Should auditors be responsible for fraud?

The question of whether internal auditors should be responsible for managing fraud risk is a multifaceted one. Let’s explore the arguments for and against this proposition:

Arguments in Favour:

1. Expertise and Proximity:

   • Internal auditors have an intimate understanding of the organisation’s processes, controls, and risks.

   • Their proximity to day-to-day operations positions them well to identify and assess fraud risks.

2. Holistic View:

   • Combining fraud risk management with internal audit functions ensures a holistic approach.

   • Auditors can integrate fraud risk assessments seamlessly into their existing audit processes.

3. Efficiency and Cost-Effectiveness:

   • Leveraging existing internal audit resources reduces duplication of efforts.

   • It’s more efficient and cost-effective than creating a separate fraud risk management function.

Arguments Against:

1. Independence and Objectivity:

   • Internal auditors’ independence and objectivity may be compromised if they manage fraud risk.

   • Independence is crucial for unbiased assessments.

2. Conflicting Roles:

   • Internal auditors primarily focus on evaluating controls and governance.

   • Managing fraud risk involves proactive prevention and detection, which may conflict with their traditional role.

3. Specialisation:

   • Fraud risk management requires specialised skills (e.g., forensic accounting, data analytics).

   • Internal auditors may lack the expertise needed for effective fraud prevention.

Potential Solutions:

1. Collaboration:

   • Internal auditors can collaborate closely with dedicated fraud risk management teams.

   • Joint efforts ensure a balance between independence and expertise.

2. Clear Mandate and Reporting Lines:

   • Define roles and responsibilities explicitly.

   • Ensure that internal auditors report fraud risk findings to appropriate channels.

3. Training and Skill Development:

   • Invest in continuous training for internal auditors to enhance their fraud risk management capabilities.

   • Encourage certifications like Certified Fraud Examiner (CFE).

Conclusion:

Balancing the benefits of leveraging internal auditors’ knowledge with the need for specialised fraud risk management expertise is crucial. Organizations must tailor their approach based on their unique context, risk appetite, and regulatory requirements. Ultimately, effective fraud risk management requires collaboration, transparency, and a commitment to safeguarding organisational integrity.