The past 20 years have seen many attempts to overhaul how the auditing profession functions. There are countless examples of fraudulent perpetrators who crafted ways to circumvent the rules to the detriment of unwitting stakeholders. To make matters worse, most people assumed that auditors would stop the swindlers in their tracks. While the increase in regulatory oversight bodies, stricter laws, and harsher penalties for those ultimately responsible for assurance have helped to some extent, fraud still happens. The reforms of yesteryear have failed to keep pace with the ever-changing environment in which business is conducted. The Internal Audit profession is no exception.
WHEN FRAUD HAPPENS
It is all too easy to blame the auditors when fraud goes uncovered. Is it not their job to expertly detect fraud and assure users of financial statements that the information can be trusted? Although fraud is certainly brought to light by auditors in many cases, seasoned users of financial information are fully aware that fraudsters can sometimes evade even the most experienced and diligent auditors. Actually, there is a greater likelihood tips will be the reason the fraud is discovered. Audits of controls are limited in that they cannot examine every transaction or occurrence of a control activity and must rely on sampling methodologies and analytical procedures to detect anomalies. To compound this risk, those who commit fraud often act alone and do not have a prior history of fraudulent activity.
Senior management must lead by example in setting the tone at the top to assure that ethical behavior is instilled in all employees and there is no fear of reprisal when a whistleblower reports a violation. An ethical culture is the cornerstone of all reputable businesses and is the best protection against fraud. All too often, senior management and the board believe that the ethical tone at the top reaches down to the bottom and across the entire organization. This is often not the case. You will frequently find pockets of the organization that have unethical environments or environments that support fraud.
How does an organization build and maintain an ethical culture? Taking a proactive stance against fraud and announcing to the world that fraud is not tolerated is the first step. Provide ongoing training and discussion formally and during management meetings. Make sure your employees learn the indicators of fraud and are comfortable reporting suspected instances through the appropriate channels.
How does the organization know if their plan to build and maintain an ethical culture was successful? The key is to “Trust but Verify.” Internal Audit functions have the skills to conduct an independent assessment of the organizations’ ethical culture, conduct data analytics reviews to identify fraud indicators, and to assess that adequate controls are in place to reduce the opportunity to perpetrate fraud.
INTERNAL AUDIT REFORMS
Internal audit reforms are often slow to take effect but talk of increased regulation by governments and oversight bodies is once again gaining momentum. The recent introduction of proposals in the UK go so far as to suggest significant structural changes to how auditors perform their duties. These proposals also address how firms are structured and regulated, and even a new definition of the purpose for a company audit. Barriers to reform are always present. One common barrier is the resistance to increased regulatory burdens when financial resources are already scarce. There is often the perception that the benefits of more regulations will not outweigh their costs. Also, despite the many penalties already on the books for those who commit fraud, punitive consequences are frequently not imposed for perpetrators. This serves to diminish the effect of more regulation and penalties to would-be fraud participants.
Technology continues to change the way we live and work at an astounding pace. The way that internal audits are planned and performed must evolve at an equal rate. Reforms must be considered and implemented on an ever-increasing scale. As technological complexity grows, the demands on the internal audit activity as well as individual auditors within these functions will also increase. A more robust internal audit industry will be the result.
For questions about this article, or for more information on McKonly & Asbury’s Internal Audit and Management Consulting services including how to schedule a business ethics audit for your organization contact our team.