Lastest news

IIA publishes position paper on fraud controls

Apr 05, 2019

The Institute of Internal Auditors (IIA) announced the release of a new position paper Fraud and Internal Audit: Assurance Over Fraud Controls Fundamental to Success.

The new paper describes specific internal audit responsibilities regarding fraud prevention and detection. Internal auditors must have sufficient knowledge of fraud to evaluate fraud risk and the manner in which it is managed by the organisation. However, the paper also points out that, while some internal auditors may investigate fraud, organisations should not expect an internal auditor to have the expertise of a person whose primary responsibility is fraud investigation.

Fraud investigations are best carried out by those experienced to undertake such assignments. It is essential that any investigation is undertaken by qualified individuals to reduce the risk of compromising evidence, accusing wrongfully, or undermining prospective legal actions.

According to the position paper, every organisation should have an anti-fraud response plan that outlines key policies and investigation methodologies. The plan should make clear the role of internal audit when there is suspected fraud and associated control failure.

The paper also provides key questions that boards of directors and other governing bodies should ask their organisations regarding fraud:

  • Does the organisation have a fraud response plan in place that outlines key policies and investigation methodologies?
  • Who carries out fraud investigations within the organisation?
  • Is internal audit tasked with identifying where fraud risk is present, and does it audit controls in these areas?
  • When fraud has occurred, does internal audit investigate to understand how the controls failed and how they can be improved?
  • Is internal audit tasked to investigate fraud, and, if so, does it possess the proper skill sets to carry out such investigations?

To access this and other IIA Position Papers, visit The IIA’s website.

Source: IIA