Renewed focus on fraud.THE IIA'S INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF Internal Auditing (Standards) are undergoing revision. One of the proposed changes is The Institute's prescribed approach to fraud and fraud risks, which places greater emphasis on the auditor's fraud-related responsibilities. The revised standard 1210.A2, recently exposed for comment, states, "Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud." Will the change become practice if incorporated into the profession's standards? Will executive management accept this change and buy into the auditors' modified approach? Will it mark internal audit professionals as internal police officers? Probably not, but members of the profession, and the clients they serve, will need to adopt certain changes to ensure a successful transition. [ILLUSTRATION OMITTED] Primarily, our profession faces a challenge with regard to its overall approach to fraud. I've performed numerous quality assurance reviews and worked in several countries, but I have yet to see internal auditors address fraud risks in their audit plans or work programs. Instead, their work typically focuses on controls. If the auditors identify control deficiencies, they usually recommend new controls but neglect to substantiate them with potential fraud risks. Although some auditors may be reluctant to assess fraud risk, professional requirements would compel them to do so. After all, at the department's next quality assurance review, assessors will check the auditors' fraud-related work against the Standards. Auditors will need to keep the revised fraud requirements in mind during engagements and produce evidence of adherence to them in writing. A change in the auditor's skill set may also be required. According to the proposed revision to Standard 1220.A1, "The internal auditor must exercise due professional care by considering the ... probability of significant errors, fraud, or noncompliance...." If an evaluation reveals suspected or actual fraud, practitioners will need the appropriate techniques to perform a subsequent fraud audit. In many instances, internal auditors may require additional training or outside help. Executive management and the audit committee also need to be aware of, and agreeable to, internal auditors' renewed approach to fraud. In many organizations, management may have become accustomed to internal auditing's consulting role and may not consider its role in assessing fraud risk. To avoid an expectation gap, auditors will need to be clear about their revised obligations and intended focus. If the proposed changes go into effect, internal auditors need to adopt a different mind-set with regard to fraud, maintaining a sharper focus on the possibility of fraudulent activity as they audit. And although the new standards may represent a challenge for auditors, they should bring about positive change. The results should be beneficial to both auditors and their organizations, ensuring increased attention to organizational well-being and a closer eye on the potential for wrongdoing. To comment on this essay, e-mail the author at eila.koivu@theiia.org. The opinions expressed are solely those of the author. EILA A. KOIVU, CIA, CCSA, CISA, CFE |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion