FRAUD RISK ASSESSMENT FOR INTERNAL AUDITORS.

The implications of the legal and regulatory requirement on fraud risks to the internal auditors.

As can been seen from the United Nations Convention against Corruption and Economic Crime, and corporate governance standards, one of the fundamental mandatory requirements globally adopted is for the management and company boards to establish robust internal control systems including fraud risk assessment, anti-fraud internal control programs, management certifications of the effectiveness of the internal control systems. The external and internal audits are to provide objective independent assurance on the effectiveness of the internal controls and report to management, board and to the regulators, where applicable.

To ensure that fraud risks are proactively prevented, detected and the root causes effectively addressed, both the internal auditors and external auditors are required to incorporate fraud risk assessments in their audit engagement delivery life cycle and apply the risk assessment outcomes to drive decisions and actions around the audit planning, field work execution, reporting, audit conclusions and recommendations for improvement. The International accounting and auditing standards regulators and also the Institute of Internal Auditors (IIA) have emphasized the importance of paying attention to fraud risk exposures and anti-fraud control programs by their members in the course of carrying out their professional duties.

Most external auditors appear to be responding well in adhering to the fraud risk assessment requirements in their audit engagement delivering because they have clarity and good understanding of what specific activities that need to be done. However, this is not the case with most internal auditors. A large number of the internal auditors have continued to struggle in these areas due to knowledge and experience gaps. As a result, the internal audit functions have not lived up to the business needs and stakeholders’ expectations. This poor perception about the internal audit performance has been reinforced by the results of the ACFE 2020 global survey which revealed that over 40% of fraud cases discovered in the organisations are done through the help of other stakeholders including customers, employees, vendors and the first and second lines of defense assurance functions. The Internal Audit function discovers only about 15% of the fraud cases and this is considered a poor performance, The implication of this is that the internal auditors should do more to live up to the expectations in contributing more for fraud prevention, detection, root cause analysis and solutions.

Understanding the internal audit lifecycle is a critical success factor.

Incorporating fraud risk assessment in the audit engagement delivering lifecycle means searching for fraud indicators across all the phases of the internal audit lifecycle, finding them and using the information to drive decisions and actions through all the phases in the lifecycle. This means that a good understanding of the internal audit lifecycle is fundamental as this will help the internal auditor to know the phase compositions, key decision points, fraud risk assessment considerations, expected actions and deliverables. Presented below is the diagram of the internal audit lifecycle and descriptions of the considerations and deliverables of the phases.

The activities within the internal audit lifecycle are iterative and requires that none of the phases should be skipped as doing so will negatively impact the final deliverable, quality of reporting, conclusions and recommendations.