Recent reviews into the audit market have highlighted expectations of what companies and their external auditors should be doing to prevent and detect material fraud. Given the current economic climate has heightened the risk of fraud, we expect to see a greater focus on this area from management and audit committees.
While consideration of fraud has been a longstanding requirement for both directors and external auditors, there has been a lack of clarity around what is required. The Brydon report recognises this and recommends that obligations for companies and their auditors be clarified and expanded, specifically:
In our experience, while many companies have shown good practice in anti-fraud activity across their business, this is often fragmented with limited central knowledge, oversight or governance structures.
Grant Thornton US have recently partnered with the Association of Certified Fraud Examiners (ACFE) to publish an anti-fraud playbook, which provides a series of practical steps that businesses can take to assess and strengthen their fraud risk management framework. These align with the Committee of Sponsoring Organizations of the Treadway Commission's (COSO) five key principles, as set out below:
|
COSO principle |
Practical steps |
|
Fraud risk governance |
|
|
Fraud risk assessment |
|
|
Fraud control activities |
|
|
Fraud investigation and corrective action |
|
|
Fraud risk management monitoring activities |
|
While management is responsible for fraud prevention and detection, internal audit should be considering how the business manages fraud risk and auditing relevant processes and controls. It’s likely that many internal audit teams will be asked to support a review of their company’s fraud risk management framework.
Here is what internal audit teams should consider and how the anti-fraud playbook can help:
The playbook includes an anti-fraud maturity assessment model, which is a useful tool. It can also facilitate conversations around future state aspirations.
The playbook includes a template and some practical guidance for identifying key fraud risk areas and related control activities.
This should be familiar to internal audit teams, and they can use their expertise to support the business in developing an anti-fraud analytics programme.
As the fraud risk framework matures, internal audit can also support with the development of monitoring controls and reporting, so that the business can provide assurance that the program is designed effectively and operating as intended.
Unsurprisingly, there is a clear focus on what companies are doing to prevent and detect material fraud, with the Brydon report recommending greater disclosure of actions taken to address this and external auditors adopting a suspicious, rather than sceptical, mindset. Internal audit should look at existing fraud risk and assurance activities and consider how it all fits together.
For more information on the playbook and pragmatic advice for how your organisation can review and strengthen its fraud risk management framework, contact Eddie Best.
