TIAPS Module 1 Audit and Assurance workbook
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Internal auditors have an important role to play in raising fraud risk awareness, helping to<br />
reduce the likelihood <strong>and</strong> impact of fraud, <strong>and</strong> supporting the identification of fraud schemes<br />
<strong>and</strong> events. The following extracts from the St<strong>and</strong>ards illustrate the role <strong>and</strong> its limits.<br />
1210.A2 Internal auditors must have sufficient knowledge to evaluate the risk of fraud<br />
<strong>and</strong> the manner in which it is managed by the organization, but are not expected to have<br />
the expertise of a person whose primary responsibility is detecting <strong>and</strong> investigating<br />
fraud. 57<br />
1220.A1 Internal auditors must exercise due professional care by considering the:<br />
• …<br />
• Probability of significant errors, fraud, or noncompliance. 58<br />
2060 Reporting [by the chief audit executive] must also include significant risk <strong>and</strong><br />
control issues, including fraud risks, governance issues, <strong>and</strong> other matters that require<br />
the attention of senior management <strong>and</strong>/or the board. 59<br />
As part of a regular audit engagement, internal auditors should:<br />
• Gather information to underst<strong>and</strong> the purpose <strong>and</strong> context of the engagement, as<br />
well as the governance, risk management, <strong>and</strong> controls relevant to the area or<br />
process under review. Information may be drawn from multiple sources, including<br />
previous audit engagements, reports from specialist investigators (such as fraud<br />
examiners, external auditors, <strong>and</strong> financial inspections), interviews, external research<br />
of similar situations, <strong>and</strong> fraud risk <strong>and</strong> control models <strong>and</strong> benchmarks.<br />
• Brainstorm fraud scenarios to identify potential fraud risks.<br />
• Assess the identified fraud risks to determine which risks require further evaluation<br />
during the engagement. 60<br />
Certain red flags should alert the internal auditor to the potential for fraud. These may<br />
include:<br />
Issues<br />
Give-away phrases<br />
used<br />
Potential Red Flags for Fraud<br />
• “As a work around …”<br />
• “Just this one time …”<br />
• “I have always done it this way.”<br />
• “Once in a while we …”<br />
• “Off the record …”<br />
• “There are no policies or procedures for this process.”<br />
• “Someone told me to do it this way; however, I am not sure<br />
why.”<br />
• “This is really how it is done.”<br />
• “The way it is supposed to work …”<br />
57<br />
The International Professional Practices Framework, The IIA, 2016.<br />
58<br />
The International Professional Practices Framework, The IIA, 2016.<br />
59<br />
The International Professional Practices Framework, The IIA, 2016.<br />
60<br />
IIA Practice Guide: Engagement Planning – Assessing Fraud Risks, The IIA, 2017.<br />
62