Sophisticated Fraud Requires a Sophisticated, Tech-Savvy Internal Audit Approach

Fraud is everybody’s problem, and it’s becoming increasingly sophisticated, particularly from a technological standpoint.

We note in our point-of-view paper, “Fraud Risk Management: Safeguarding Your Reputation and Well-Being in Today’s Economic Climate,” that an enterprise may lose as much as 7 percent of its annual revenues to fraud. That’s why I hope your company’s internal audit function is fighting fire with fire by using every advanced fraud-fighting weapon available.

I’m encouraged by the results of Protiviti’s 2014 Internal Audit Capabilities and Needs Survey, which indicate that fraud risk management is focusing more and more on the technology behind fraud-prevention efforts, in addition to those efforts themselves. It’s a fact of business life: Internal auditors work in increasingly automated business environments and workplaces, and their fraud prevention and detection methods should reflect this trend.

Our survey found that familiarity with The IIA’s Global Technology Audit Guide (GTAG) 13: Fraud Prevention and Detection in an Automated World is a key general knowledge concern for medium-sized companies (those with $1 billion to $9 billion in revenues), while large companies (those with revenues of $10 billion or more) rank “fraud risk management” among their top priorities. We also found that “fraud monitoring,” “auditing fraud,” “fraud detection/investigation,” “fraud risk,” “fraud risk management” and “fraud management/prevention” all rank high on auditors’ lists of key areas of audit process knowledge.

It’s also important to note that The IIA’s Standard 2120.A2 requires internal auditors to evaluate not only the potential for fraud, but also how the organization manages its fraud risk.

We’ve covered many of these issues previously in our blog, including in entries authored by my colleague, Protiviti Managing Director Scott Moritz. These issues are worth revisiting – the incidence and sophistication of fraudulent activities continues to rise. In light of this, I suggest asking these six important questions within your organization:

  1. How do we evaluate the effectiveness – and proactivity – of our fraud prevention and detection activities in the face of new social, mobile and cloud computing tools?
  2. Are our fraud prevention and detection capabilities keeping pace with the increasingly automated and data-driven nature of our business operations?
  3. How can updated and/or new data analysis and continuous monitoring tools be used to fortify our fraud prevention and detection capabilities?
  4. Are we making sure the internal audit function’s fraud risk management capability is current, robust and proactive given the new technology that regularly enters the organization?
  5. How can our fraud prevention, detection, monitoring and investigation be improved to better address data- and information-related fraud risks?
  6. Do we regularly assess whether the current staffing levels enable the internal audit function to address emerging risks around technology- and data-related fraud?

The risks are too great not to do everything you can to minimize the risk of your organization becoming a victim of fraud. I’d love to hear about your fraud-fighting efforts and concerns in the comment section below.

In closing, this Sunday, November 16, marks the beginning of International Fraud Awareness Week, a week dedicated to fraud awareness, detection and prevention. Visit for more information, and look for insightful entries to our blog next week.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s