Some would say that internal audits is just another one of those ‘useless’ things every organization is supposed to do, but the truth is, conducting internal audits is an essential tool for fraud control!
In fact, companies have a lot to gain by having a sound internal audit system. With the prevalence of organizational fraud getting higher as new technologies give rise to more opportunities to commit fraud, the more it is of immediate need to have an internal audit program!
Now, we are not discounting external audits, but having to hire a separate organization to audit yours means that you are on the losing side of the fraud battle.
External audits are often scheduled and this means that the smart fraudsters would have more time to cover their tracks. Having a well-structured system for internal audit means possible mitigating the effects of fraud if it is caught and stopped soon enough.
So what standards must an internal auditing system have? What practices must it employ to maximize results and curb fraud in your organization? There’s a lot! But we can start with our magic 7 list of best practices below:
The internal audit should be an independent function.
It should not be under any department of the organization, especially not under accounting and finance where the majority of fraud cases usually happens.
The internal audit should report only to the highest authority possible.
Having the auditing committee report under a supervisor, manager, a CFO, or a CEO only creates more chances for vital information to be altered before it reaches the right person or persons.
The internal auditors need to be properly trained and have appropriate resources to conduct their function.
Every company is different and thus, the auditors have to be well-trained and very knowledgeable about the company’s operations. How would they know if a process was carried out correctly when they have no idea about the process in the first place, right?
There should be a Board-approved audit plan.
Organizations tend to have different departments or units, and the audit plan has to address all these. It would be best if the audit plan was approved by the Board and adjusted if needed.
The top management should promptly review audit reports.
We’ve mentioned in one of our earlier fraud prevention articles that timing is of utmost importance in preventing and stopping fraud in its tracks. Properly timed corrective actions needs to be taken by the upper management. There should also be clear timeframes and measurable outcomes for actions taken.
Internal controls should work hand in hand with internal audit systems.
Reports, red flags, and the like all have to be properly documented and caught early on to make sure that possible frauds are dealt with.
Controls should also be audited.
Testing of controls on a frequent basis helps with keeping them sharp and in-line with your fraud control objectives. Need we say more?
Remember that internal audits needs to be manned by people with the right skills and access to resources that they will need to combat fraud. There should be proper documentation processes in place and they should be independent enough to not be influenced by any departments.
Want more fraud control advice? Then contact us and we can discuss with you the specific fraud control measures you can take for your organization. In this age of higher prevalence of occupational fraud, you’ll need the premier private investigators in Toronto on your side!