Internal Audit Specification Number 6 – Prevention, Detection and Reporting of Fraud
1 Introduction
The purpose of this Internal Audit Specification is to define procedures for the prevention, detection, and reporting of fraud. This document sets out the minimum standards for fraud detection, investigation and reporting, and should be followed strictly by all Internal Auditors and senior management.
2 Scope
This Internal Audit Specification is applicable to all entities operating within the jurisdiction of the relevant organization. It applies to all relevant transactions, operations, and processes.
3 Prevention
The prevention of fraud is a key element in the prevention of financial losses, reputational damage and the disruption of operations.
A. Risk assessment
The Internal Audit team should assess the risk of fraud in the entity on an ongoing basis, taking into account the type of operation, the size of the entity, its geographical span, the complexity of its operations, the level of responsibility assigned to employees, and any known precedent of fraud.
B. Education
The Internal Audit team should promote awareness and education in relation to fraud throughout the entity, including the development and implementation of an appropriate fraud risk management policy and education programmes for staff.
C. Auditing
The Internal Audit team should perform continual auditing of operations and processes to detect any potential fraud.
D. Reporting
The Internal Audit team should establish procedures for the reporting of incidents and suspected fraud.
4 Detection
A. Whistleblowing
The Internal Audit team should encourage staff to raise any concerns or suspicions of fraud or irregularities through the established whistleblowing mechanism.
B. Monitoring
The Internal Audit team should monitor transactions and activities to identify any potential fraudulent activities.
C. Analytics
The Internal Audit team should use analytics to identify any potentially fraudulent activities or anomalies in the data.
D. Internal Control
The Internal Audit team should review and assess the internal controls system in place to detect any weak or vulnerable areas that may be open to abuse or fraud.
5 Reporting
The Internal Audit team should report any instances of fraud or any suspicions thereof to the relevant stakeholders, including the board and any relevant external authorities.
The reporting process should include detailed documentation and evidence of the fraud or suspected fraud.
6 Conclusion
This Internal Audit Specification outlines the minimum standards for fraud prevention, detection and reporting. It is essential that these processes are followed strictly by all Internal Auditors and senior management, in order to eliminate potential for fraud and protect the integrity of the organization.