The audit committee chairman of a Fortune 500 company asked Bonnie Parker, the new internal audit director, to enhance the company’s fraud detection procedures. The request reminded her that it was time to move past traditional fraud prevention efforts such as journal-entry tests and basic questionnaires and evolve the company’s fraud detection program into something more robust and effective. Parker recognized that the existing programs were only analyzing apparent situations with minimal consideration to potential submerged fraud “icebergs.” She didn’t realize that her quest to improve her fraud detection plans would lead her to instituting cutting-edge analytics involving the venerable Fraud Triangle and company e-mails. (Our fictitious Bonnie Parker represents all fraud examiners looking for the truth.)
ECONOMIC DOWNTURN CHANGES EVERYTHING
Due to recent company layoffs, the economic downturn, and increased pressure to meet analysts’ expectations, Parker knew traditional fraud awareness programs and automated tests wouldn’t suffice to weed out significant fraud at its earliest stages. Under normal circumstances, her company would seek to identify fraud-risk areas and develop high-level mitigating factors. However, in these uncertain times, additional efforts are required, which include the assessment of the controls that address each risk factor as well as substantive testing using data analytics.
Parker wondered where she should begin to develop a thrifty but creative program. She had only dealt with minor employee-related fraud schemes in the past, but she knew she needed to broaden her prevention and detection plans and look beyond the obvious. She began by outlining an approach to assess her fraud risk:
- Who within the company should assist and ultimately own the process?
- Upon what areas of the company should she focus her attention during the initial fraud-risk assessment?
- How should she structure the assessment?
- What tools or processes could she use to conduct the assessment?
The question that would hopefully lead her to her ultimate goal was: “How do I transform the results of the fraud-risk assessments into actionable components of the annual internal audit plan?”