Page 606 - ITGC_Audit Guides
P. 606
GTAG — The CAE’s Role in Addressing IT Fraud
18. Does management have the appropriate skill sets in
place to perform IT fraud investigations? What to Include in a Fraud
19. Do management and internal auditing periodically Investigation Policy
assess the effectiveness and efficiency of IT fraud
controls? 1. How and when to start a fraud investigation.
20. Are IT fraud investigation working papers and supporting 2. Documentation requirements for
the fraud investigation.
documents appropriately secured and retained? 3. How to select the investigation team.
4. The process for adding experts to the team.
5. How to assess, evaluate, and
mitigate internal controls.
6. How and when to elevate investigations.
7. Consistency and uniformity to be sure
all offenses are treated the same.
8. Guidance on how far the organization
is willing to pursue an investigation.
9. Communication channels to use before,
during, and after the investigation.
10. Guidelines on the extent of recovery
efforts to be conducted.
17
