunderstanding among shareholders, the public, management, and audit about the roles of internal audit related to fraud are still big, and there are many debates about this.
For example, when there is fraud in an organization, there will be questions from the shareholders, management, and the public about the internal audit doing?
Why are the frauds not detected by them?
Internal Audit is independent of the operation of an external auditor, and the main responsibilities for fraud are still with management. Fraud is an action that intentionally commits by people, and it isn’t easy to detect.
Moreover, its management is the one who committed that fraud, and it’s hard for both external and internal auditors to control and detect.
To avoid these Responsibilities, any audit engagements must clearly define the internal audit role of the fraud so that the confusion may be minimized.
The auditor might need to have properly met and explained to them verbally before going into a formal agreement.
Hopefully, this article provides you with more understanding of the role and responsibilities of internal auditors related to fraud in the organization.
How does an internal auditor Help an Entity Prevent Fraud?
An internal auditor is a key player in helping an entity prevent fraud. The internal auditor can evaluate an entity’s internal controls and use data analytics to identify anomalies that may indicate fraudulent activities.
They can also provide training on identifying and preventing fraud. Internal auditors are trained in financial processes, so they can understand the financial systems and recognize suspicious transactions or trends more easily than people without such a background.
Additionally, they can look at processes holistically to gain insight into potential vulnerabilities that could be exploited by those committing fraud.
In a nutshell, an internal auditor’s role is to assess the effectiveness of the internal controls put in place by management and help them identify areas where improvements may be needed. This helps reduce the risk of financial losses due to fraudulent activities.
Who Should Internal Auditors Report to When They Detect Fraud?
When it comes to detecting fraud, internal auditors have an important responsibility. Their job is to report any potential or existing instances of fraudulent activity.
But who should the internal auditor report to when they detect fraud? In most cases, the answer is simple: the audit committee.
The audit committee is a board-level committee that oversees the organization’s financial reporting and controls.
When an auditor discovers evidence of fraud, they must alert the audit committee so that appropriate action can be taken.
The audit committee will then assess the extent of damage caused by the fraud and develop an appropriate response plan.
In certain circumstances, however, internal auditors may also need to report their findings directly to regulators or law enforcement if there are legal implications associated with the fraud.
If this is necessary, it’s best practice for auditors to coordinate any external contacts with their organization’s counsel for guidance on proceeding in compliance with applicable laws and regulations.
Overall, internal auditors need to stay aware of their organizations’ responsibilities regarding fraud detection and reporting.
By understanding who should be informed of any fraud-related issue, internal auditors can ensure that proper protocols are followed and fraudulent activity can be addressed promptly.
