FRAUD RISK ASSESSMENT FOR INTERNAL AUDITORS.

Some common fraud risk indicators  in Payroll Management systems

• Changes to employee key personal data such as name, residential address, bank account and social security number
• Changes to employee business data  such as  business entity in a Group, business department or unit, office location and identity number
• Duplicated employee records including names and identity details and duplicated payment
• Continuously repeated  overtime hours and payments including authorized and unauthorized overtime.
• Unusual performance compensation payments including sales commissions, bonuses and others
• Unremitted statutory payroll deductions
• Uneducated IOU or loan advances including unremittance of the deducted ones.
• Unusual reimbursements of expenses to an employee payroll account
• Unusual variances in gross payment
• Unusual variances in payroll costs
• Inconsistent payroll data files  with HR personnel database
• Out of sequence payment reference numbers
• Payments to employees of leave of absent – prolonged sick leave, education leave, work break, etc.
• Payment to terminated or exited staff
• Unreconciled payroll account against the corresponding general ledger account.

Some common fraud risk indicators ICT systems.

• Presence of Default super user accounts and password
• Use of Super User Accounts and password to logon and work in the system
• Unknown  user names
• Exited staff with active user accounts
• Exited staff user logon accounts logged on with after staff exit and disabled
• Users with activities at odd hours
• Users with prolonged active logged on length of logon
• Valid users with unauthorized activities
• Unusual login times and length of login

Conclusion

No organisation and nation is free from fraud and abuse risks, and the effect on the victim organisations and associated stakeholders can be very damaging. Out of the four key categories and forty-four fraud scheme that can be committed in an organisation, the Financial Statement Reporting Fraud and abuse has the least in frequency of occurrence but with the highest impact on the victim organisation, particularly the public listed companies and public interest entities.

Timely prevention, detection and addressing the root causes of the menace requires that the internal auditors should be intentional at embedding leading practices anti-fraud controls including fraud risk assessments in their functional activities life cycles to drive decisions and actions that lead to success and value addition outcomes. The institute of internal auditors (IIA) and other legal and regulatory frameworks have made it mandatory for the internal auditors to pay attention to fraud risks by incorporating fraud risk assessments in the internal audit planning and based on the outcomes, drive the audit responses, decisions, actions and stakeholders reporting. For the internal auditors to achieve this mandate demands that the internal auditors should build good knowledge and skills to be able to identify fraud risk indicators at both the entity and transactional/process levels. Supporting the internal auditors to achieve this is the whole essence of this blog post. I hope you found the reading helpful.

Kindly leave your comments on this my blog post to let me know how you feel about my post and what I need to do to keep improving my writing. Thank you for investing your time and effort to read my post 

To access my other blog posts, please, click on the url: https://www.sallyogwookeyumahi.com//blog/