This is the html version of the file
http://www.oecd.org/dataoecd/61/26/47657902.pdf.
Google automatically generates html versions of documents as we crawl the web.
Page 1
www.theiia.orgPreventing and DetectingFraud and CorruptionInternal
Audit’s Role OECD 50th Anniversary SeminarApril 13, 2011 Richard F.
Chambers, CIA, CGAP, CCSAPresident and CEOThe Institute of Internal
Auditors
--------------------------------------------------------------------------------
Page 2
www.theiia.orgAgenda• Internal Audit’s Role in Preventing andDetecting
Fraud & Corruption• Experiences and Reflections from a Retired IG •
The IIA Fraud-related Standards and Guidance• Final Thoughts
--------------------------------------------------------------------------------
Page 3
www.theiia.orgInternal Audit’s Role in Preventing and Detecting Fraud
& Corruption
--------------------------------------------------------------------------------
Page 4
www.theiia.orgTop Internal Audit ActivitiesIIA 2010 Common Body of
Knowledge (CBOK) Study
--------------------------------------------------------------------------------
Page 5
www.theiia.orgFraud Prevention and Detection
--------------------------------------------------------------------------------
Page 6
www.theiia.orgBest Practices• IA dual reporting lines – to the highest
level of authority withinthe ministry, and an independent audit
committee• Proper allocation of responsibilities of prevention,
detection andinvestigation– Coordinate efforts with other functions
involved in the fraud and corruptioninvestigation• Reference to fraud
and corruption in IA mandate• Communication among audit committee,
external audit andinternal audit– Increased coordination of external
audit and internal audit• IA plays a key role in:– Advocating
formalization of an internal control and risk management
frameworkgoing beyond purely financial controls to include wider
control environment,code of ethics/conduct and F&C prevention plans –
Educating the public officials on the potential risks related to
operations
--------------------------------------------------------------------------------
Page 7
www.theiia.orgBest Practices - Continued• Recommend the inclusion of
fraud and corruption in the internalcontrol framework• Assess the
effectiveness of the fraud and corruptionmanagement program– Including
ethics, conflict of interest policy, managers’ assertions etc–
Communicating the findings in its annual report to the highest
authority– Using data analysis and monitoring tools: continuous search
for suspicioustransactions or trends or controls overridden, such as
segregation of duties orapproval levels• Improve proficiency and
professionalism to increase auditors’ability to evaluate fraud and
corruption risks and to detect fraudand corruption as swiftly as
possible.
--------------------------------------------------------------------------------
Page 8
www.theiia.orgExperiences andReflections of a Retired IG
--------------------------------------------------------------------------------
Page 9
www.theiia.orgThe U.S. Inspector General Model:My Perspectives• The US
IG Act of 1978: one of the world’sstrongest ministry
audit/investigation models• However, experience reflects:– The dual
reporting relationship fosters independencebut can stifle
relationships– Joint responsibility for audit and
investigationspresents numerous challenges– Transparency can be a
blessing and a curse– Continuous coordination with multiple
partnersfosters more effectiveness in combating fraud andcorruption
--------------------------------------------------------------------------------
Page 10
www.theiia.org• Internal auditors often stumble onto fraud when they
leastexpect it• Fraud schemes will often be exposed by “a tip” during
thecourse of the audit• It is critical to have a “predetermined
protocol” forinstances when fraud is exposed• We are not “Sherlock
Holmes” – leverage the advice andexpertise of legal counsel• The
“higher up the perpetrator,” the more intense theinvestigation process
can become• The personal side of fraud schemes make investigationseven
more challangingFrom My Experience:
--------------------------------------------------------------------------------
Page 11
www.theiia.orgThe International ProfessionalPractices
Framework:Fraud-related Standards and Guidance
--------------------------------------------------------------------------------
Page 12
www.theiia.orgThe IIA Fraud-related StandardsInternal auditors must: •
“….have sufficient knowledge to evaluate therisk of fraud….” (Standard
1210.A2)• “….exercise due professional care….”(Standard 1220.A1)• “CAE
must report periodically to seniormanagement and the board ….. on
fraudrisks….” (Standard 2060)
--------------------------------------------------------------------------------
Page 13
www.theiia.orgThe IIA Fraud-related StandardsInternal auditors must: •
“….evaluate the potential for the occurrenceof fraud and the manner in
which theorganization manages fraud risk.” (Standard2120.A2)•
“….consider the probability of significanterrors, fraud,
noncompliance, and otherexposures when developing the
engagementobjectives.” (Standard 2210.A2)
--------------------------------------------------------------------------------
Page 14
www.theiia.orgIPPF Practice GuidesIIA Fraud Related Guidance
--------------------------------------------------------------------------------
Page 15
www.theiia.org• Does the organization have a fraud governancestructure
in place that assigns responsibilitiesfor fraud investigations?• Does
the organization have a fraud policy inplace?• Has the organization
identified laws andregulations relating to fraud in jurisdictionswhere
it does business?• Does the organization’s fraud managementprogram
include coordination with internalauditing? Final thoughts:Questions
the Internal Auditors should Ask
--------------------------------------------------------------------------------
Page 16
www.theiia.orgQuestions
--
CA Ramachandran Mahadevan,M.Com.,F.C.A.,
http://www.oecd.org/dataoecd/61/26/47657902.pdf.
Google automatically generates html versions of documents as we crawl the web.
Page 1
www.theiia.orgPreventing and DetectingFraud and CorruptionInternal
Audit’s Role OECD 50th Anniversary SeminarApril 13, 2011 Richard F.
Chambers, CIA, CGAP, CCSAPresident and CEOThe Institute of Internal
Auditors
--------------------------------------------------------------------------------
Page 2
www.theiia.orgAgenda• Internal Audit’s Role in Preventing andDetecting
Fraud & Corruption• Experiences and Reflections from a Retired IG •
The IIA Fraud-related Standards and Guidance• Final Thoughts
--------------------------------------------------------------------------------
Page 3
www.theiia.orgInternal Audit’s Role in Preventing and Detecting Fraud
& Corruption
--------------------------------------------------------------------------------
Page 4
www.theiia.orgTop Internal Audit ActivitiesIIA 2010 Common Body of
Knowledge (CBOK) Study
--------------------------------------------------------------------------------
Page 5
www.theiia.orgFraud Prevention and Detection
--------------------------------------------------------------------------------
Page 6
www.theiia.orgBest Practices• IA dual reporting lines – to the highest
level of authority withinthe ministry, and an independent audit
committee• Proper allocation of responsibilities of prevention,
detection andinvestigation– Coordinate efforts with other functions
involved in the fraud and corruptioninvestigation• Reference to fraud
and corruption in IA mandate• Communication among audit committee,
external audit andinternal audit– Increased coordination of external
audit and internal audit• IA plays a key role in:– Advocating
formalization of an internal control and risk management
frameworkgoing beyond purely financial controls to include wider
control environment,code of ethics/conduct and F&C prevention plans –
Educating the public officials on the potential risks related to
operations
--------------------------------------------------------------------------------
Page 7
www.theiia.orgBest Practices - Continued• Recommend the inclusion of
fraud and corruption in the internalcontrol framework• Assess the
effectiveness of the fraud and corruptionmanagement program– Including
ethics, conflict of interest policy, managers’ assertions etc–
Communicating the findings in its annual report to the highest
authority– Using data analysis and monitoring tools: continuous search
for suspicioustransactions or trends or controls overridden, such as
segregation of duties orapproval levels• Improve proficiency and
professionalism to increase auditors’ability to evaluate fraud and
corruption risks and to detect fraudand corruption as swiftly as
possible.
--------------------------------------------------------------------------------
Page 8
www.theiia.orgExperiences andReflections of a Retired IG
--------------------------------------------------------------------------------
Page 9
www.theiia.orgThe U.S. Inspector General Model:My Perspectives• The US
IG Act of 1978: one of the world’sstrongest ministry
audit/investigation models• However, experience reflects:– The dual
reporting relationship fosters independencebut can stifle
relationships– Joint responsibility for audit and
investigationspresents numerous challenges– Transparency can be a
blessing and a curse– Continuous coordination with multiple
partnersfosters more effectiveness in combating fraud andcorruption
--------------------------------------------------------------------------------
Page 10
www.theiia.org• Internal auditors often stumble onto fraud when they
leastexpect it• Fraud schemes will often be exposed by “a tip” during
thecourse of the audit• It is critical to have a “predetermined
protocol” forinstances when fraud is exposed• We are not “Sherlock
Holmes” – leverage the advice andexpertise of legal counsel• The
“higher up the perpetrator,” the more intense theinvestigation process
can become• The personal side of fraud schemes make investigationseven
more challangingFrom My Experience:
--------------------------------------------------------------------------------
Page 11
www.theiia.orgThe International ProfessionalPractices
Framework:Fraud-related Standards and Guidance
--------------------------------------------------------------------------------
Page 12
www.theiia.orgThe IIA Fraud-related StandardsInternal auditors must: •
“….have sufficient knowledge to evaluate therisk of fraud….” (Standard
1210.A2)• “….exercise due professional care….”(Standard 1220.A1)• “CAE
must report periodically to seniormanagement and the board ….. on
fraudrisks….” (Standard 2060)
--------------------------------------------------------------------------------
Page 13
www.theiia.orgThe IIA Fraud-related StandardsInternal auditors must: •
“….evaluate the potential for the occurrenceof fraud and the manner in
which theorganization manages fraud risk.” (Standard2120.A2)•
“….consider the probability of significanterrors, fraud,
noncompliance, and otherexposures when developing the
engagementobjectives.” (Standard 2210.A2)
--------------------------------------------------------------------------------
Page 14
www.theiia.orgIPPF Practice GuidesIIA Fraud Related Guidance
--------------------------------------------------------------------------------
Page 15
www.theiia.org• Does the organization have a fraud governancestructure
in place that assigns responsibilitiesfor fraud investigations?• Does
the organization have a fraud policy inplace?• Has the organization
identified laws andregulations relating to fraud in jurisdictionswhere
it does business?• Does the organization’s fraud managementprogram
include coordination with internalauditing? Final thoughts:Questions
the Internal Auditors should Ask
--------------------------------------------------------------------------------
Page 16
www.theiia.orgQuestions
--
CA Ramachandran Mahadevan,M.Com.,F.C.A.,
No comments:
Post a Comment