Page 32 - IIA MAGAZINE_March 2017_English
P. 32
Fraud Risk
B. Detection of Fraud 1. Taking into consideration the fraud Moreover, an assertion must be
risk when evaluating the control obtained that there is no potential
Detection of fraud is represented in the methods and the determination of the conflict of interests with those who
internal control methods designed to detect necessary audit procedures. Whereas will be investigated or any employee
fraud and misconduct when they occur. internal auditors are not expected to in the organization.
The existence of sufficient and appropriate detect fraud and violations, they are When preparing the plan of the
detective control methods is one of the expected to give reasonable confirma- investigation activities, the team leader
strongest deterrent of fraudulent conduct. tion that the objectives of the business must take the following into consideration:
They are used along with preventive control environment of the operations have • Collect evidence through surveillance,
methods to enhance the effectiveness been achieved. interviews and any documents;
of the fraud risk management program • Document and preserve evidence
through the provision of evidence that the 2. Providing adequate knowledge without violation to any legal rules in
preventive control methods are working as about fraud cases to determine fraud obtaining such evidence;
planned in the detection of fraud that may indicators. This knowledge includes • Determine the scope and extent to
occur. Although the detective controls may awareness of fraud properties and which the organization’s operations are
provide evidence that fraud is occurring, or factors and the techniques used in the affected by the fraud;
has already occurred, they are not designed commission of fraud. • Specify the methods used in the fraud;
to prevent fraud. • Evaluate the reasons of the fraud; and
3. Being ready to any opportunity that • Identify the perpetrators of fraud.
Internal control methods are designed may allow the commission of fraud 2. Reporting on Investigations
to provide evidence and warnings that such as any weakness in the control The form of the report, whether oral
fraud is occurring or has already occurred. methods. If a major deficiency in the or written, whether provisional or
Effective internal control methods are one control methods has been detected, final, and whether submitted to the
of the strongest ways to reduce or prevent additional tests must be conducted Senior Management or to the Board
fraudulent conduct or procedures. The si- by internal auditors to specify fraud of Directors, differs according to the
multaneous use of detective and preventive indicators. investigation findings. A formal written
internal control methods support the fraud report may be issued at the end of
risk management program. Although de- 4. Evaluating fraud indicators and taking the investigation stages, including the
tective controls may provide evidence for any other necessary procedures or reasons for conducting the investigation,
the occurrence of fraud, they do not aim, conducting investigations if needed. the time frame for the investigation,
or are unable, to prevent fraud. and the notes, conclusions and
The auditors auditing cases of fraud must 5. Whistle-blowing and reporting to recommendations necessary to correct
be aware of the basic requirements of the the competent authorities inside the and enhance the control methods. The
detection of fraud. These basic require- organization if a fraud case is detected reporting may be required to be written
ments are: to recommend the conduct of an in a way that secures confidentiality
investigation. of individuals. The requirements of
1. Specification of the fraud risk in the the Board of Directors and executive
organization through the examination C. Response and management must also be taken into
of the control and operational envi- Investigation: account, with compliance with the
ronment to determine the categories legal requirements and the policies and
and methods of fraud; Response and investigation are represented procedures of the organization.
in the internal control designed to take Internal auditors may participate in
2. Evaluation of fraud risk; a remedial and corrective action for the the following processes as consultants
3. Examination of risks and their occur- damages resulting from the occurrence of through this stage as long as the effect
fraud and misconduct. of these activities on the independence
rence from the perspective of the per- The role of internal audit must be of the internal audit is identified and
petrator of fraud in order to determine determined in the investigation process in appropriately dealt with, which may
what the control methods are and the the internal audit regulations as well as in include all or some of the following:
manipulation methods that cause the the fraud-related policies and procedures. • Providing a document indicating the end
occurrence of fraud; This includes collecting sufficient of investigation for the suspected who
4. Full understanding of fraud indicators information on specific details and were acquitted;
and the data that may include these carrying out these necessary procedures • Punishing employees according to
indicators; and to determine whether fraud is committed, the company standards, labor laws or
5. Readiness for the occurrence of any who was involved and how it happened. employment contracts;
fraud cases as a result of the indicators, One of the most important outputs of • Requesting voluntary financial
as well knowledge of how to search for the investigations is the exclusion of compensations from the employee,
these indicators in the data. innocent people from the circle of doubt client or supplier;
or suspicion. Investigation starts with • Terminating the contracts of the
When these requirements are fulfilled, planning and ends with the issuance of a suppliers involved in the fraud; and
it is easy to deter perpetrators, to inves- report on the findings of the investigation. • Reporting the fraud cases to the
tigate and report the detected cases, and legal and regulatory authorities and
to develop control methods to detect the 1. Investigation Planning cooperating in the investigations
repetition of such cases. A plan for each investigation process that would be conducted by those
The role of internal audit in the detection authorities.
of fraud through the stages of the fraud is set according to the procedures
risk management is as follows: of the organization. The team
leader in charge in the internal
audit department determines the
skills, competencies and knowledge
required for conducting the
investigation procedures through the
identification of suitable individuals
for carrying out the investigation.
MARCH 2017 INTERNAL AUDITOR - MIDDLE EAST 32
