Fraudulent acts by employees and outsiders alike have risen since the onset of the 2008–2009 economic recession, and internal auditors predict that these criminal activities will continue unabated throughout 2010 despite increasing management deterrence efforts. Those are the principal findings of a new Knowledge Alert, Emerging Trends in Fraud Risks, from The Institute of Internal Auditors (IIA).
Not surprisingly, the almost 300 chief audit executives (CAEs) and other internal audit professionals working in organisations of varying sizes and industry groups surveyed by The IIA overwhelmingly believe that internal auditors can add value to their organisation’s fraud risk management efforts
through robust assurance and consulting activities, such as automated data mining and analysis.
“Throughout my career of more than 30 years as an internal auditor, I’ve seen several recessions come and go, and their impacts on organisations have followed predictable patterns,” says IIA President and CEO Richard Chambers, CIA, CGAP, CCSA. “The recessions we’ve experienced in the past, like the one we’re just emerging from, foster an environment that’s highly conducive to fraud schemes, and internal audit activities are in a perfect position to show their great value during these turbulent financial times.”
More specifically, among the 31% of survey participants from organisations where instances of fraud were detected since 2008, 43% report that fraud occurrences increased from 1% to 10%, 28% indicate fraud increased from 11% to 20%, and 14% say fraud increased by more than 20%. Theft of company property and resources — including proprietary information — is the fastest-growing fraud reported by respondents followed by embezzlement, including expense-account fraud and third-party/vendor fraud.
To their credit — and to the benefit of their shareholders and customers — the majority of organisations represented in the survey (76%) have implemented a fraud risk management program, 34% formal and 42% informal in nature. These programs most commonly feature processes for detecting fraud and policies on and procedures for reporting suspected frauds.
Leading internal audit practices detailed in the 24-page Knowledge Alert for assisting the board and management discharge their responsibility for deterring fraud are:
- Increasing fraud awareness, communication, and training throughout the organisation.
- Reviewing systems in place and their corresponding policies, procedures, and controls.
- Performing regularly scheduled audits that monitor high-risk areas.
- Reviewing audit-specific financial activities.
- Implementing a continuous audit process.
- Performing risk assessments and risk-based audits.
- Increasing the level of coordination and cooperation with internal and external groups and other programs within the organisation.
- Increasing fraud awareness, communication, and training at all levels of management.
- Conducting or assisting in fraud investigations.
- Performing data mining and analysis.
The findings of the new Knowledge Alert are supported by other IIA surveys conducted during the last two years. For example, 51% of the 190 CAEs surveyed at the beginning of last year predicted that instances of fraud would increase in their organisation during 2009. And the majority of Fortune 250 CAEs participating in a March 2009 IIA roundtable discussion reported that they had increased their focus on fraud, particularly in areas with high recession-related risks.