Following a study of how the internal audit function deals with fraud, KPMG has identified the three greatest challenges. What are these challenges and how can the internal auditor arm themselves more effectively against the fraudster?
Nearly two thirds of all fraud cases involve poor internal controls1. It follows logically from this that the internal auditor can play a key role in the prevention and detection of and the follow-up on fraud. By means of various questionnaires and round-table meetings, KPMG has collected input from 69 internal audit functions of a wide range of financial institutions and corporate organisations2. This information was used to formulate the three biggest challenges outlined below.
Firstly, there is a great deal to be gained by approaching fraud proactively by introducing a periodic fraud risk analysis. Only 16% of respondents stated that they carry out a specific analysis geared to identifying fraud risks. The introduction of a periodic fraud risk analysis will allow ongoing identification of fraud risk factors and fraud risks. In addition, it will offer insights into the extent to which fraud risks can be mitigated in both the prevention and the detection stages.
Irrespective of the strength of the internal controls, the success of fraud prevention depends on having an appropriate culture, because fraud is often committed by circumventing internal controls. This means that an internal auditor also needs to take culture and behaviour within the organisation into account. How open is the culture? Do people tackle one another on undesirable behaviour? And does management lead by example? These are elements that the internal auditor can assess periodically.
Nearly 25% of fraudsters already rely on technology. It will become inevitable for an internal audit function to use digital sources and data analysis to determine fraud risks and to detect and handle incidents. In recent years, a great deal of software has been developed that is easily accessible in terms of both price and the technological know-how required to use it. It is essential for the internal audit function to stay abreast of these technological developments.
Author of this blog is Jiri Brummer, Consultant Forensic Technology at KPMG. If you require any further information on this topic, please do not hesitate to contact Jiri on + 31(0)20 656 8157.
1) KPMG International, "Global profiles of the fraudster: Technology enables and weak controls fuel the fraud," 2016.
2) N. de Rooij & T. Eijken, "Fraude: een uitdaging voor de internal auditfunctie", Audit magazine, vol. 6, no. 4, pp. 56-58, 2017 (Dutch only)