Do internal auditors have a responsibility to investigate suspicious activity?
In the latest edition of our video series "MISTI on Audit," Joel F. Kramer, vice president of audit curriculum at MIS Training Institute, talks about what auditors should do if they suspect fraudulent behavior and internal audit's role in detecting and preventing fraud.
Kramer says internal audit is responsible for looking for fraud and for assessing the systems in place to prevent it. "This is something that has been evolving over time to a more aggressive role both at a macro and micro level," says Kramer. "At the micro level, we should be asking on every audit, 'is there the possibility that fraud could occur?' And on the macro level, we should make sure that we have great entity-level controls that address anti-fraud procedures."
He says that data analytics is one of the most effective tools in the fight against fraud. "You need to use data, you need to know how to use the data and what transactions may generate more questions and open up the need to go even deeper," says Kramer.
Kramer also examines internal audit's role in looking for fraud and how that responsibility fits with the unwanted perception by some as the organization's police force, a perception that internal audit has worked hard to overcome. "One of the things about internal audit that we have learned is that sometimes you have to go against the grain. Sometimes you have to take an unpopular stand," he says. "But what I think we really want to do is not be addressing insignificant, immaterial exceptions on low-risk areas." For high-risk areas, he says, you have a responsibility to take action.
Click here to watch the interview.