The changing role
All organisations are subject to fraud risks and there have been several instances in the past couple of decades when frauds have led to the downfall of organisations as a whole. Some notable examples include, Enron and Worldcom in the USA and Satyam near home. The current economic slowdown has brought to surface a number of high profile frauds like the Reebok and Citibank cases thereby increasing the focus on fraud risk management. Global regulations like the US Foreign Corrupt Practices Act (FCPA), UK Bribery Act, Sarbanes Oxley Act have increasingly put responsibility on the management of organisations to implement an effective fraud risk management framework. In the wake of increasing incidents of frauds in the financial service sector, the Reserve Bank of India (RBI) introduced guidelines for comprehensive Fraud Risk Management (FRM) system for banks.
With increased regulatory focus and widespread negative impact of frauds, the managements and senior executives are increasingly concerned about the vulnerability and exposure of their businesses/organisations to frauds and whether or not they are adequately protected. A recent survey undertaken by Deloitte for fraud in Indian banks indicated that more than half the frauds were detected by internal audit reviews. This brings into focus the role of internal audit in fraud risk management. As the mandate and role of internal audit continue to evolve, managements are increasingly counting on internal audit functions in their efforts for managing fraud risks and keeping organisations protected.
Increasingly, the internal audit function is not to monitor and detect but also to investigate fraud incidences when they arise. The role of internal audit in fraud risk management by way of preventing, detecting and investigating fraud has amplified as a result of economic uncertainty and increased focus of certain organisation's management on fraud risks.