Training insights: Fraud – shout about the F word
Fraud is the “hot potato” that no one wants to talk about – but it is happening everywhere and the opportunities for fraud have evolved and increased during the pandemic period, warns Martin Robinson who leads the Chartered IIA’s course on auditing fraud and financial crime.
Now more than ever, internal auditors need to raise the issue at the highest levels, investigate their organisation’s ability to spot fraud, ensure that it is limiting the opportunities for fraud to occur and that it has the processes to deal with fraud quickly and unambiguously when it happens, he says.
“Participants often tell me they’re the only people talking about fraud in the business and others say that if they raise the issue with executives they are shown the door. Too often, senior management doesn’t want to know,” he says. “But this is a huge risk to every organisation – not just in terms of the sums lost directly to fraudsters, but also the time and money lost to recovery processes, legal fees, recruitment costs, morale and productivity problems and, most significantly, reputational risks.”
Robinson is a consultant to the Fraud Advisory Panel, which developed the course as part of its work to increase awareness of fraud and to develop the skills needed to counter it. The problems are not new, but opportunities and fraudulent practices have evolved as technology and working practices have shifted rapidly during the pandemic and management’s attention has been distracted.
Moreover, he says, many organisations’ responses to fraud have not improved much over the past 10 years.
Law enforcement has also been inadequate and disconnected for many years, although the government has now started paying attention and has promised a taskforce to look into it. This means that there is likely to be renewed focus on fraud, and internal auditors will need to keep up with developments. There is a lot of catching up to do, Robinson warns. Fraudsters have been getting away with their crimes and know that these are likely to remain undetected.
Focus on prevention
This is why it is still far more cost-effective to focus on fraud prevention and to set in place the processes and culture that deter potential fraudsters, limit opportunities for fraudulent practices and regularly monitor activity in areas vulnerable to fraud – such as procurement, supply chains, human resources and, in particular, finance. Much cybercrime is only old-fashioned fraud with a high-tech face. Such activity will involve many functions and management in all three lines, but internal audit has a clearer role than many internal auditors realise.
“Internal auditors need to be brave about fraud, because there are often few rewards for raising the issue if senior managers don’t want to know,” Robinson admits. “However, if internal audit aspires to be a true adviser then internal auditors need sometimes to put their heads above the parapet.”
They can also help to explain the value of a strong ethical culture in the organisation, not just to prevent bad behaviour, but also to make it attractive to new recruits and to provide a positive image in the press and to stakeholders. Internal audit already works to assess and monitor corporate culture and ensuring clear understanding of ethics and “good behaviour” is an essential part of a comprehensive approach to fraud.
Similarly, internal audit already investigates and talks to people in all the key high risk areas for fraud. Many internal audit teams have moved away from focusing closely on finance operations in recent years, confident that these are covered by well-established processes and controls, however the pandemic and huge disruption in many organisations means that finance risks have risen up the internal audit agenda again. This is the perfect opportunity for internal auditors to re-examine these processes and update their awareness of the ways fraudulent practices have developed.
More negatively, Robinson is concerned that a combination of overstretched internal audit teams working to help organisations reset after the disruption of Covid, plus the reluctance of senior management to focus on fraud, will cause many to miss this opportunity and the incidence of fraud will accelerate still further.
Knowledge is power
This is precisely why all should now be thinking hard about the issues and increasing their knowledge of the latest trends in fraud. The auditing fraud and financial crime course highlights the nature of recent fraudulent activity and the way in which fraudsters have seized opportunities over the past couple of years, and enables participants to share their own experiences, both of uncovering fraud and of finding ways to engage management. They can also ask directly for ideas and advice.
Robinson recommends that all internal auditors read widely to increase their awareness of the extent of fraud in all sectors and types of organisation. “Don’t rely just on what your own organisation sees and how it acts. Allocate someone in your team to research recent court cases and to explain what these involved and why the ones that go to court are the tip of the iceberg,” he advises.
He also advocates using the “F” word far more frequently to raise awareness. “Fraud permeates every level of the organisation and we will be uncovering examples of how it has proliferated during Covid for years to come,” he warns. “The best responses tend to come from organisations that make someone explicitly responsible for managing fraud risk.”
Delegates on the course will look at the often misunderstood role of internal audit in combatting fraud and how this fits with the Standards, as well as exploring ways to map fraud risks. It will examine what a good anti-fraud strategy and anti-fraud policies look like and will consider the all-important human dimension to fraud – who commits it and why. Robinson will also consider the key areas vulnerable to fraud and the red flags that all internal auditors need to watch for, such as poorly reconciled suspense accounts or lack of authorisation procedures.
“Detail is important, and if you’re not looking at finance, you’re not doing internal audit,” he argues. “This course is a top-level sampler. I tell all delegates that I won’t give them an audit programme – they need to go away and do more research and write their own.”
Last, but not least, he asks delegates what attending the course will mean for them and for their organisation. “I ask them to identify what they will go back and do and say as a consequence of what we’ve discussed,” he says. “Looking into fraud often opens a can of worms. Are they prepared and what will change?”
Auditing fraud and financial crime is aimed at internal auditors and other people involved in finance and governance in organisations who need to understand the risks better. In-house courses are also available for teams. Further advice is available and regularly updated on the Fraud Advisory Panel’s website.
This article was published in March 2022.