Page 31 - IIA MAGAZINE_March 2017_English
P. 31
Fraud Risk
The Deloitte study showed the overall structure of the fraud risk management in the following graph:
Diagnose Detect gaps in Recommend Continuous or Develop Fraud Investigate cases
vulnerability to fraud anti-fraud controls Mitigating Antifraud Periodic Monitoring Response Plan of alleged fraud
• Evaluate the current • Evaluate management’s Controls • Enable continuous • Develop a fraud • Assist in the
status and effectiveness existing fraud risk monitoring of controls using response plan to address investigation of cases of
of the organization’s anti- management framework • Recommend technology; and/or cases of alleged or alleged or confirmed fraud
fraud control environment to detect potential gaps of enhancement of existing confirmed fraud within the organization
- this involves assessing antifraud controls in the controls or mitigating • Perform forensic data
the culture, attitude, and processes antifraud controls for analytics of transactions • Investigate cases of • Incorporate identified
awareness amongst implementation, based on periodically at the process alleged or confirmed fraud fraud risks and schemes
employees about their • Establish fraud risk ‘antifraud control’ gaps level to alert Management into fraud risk management
knowledge of and response profiles by analysis and detected of fraud signals framework based on
to any issues of fraud or ranking of fraud risks (as findings from investigation
misconduct high/ medium/ low) against
existing anti-fraud controls Investigate cases of alleged
fraud (RESPOND)
Tools Employees’ Ethics Survey Fraud Risk Management Recommend mitigating Forensic data analytics Develop Fraud Response
(DIAGNOSE) Tool (DETECT) anti-fraud Controls (DETECT) Plan (RESPOND)
(RESPOND)
Another KPMG Study specified the control methods in every stage of the fraud risk management,
which the internal auditors must ensure their effectiveness in the organization:
Prevention Detection Response
Board/audit committee oversight
• Code of conduct and related standards Executive and line management functions • Internal investigation protocols
• Employee and third-party due diligence Internal audit, compliance, and monitoring functions • Enforcement and accountability protocols
• Communication and training • Disclosure protocols
• Process-specific fraud risk controls • Hotlines and whistle-blower • Remedial action protocols
• Proactive forensic data analysis • Auditing and monitoring
• Retrospective forensic data analysis
From this point, the role of internal audit Internal Audit Systems in organizations, the effectiveness of the design and
is reviewed in each stage of the fraud risk along with their potential exposures performance of the fraud-related
management as follows: to violations, transgression and non- control methods, ensuring that the
compliance inside the organization. Thus, audit plans and programs specify the
OA.ccRuerdruecntcioenoof fFtrhaeud: internal auditors must take the following residual risks under the integration
factors into consideration: of fraud auditing procedures with
Reduction of the occurrence of fraud • Control Environment: Evaluation auditing the possible variations of
is internal control methods designed laws, rules and regulations and their
to reduce the occurrence of fraud risk of the aspects of the control effect on the control methods.
and misconduct. Despite the efforts of environment, conduct of auditing • Information and Communication:
organizations to reduce fraud, there is an procedures for proactive fraud plans, Evaluation of the effectiveness of the
inescapable reality, which is the occurrence conduct of necessary investigations, communication system operation, with
of fraud, due to the fraud and misconduct reporting on the audit of fraud cases, the provision of the necessary support
committed at different levels of the and provision of necessary support to fraud-related training initiatives.
organization. Therefore, it is necessary for corrective actions. In some cases, • Follow-Up Activities: Evaluation of
to have proper preventive and detective internal auditors may have hotlines to the control over software, conduct
methods. report any cases or suspicions of fraud. of investigations, support to the
The Professional Practices issued by the • Fraud Risk Evaluation: Evaluation of Audit Committee in supervising the
Institute of Internal Auditors explained fraud risk management, in particular fraud-related issues, support to the
the role of internal auditors in helping the management’s actions to identify, development of the identification of
organizations to reduce the fraud risk evaluate and test potential fraud plans fraud indicators, employment and
through the examination and evaluation and misconduct, including those training of employees to enable them
of the sufficiency and effectiveness of the involving suppliers and other parties. to conduct auditing of fraud and
• Control Activities: Evaluation of investigations with adequate expertise.
31 INTERNAL AUDITOR - MIDDLE EAST MARCH 2017
