Kroll, a division of Duff & Phelps, the global leader in risk mitigation, investigations, compliance, cyber resilience, security and incident response solutions, The Institute of Internal Auditors (IIA) and Internal Audit Foundation, the nonprofit research and publishing arm of The IIA, today identify that greater empowerment of and increased investment in an internal audit can have a significant impact on the effectiveness of fraud risk management programmes. This is highlighted in a new research report, “Fraud Risk Management in Internal Audit”.
The report, based on a survey of over 700 internal audit professionals across the globe and across industries, reveals that the vast majority (80%) of internal auditors are facing barriers to being involved in managing fraud risk, despite almost two thirds (62%) saying they had seen an increase in fraud incidents over the past five years.
Tarun Bhatia, Managing Director and Head of South Asia at Kroll comments:
“As the pandemic continues to affect and transform the way we do business, new risks and frauds are emerging, making it an ever more challenging environment for companies to operate. The current conditions where businesses are suffering, people are desperate, system and processes are compromised, can lead to a perfect platform for fraud to occur and go undetected. These extraordinary circumstances demand a greater emphasis on fraud risk management.”
“Following recent scrutiny of the external audit profession globally, the focus is turning to companies’ internal defences against fraud, of which internal audit can be a key participant. India is no different. Traditionally internal audit as a function has been outsourced and lacked management focus. A stronger and specific mandate for internal audit and increased focus of boards towards strategic fraud risk management will add significant value and ultimately contribute to reducing incidents of fraud. Greater accountability on and support from the internal audit will help companies to detect fraud earlier, and speedy investigation and remediation can be carried out when issues occur. To make this happen, there needs to be complete support from the senior management, adequate resource allocation, and recruitment of people with the necessary skillsets.”
The report shows a clear disconnect between fraud risk assessment and resulting strategic plans. Almost half of the survey respondents felt that internal audit teams were not part of enterprise-wide strategic decision making, even though 91% said that they had at least some role in assessing fraud risk.
Where internal audit was part of the strategic risk management of fraud, the process was perceived as more effective overall. Those who felt that their organisation’s risk management process was ‘very good’ or ‘excellent’ increased from 31% to 60% between respondents who were ‘very involved’ and those who were ‘extremely involved’ in fraud risk management.
For those respondents who said they were ‘minimally involved’ or ‘not involved’ in the fraud risk management process, only 12% felt that their effectiveness was ‘very good’ or ‘excellent’, with over half stating that overall the fraud risk management programme was fair or poor.
A third (33%) of respondents said a lack of resources was the biggest obstacle to the internal audit being more involved in fraud risk management processes. A further one in four (23%) cited a lack of mandate as the most significant barrier, followed by one in five (21%) who cited concerns over potential conflicts of interest.
In a webinar quick poll of 1,750 internal auditors conducted by Kroll and The IIA in July 2020, it was revealed that two thirds (65%) of internal audit professionals felt that COVID-19, remote working, and financial strains would result in an increased risk of fraud. Over three quarters (77%) agreed that, if the internal audit was more involved in strategic fraud risk management, the fraud risk management process would improve.
Richard F. Chambers, President and CEO of The Institute of Internal Auditors, comments:
“It is vital for organizations of all sizes and industries to have boards, executive management, and internal audit leaders who are well aligned in their approach to managing risk, including fraud. Internal audit plays a critical role, with other surveys supporting these findings that, when the internal audit is involved, the impact of fraud is lessened. That’s because the internal audit is well-positioned due to its enterprise-wide view of an organization to identify vulnerabilities for potential fraud and, in some cases, even to investigate. What’s clear is that internal auditors know how to follow the risks. But they must have the resources to assess the exposure to potential fraud, ensure internal controls are in place and effective to limit such risks and to offer assurance that risk management processes are robust and appropriately implemented.”