際際滷

際際滷Share a Scribd company logo

12C_Abdelmonem Gabr_MB

Download as pptx, pdf
M
menem1980

The document discusses the role of internal audit in preventing and detecting fraud. It covers topics like corporate governance, the three lines of defense model, fraud risk assessment, and internal audit standards. The objectives are to understand governance tools, the nature of internal audit regarding fraud, and tips for internal auditors to increase fraud awareness and detection.

1 of 37
Downloaded 20 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
The Role of Internal Audit in the Prevention and Detection of Fraud CPE PIN Code: 8232 Abdelmonem Hany Gabr, CIA, CRMA, CFSA Internal Audit Manager Ahli United Bank, Egypt
Presented By: Abdelmonem Hany Gabr, CIA, CRMA, CFSA, CICA Internal Audit Manager Ahli United Bank Egypt The Role of Internal Audit in the Prevention and Detection of Fraud
Our Objectives for Today Understand governance and its tools. Become familiar with theThree Lines of Defense theory. Understand the nature of internal audit and its related standards regarding fraud. Increase the awareness of the importance of internal audit with regards to fraud. Discover new tips for internal auditors.
Agenda Corporate Governance Three Lines of Defense FraudTriangle 2014 Report to the Nations Figures & Indicators A Recent Fraud Case InternalAudit Role in Fraud Detection and Deterrence InternalAudit Role in Fraud Awareness InternalAudit Role in Fraud RiskAssessment Assessing the Effectiveness of a Fraud Program Internal audit role in fraud investigations InternalAudit Standards &Tips for InternalAuditors
Corporate Governance Building Corporate GovernanceERM InternalControl FraudMgt. InternalAudit
Corporate Governance Building Corporate Governance InternalAudit Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Corporate Governance Building Corporate Governance FraudMgt. Although all personnel within the organization have a responsibility to prevent & detect fraud, each organization has to establish a fraud management system in order to lead the process of fraud prevention and detection. The ACFE is the world's largest anti-fraud organization & premier provider of anti-fraud training and education. With more than 75,000 members, the ACFE is reducing business fraud worldwide and inspiring public confidence in the integrity and objectivity within the profession.
Corporate Governance Building Corporate Governance InternalControl Internal control is broadly defined as a process effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of the organizations objectives.
Corporate Governance Building Corporate GovernanceERM Enterprise risk management is a process effected by an entitys board of directors, management, and other personnel. It is applied in a strategy setting and across the enterprise and designed to identify potential events that might affect the entity, to manage risk to be within its risk appetite, and to provide reasonable assurance regarding the achievement of the entitys objectives.
Three Lines of Defence Who is responsible for managing the risks? Who places controls and monitors their performance? Does senior management have a role; where should it be located? What are the differences between internal audit role & external audit role? Do we compete or cooperate?
Three Lines of Defense
Three lines of Defense Role - Fraud Triangle
5/7/2016
2014 Report to the Nations Figures & Indicators 14
15 2014 Report to the Nations Figures & Indicators
2014 Report to the Nations Figures & Indicators 16
2014 Report to the Nations Figures & Indicators 17
2014 Report to the Nations Figures & Indicators 18
A Recent Fraud Case
What Are Internal Audit Roles in Fraud Management? Fraud framework building: Educator Facilitator Assessor Fraud monitoring program Fraud processes assessment: Consultant Assurance Investigation 5/7/2016
Internal Audit Role in Fraud Program Educator The senior management & board of directors have the ultimate responsibility to spread the fraud risk culture & awareness throughout the organization. Internal audit may contribute to any fraud training sessions organized by the management. Internal audit should ensure that contribution in such sessions will not impair or seem to impair the independence & objectivity of the internal audit function. Internal audit might include the review of the fraud awareness activity in the assignments.
Internal Audit Role in Fraud Program Facilitator While the responsibility of fraud management remains with senior management, the internal audit might play a facilitator role in the fraud workshops. As a facilitator, you are requested to encourage the interaction between individuals to enhance the generation of ideas. Internal audit should not make any input to the discussions and ideas generated. The facilitator collecting the ideas generated and submitted to the management. The internal audit should clarify that its role is to facilitate the project and that it has no ownership of responsibilities.
Internal Audit Role in Fraud Program Assessor Once the fraud program is structured, the internal audit may assess the effectiveness of its design. Internal audit may recommend control procedures/criteria to enhance the program and to fill the gaps analyzed. Internal audit should not recommend any specific controls or workflow for the fraud program. Internal audit should not decline managements request to assess the program unless the required technical skills are not maintained by internal audit.
Fraud Risk Assessment 5/7/2016
Internal Audit Role in Fraud Risk Assessment Any organization should perform a fraud risk assessment as part of assessing the risk exposure. The process of assessing the fraud risk follows the same techniques of other risk assessment models. 5/7/2016 The COSO cube illustrates the risk assessment process, which takes many steps, starting with establishing the internal environment to monitoring the results.
Internal Audit Role in Assessing Effectiveness of the Fraud Program Internal audit has to include fraud risks in the scope of each assurance assignment. Moreover, internal audit should schedule an assurance assignment to examine the effectiveness of the fraud program. The scope & objectives of such an assignment depends on the maturity of the organizations fraud program, which varies from initialization to optimization. The evaluation of the fraud risk assessment should take place to assess the design of the fraud program.
Internal Audit Role in Assessing Effectiveness of Fraud Program Internal audit should also assist management by accepting the consulting assignments with regard to the fraud program. The Chief Audit Executive (CAE) should be keen on maintaining the different competencies required to conduct different consultancies. Finally, internal audits report should highlight the red flags where the auditor believes a possibility of fraud exists. 5/7/2016
Internal Audit Roles in Fraud Investigations The CAE has to determine the level of involvement in an investigation. The involvement level depends on the nature of the fraud and the availability of internal audit professionals with related competencies. The CAE should continuously enhance the competencies and capabilities of internal audit individuals through training and professional development. 5/7/2016
Internal Audit Role in Fraud Investigations The internal audit role in fraud investigation should be communicated clearly to senior management & the board of directors. The CAE has to prepare a formal document (Internal Audit Charter), which determines the purpose, authority & responsibility in general. The Charter should include also the role of internal audit with regard to the fraud investigation.
Internal Audit Standards 1210 - Proficiency Internal auditors must possess the knowledge, skills, and other competencies needed to perform their individual responsibilities.The internal audit activity collectively must possess or obtain the knowledge, skills, and other competencies needed to perform its responsibilities. 1210.A2 Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected have the expertise of a person whose primary responsibility is detecting and investigating fraud.
Internal Audit Standards 1220 Due Professional Care Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor. Due professional care does not imply infallibility. 1220.A1 Internal auditors must exercise due professional care by considering the: Extent of work needed to achieve the engagements objectives; Relative complexity, materiality, or significance of matters to which assurance procedures are applied; Adequacy and effectiveness of governance, risk management, and control processes; Probability of significant errors, fraud, or noncompliance; and Cost of assurance in relation to potential benefits.
Internal Audit Standards 2060 Reporting to Senior Management and the Board The chief audit executive must report periodically to senior management and the board on the internal audit activitys purpose, authority, responsibility, and performance relative to its plan. Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board. 2210 Engagement Objectives Objectives must be established for each engagement. 1210.A2 Internal auditors must consider the probability of significant errors, fraud, noncompliance, and other exposures when developing the engagement objectives.
Internal Audit Standards 2120 Risk Management The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. The internal audit activity may gather the information to support this assessment during multiple engagements. 2120.A2 The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk.
Tips for Internal Auditors Do not use the word fraud unless the investigation is over and the fraud is confirmed. Internal audit is not authorized to initiate a fraud investigation; this is a management decision. Internal audit has no direct responsibility to detect or prevent fraud during assignments. Internal audit has a responsibility to detect and highlight the fraud indicator (raise the red flag).
Tips for Internal Auditors The internal audits objective is to add value to the organizations operations through assessing the governance, risk management and internal control. Any suspicion of a fraud occurrence should be reported to the internal audits superior, and more information should be obtained before raising the red flag. The internal auditor may require the assistance of a forensic auditor, or someone with non-audit experience, such as an attorney.
5/7/2016
The Role of Internal Audit in the Prevention and Detection of Fraud CPE PIN Code: 8232 Abdelmonem Hany Gabr, CIA, CRMA, CFSA Internal Audit Manager Ahli United Bank, Egypt
Ad

Recommended

PPTX
Risk based auditing
Tunde Elijah Kelani
PPTX
A Presentation on Risk Based Auditing
Amar Deep Ghimire
PPT
Risk Assessment For Internal Auditors
minkhollow
PDF
Audit of Risk Management Final Report
essbaih
PPT
Internal Control & Risk Management Framework
Treasury Consulting LLP
DOC
Risk Based Audit Training by TOMMY SEAH
Tommy Seah
PDF
Risk based internal auditing
Frederick Altum Pokoo-Aikins
PPTX
Governance, Risk, and Control Knowledge Elements
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
PDF
Proposal risk based internal audit 2013
Nidhi Gupta
PDF
Measuring the impact of Internal Audit
Huzeifa Unwala
PPTX
Risk Management1
Henry H L Lim
PPTX
Ppt on risk based internal audit
AmitaMistry2
PPT
Internal Control COSO
Jes炭s G叩ndara
PDF
Effective Internal Controls (Annotated) by @EricPesik
Eric Pesik
PDF
Auditing activities of microfinance institutions
Frank Kabuye, CPA
PPTX
Risk assessment and internal controls - Internal Audit
Smitesh Bhosale
PPT
Improving and Implementing Internal Controls
Tommy Seah
PPT
Security risk management
brijesh singh
PPT
Internal Audit COSO Framework
Jes炭s G叩ndara
PPTX
Internal audit strategy for non-profits
Debashis Gupta
PPT
ERM Presentation.final
Anna Cuson, CPA, CFE, CRMA, CGMA, CICP, CICA
PPTX
Super Strategies 2014 Risk Strategy Presentation
David Fernandes
PPTX
Entetrprise risk management process
Rabin K. Acharya PhD (MPhil,MBA,MPA,MA)
PDF
Internal controls myths and best practices
Pamela Mantone
PPTX
Internal Auditor Roles
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
PDF
Key considerations for your internal audit plan
essbaih
PPTX
Audit Audit Commite And Risk Management
Manoj Agarwal
PDF
Case Study - Leveraging Risk Management for Future Growth - Published Final Copy
Kevin Fryatt
PDF
The changing role of internal audit
aakash malhotra
PDF
Role of Internal Audit in fraud prevention and detection
Zeeshan Shahid

More Related Content

What's hot (20)

PDF
Proposal risk based internal audit 2013
Nidhi Gupta
PDF
Measuring the impact of Internal Audit
Huzeifa Unwala
PPTX
Risk Management1
Henry H L Lim
PPTX
Ppt on risk based internal audit
AmitaMistry2
PPT
Internal Control COSO
Jes炭s G叩ndara
PDF
Effective Internal Controls (Annotated) by @EricPesik
Eric Pesik
PDF
Auditing activities of microfinance institutions
Frank Kabuye, CPA
PPTX
Risk assessment and internal controls - Internal Audit
Smitesh Bhosale
PPT
Improving and Implementing Internal Controls
Tommy Seah
PPT
Security risk management
brijesh singh
PPT
Internal Audit COSO Framework
Jes炭s G叩ndara
PPTX
Internal audit strategy for non-profits
Debashis Gupta
PPT
ERM Presentation.final
Anna Cuson, CPA, CFE, CRMA, CGMA, CICP, CICA
PPTX
Super Strategies 2014 Risk Strategy Presentation
David Fernandes
PPTX
Entetrprise risk management process
Rabin K. Acharya PhD (MPhil,MBA,MPA,MA)
PDF
Internal controls myths and best practices
Pamela Mantone
PPTX
Internal Auditor Roles
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
PDF
Key considerations for your internal audit plan
essbaih
PPTX
Audit Audit Commite And Risk Management
Manoj Agarwal
PDF
Case Study - Leveraging Risk Management for Future Growth - Published Final Copy
Kevin Fryatt
Proposal risk based internal audit 2013
Nidhi Gupta
Measuring the impact of Internal Audit
Huzeifa Unwala
Risk Management1
Henry H L Lim
Ppt on risk based internal audit
AmitaMistry2
Internal Control COSO
Jes炭s G叩ndara
Effective Internal Controls (Annotated) by @EricPesik
Eric Pesik
Auditing activities of microfinance institutions
Frank Kabuye, CPA
Risk assessment and internal controls - Internal Audit
Smitesh Bhosale
Improving and Implementing Internal Controls
Tommy Seah
Security risk management
brijesh singh
Internal Audit COSO Framework
Jes炭s G叩ndara
Internal audit strategy for non-profits
Debashis Gupta
ERM Presentation.final
Anna Cuson, CPA, CFE, CRMA, CGMA, CICP, CICA
Super Strategies 2014 Risk Strategy Presentation
David Fernandes
Entetrprise risk management process
Rabin K. Acharya PhD (MPhil,MBA,MPA,MA)
Internal controls myths and best practices
Pamela Mantone
Internal Auditor Roles
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
Key considerations for your internal audit plan
essbaih
Audit Audit Commite And Risk Management
Manoj Agarwal
Case Study - Leveraging Risk Management for Future Growth - Published Final Copy
Kevin Fryatt

Similar to 12C_Abdelmonem Gabr_MB (20)

PDF
The changing role of internal audit
aakash malhotra
PDF
Role of Internal Audit in fraud prevention and detection
Zeeshan Shahid
PDF
Internal auditing for one & all (second edition)
Mohammad Wahid Abdullah Khan
PPT
A Paradigm Shift in Audit Process
Padmapriya V
PDF
1. 油油Internal auditors support managements efforts to establish a.pdf
ankkitextailes
PPT
際際滷 cia course fraud
M Iffan Fanani
PPTX
The Role of Internal Audit Department
SALIH AHMED ISLAM
PPTX
CIA part 1 essentials of internal auditing
ariundalai1
PDF
Internal Control
Salih Islam
PPTX
Internal audits role in compliance
Salih Islam
PPTX
ACCA-IIA Singapore Seminar 2015 part 2 fraud risk governance
BillyCheuk
PPTX
Internal control and internal audit presentation for bank
Mohammad Halim Stanikzai
PDF
Internal control
SALIH AHMED ISLAM
PPT
Internal Audit : an independent service to evaluate an organisation's.ppt
SrabanAhmedMasum
PPTX
Effective oversight role of audit committees
Kabelo Mabokela
PPT
10 intaud
Kirrti Karrta
PPT
Fraud Awareness For Managers
rickycfe
PDF
Principles of Auditing and Other Assurance Services 20th Edition Whittington ...
hottasbalkar
PDF
Chapter 7
EasyStudy3
PDF
Chapter 7
EasyStudy3
The changing role of internal audit
aakash malhotra
Role of Internal Audit in fraud prevention and detection
Zeeshan Shahid
Internal auditing for one & all (second edition)
Mohammad Wahid Abdullah Khan
A Paradigm Shift in Audit Process
Padmapriya V
1. 油油Internal auditors support managements efforts to establish a.pdf
ankkitextailes
際際滷 cia course fraud
M Iffan Fanani
The Role of Internal Audit Department
SALIH AHMED ISLAM
CIA part 1 essentials of internal auditing
ariundalai1
Internal Control
Salih Islam
Internal audits role in compliance
Salih Islam
ACCA-IIA Singapore Seminar 2015 part 2 fraud risk governance
BillyCheuk
Internal control and internal audit presentation for bank
Mohammad Halim Stanikzai
Internal control
SALIH AHMED ISLAM
Internal Audit : an independent service to evaluate an organisation's.ppt
SrabanAhmedMasum
Effective oversight role of audit committees
Kabelo Mabokela
10 intaud
Kirrti Karrta
Fraud Awareness For Managers
rickycfe
Principles of Auditing and Other Assurance Services 20th Edition Whittington ...
hottasbalkar
Chapter 7
EasyStudy3
Chapter 7
EasyStudy3
Ad

12C_Abdelmonem Gabr_MB

  • 1. The Role of Internal Audit in the Prevention and Detection of Fraud CPE PIN Code: 8232 Abdelmonem Hany Gabr, CIA, CRMA, CFSA Internal Audit Manager Ahli United Bank, Egypt
  • 2. Presented By: Abdelmonem Hany Gabr, CIA, CRMA, CFSA, CICA Internal Audit Manager Ahli United Bank Egypt The Role of Internal Audit in the Prevention and Detection of Fraud
  • 3. Our Objectives for Today Understand governance and its tools. Become familiar with theThree Lines of Defense theory. Understand the nature of internal audit and its related standards regarding fraud. Increase the awareness of the importance of internal audit with regards to fraud. Discover new tips for internal auditors.
  • 4. Agenda Corporate Governance Three Lines of Defense FraudTriangle 2014 Report to the Nations Figures & Indicators A Recent Fraud Case InternalAudit Role in Fraud Detection and Deterrence InternalAudit Role in Fraud Awareness InternalAudit Role in Fraud RiskAssessment Assessing the Effectiveness of a Fraud Program Internal audit role in fraud investigations InternalAudit Standards &Tips for InternalAuditors
  • 5. Corporate Governance Building Corporate GovernanceERM InternalControl FraudMgt. InternalAudit
  • 6. Corporate Governance Building Corporate Governance InternalAudit Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
  • 7. Corporate Governance Building Corporate Governance FraudMgt. Although all personnel within the organization have a responsibility to prevent & detect fraud, each organization has to establish a fraud management system in order to lead the process of fraud prevention and detection. The ACFE is the world's largest anti-fraud organization & premier provider of anti-fraud training and education. With more than 75,000 members, the ACFE is reducing business fraud worldwide and inspiring public confidence in the integrity and objectivity within the profession.
  • 8. Corporate Governance Building Corporate Governance InternalControl Internal control is broadly defined as a process effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of the organizations objectives.
  • 9. Corporate Governance Building Corporate GovernanceERM Enterprise risk management is a process effected by an entitys board of directors, management, and other personnel. It is applied in a strategy setting and across the enterprise and designed to identify potential events that might affect the entity, to manage risk to be within its risk appetite, and to provide reasonable assurance regarding the achievement of the entitys objectives.
  • 10. Three Lines of Defence Who is responsible for managing the risks? Who places controls and monitors their performance? Does senior management have a role; where should it be located? What are the differences between internal audit role & external audit role? Do we compete or cooperate?
  • 11. Three Lines of Defense
  • 12. Three lines of Defense Role - Fraud Triangle
  • 14. 2014 Report to the Nations Figures & Indicators 14
  • 15. 15 2014 Report to the Nations Figures & Indicators
  • 16. 2014 Report to the Nations Figures & Indicators 16
  • 17. 2014 Report to the Nations Figures & Indicators 17
  • 18. 2014 Report to the Nations Figures & Indicators 18
  • 20. What Are Internal Audit Roles in Fraud Management? Fraud framework building: Educator Facilitator Assessor Fraud monitoring program Fraud processes assessment: Consultant Assurance Investigation 5/7/2016
  • 21. Internal Audit Role in Fraud Program Educator The senior management & board of directors have the ultimate responsibility to spread the fraud risk culture & awareness throughout the organization. Internal audit may contribute to any fraud training sessions organized by the management. Internal audit should ensure that contribution in such sessions will not impair or seem to impair the independence & objectivity of the internal audit function. Internal audit might include the review of the fraud awareness activity in the assignments.
  • 22. Internal Audit Role in Fraud Program Facilitator While the responsibility of fraud management remains with senior management, the internal audit might play a facilitator role in the fraud workshops. As a facilitator, you are requested to encourage the interaction between individuals to enhance the generation of ideas. Internal audit should not make any input to the discussions and ideas generated. The facilitator collecting the ideas generated and submitted to the management. The internal audit should clarify that its role is to facilitate the project and that it has no ownership of responsibilities.
  • 23. Internal Audit Role in Fraud Program Assessor Once the fraud program is structured, the internal audit may assess the effectiveness of its design. Internal audit may recommend control procedures/criteria to enhance the program and to fill the gaps analyzed. Internal audit should not recommend any specific controls or workflow for the fraud program. Internal audit should not decline managements request to assess the program unless the required technical skills are not maintained by internal audit.
  • 25. Internal Audit Role in Fraud Risk Assessment Any organization should perform a fraud risk assessment as part of assessing the risk exposure. The process of assessing the fraud risk follows the same techniques of other risk assessment models. 5/7/2016 The COSO cube illustrates the risk assessment process, which takes many steps, starting with establishing the internal environment to monitoring the results.
  • 26. Internal Audit Role in Assessing Effectiveness of the Fraud Program Internal audit has to include fraud risks in the scope of each assurance assignment. Moreover, internal audit should schedule an assurance assignment to examine the effectiveness of the fraud program. The scope & objectives of such an assignment depends on the maturity of the organizations fraud program, which varies from initialization to optimization. The evaluation of the fraud risk assessment should take place to assess the design of the fraud program.
  • 27. Internal Audit Role in Assessing Effectiveness of Fraud Program Internal audit should also assist management by accepting the consulting assignments with regard to the fraud program. The Chief Audit Executive (CAE) should be keen on maintaining the different competencies required to conduct different consultancies. Finally, internal audits report should highlight the red flags where the auditor believes a possibility of fraud exists. 5/7/2016
  • 28. Internal Audit Roles in Fraud Investigations The CAE has to determine the level of involvement in an investigation. The involvement level depends on the nature of the fraud and the availability of internal audit professionals with related competencies. The CAE should continuously enhance the competencies and capabilities of internal audit individuals through training and professional development. 5/7/2016
  • 29. Internal Audit Role in Fraud Investigations The internal audit role in fraud investigation should be communicated clearly to senior management & the board of directors. The CAE has to prepare a formal document (Internal Audit Charter), which determines the purpose, authority & responsibility in general. The Charter should include also the role of internal audit with regard to the fraud investigation.
  • 30. Internal Audit Standards 1210 - Proficiency Internal auditors must possess the knowledge, skills, and other competencies needed to perform their individual responsibilities.The internal audit activity collectively must possess or obtain the knowledge, skills, and other competencies needed to perform its responsibilities. 1210.A2 Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected have the expertise of a person whose primary responsibility is detecting and investigating fraud.
  • 31. Internal Audit Standards 1220 Due Professional Care Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor. Due professional care does not imply infallibility. 1220.A1 Internal auditors must exercise due professional care by considering the: Extent of work needed to achieve the engagements objectives; Relative complexity, materiality, or significance of matters to which assurance procedures are applied; Adequacy and effectiveness of governance, risk management, and control processes; Probability of significant errors, fraud, or noncompliance; and Cost of assurance in relation to potential benefits.
  • 32. Internal Audit Standards 2060 Reporting to Senior Management and the Board The chief audit executive must report periodically to senior management and the board on the internal audit activitys purpose, authority, responsibility, and performance relative to its plan. Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board. 2210 Engagement Objectives Objectives must be established for each engagement. 1210.A2 Internal auditors must consider the probability of significant errors, fraud, noncompliance, and other exposures when developing the engagement objectives.
  • 33. Internal Audit Standards 2120 Risk Management The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. The internal audit activity may gather the information to support this assessment during multiple engagements. 2120.A2 The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk.
  • 34. Tips for Internal Auditors Do not use the word fraud unless the investigation is over and the fraud is confirmed. Internal audit is not authorized to initiate a fraud investigation; this is a management decision. Internal audit has no direct responsibility to detect or prevent fraud during assignments. Internal audit has a responsibility to detect and highlight the fraud indicator (raise the red flag).
  • 35. Tips for Internal Auditors The internal audits objective is to add value to the organizations operations through assessing the governance, risk management and internal control. Any suspicion of a fraud occurrence should be reported to the internal audits superior, and more information should be obtained before raising the red flag. The internal auditor may require the assistance of a forensic auditor, or someone with non-audit experience, such as an attorney.
  • 37. The Role of Internal Audit in the Prevention and Detection of Fraud CPE PIN Code: 8232 Abdelmonem Hany Gabr, CIA, CRMA, CFSA Internal Audit Manager Ahli United Bank, Egypt

Editor's Notes

  • #15: We asked survey respondents what they thought were the primary internal control weaknesses that contributed to the frauds they had investigated. As noted in Figure 39, in nearly one-third of the cases, the victim organization lacked the appropriate internal controls to prevent the fraud, which reinforces the importance of targeted anti-fraud controls. A lack of controls played an even bigger role in those cases affecting small businesses; this was attributed as the primary weakness at more than 41% of cases at organizations with fewer than 100 employees. Additionally, according to the CFEs who participated in our study, one-fifth of the reported cases could have been prevented if managers had done a sufficient job of reviewing transactions, accounts or processes.
  • #16: Sorting departments based on median loss shows that the largest frauds are committed by executives and upper management (see Figure 67). This is not surprising because this group tends to have the highest authority within an organization. Among the seven departments that each accounted for at least 5% of cases, the finance department caused the second-highest median loss, followed by purchasing, accounting, operations, sales and customer service.
  • #17: Although the process of recovering the losses from a fraud can go on for years after a fraud examination is complete, we asked respondents to provide the percentage of the loss that the victim organization had recovered at the time of the survey. No recovery has been the most common response in past surveys, and this year we saw a substantial increase in this number. In 58% of cases reported in 2014, the victim organizations have seen no losses recovered, compared to 49% in 2012. At the time of our survey, only 14% of victim organizations had made a full recovery.
  • #18: As Figure 11 demonstrates, tips are consistently the most common detection method for cases of occupational fraud by a significant margin, which has been an observed trend since we first began tracking this data in 2002. Management review and internal audit follow tips, which was also true for the 2010 and 2012 Reports.
  • #19: Large and small organizations often allocate resources differently for anti-fraud measures (see Figure 27), and the distribution of detection methods at these two types of organizations also varies. Small organizations (those with fewer than 100 employees) differed most from large organizations in the percentage of cases detected by tip (34.2% and 45.1%, respectively) and internal audit (9.8% and 16.5%); these findings are not surprising, given that small organizations are much less likely to have hotlines or internal audit departments (see Figure 27).
About
息 2025 際際滷