Fraud Prevention and Detection in an Automated World

Global Technology Audit Guide (GTAG)

Written in straightforward business language to address a timely issue related to IT management, control, and security, the GTAG series serves as a ready resource for chief audit executives on different technology-associated risks and recommended practices.

Fraud is a business risk that executives, especially chief audit executives (CAEs), have had to deal with for a long time. Numerous headlines have highlighted corporate scandals and wrongdoing that demonstrate the need for organizations and governments to improve governance and oversight. How to address fraud risk within an organization effectively and efficiently is a major topic of concern for boards of directors, management, business owners, internal auditors, government leaders, legislators, regulators, and many other stakeholders. In many cases, new laws and regulations from around the world have forced organizations to take a fresh look at this longstanding problem. Despite the fact that many internal audit organizations are faced with tight budgets, limited staffing, and extended workloads, today’s audit professionals are expected to take a proactive role in helping organizations manage fraud risks by ensuring that appropriate controls are in place to help prevent and detect fraud. To meet the expectations of management, business owners, and boards of directors, CAEs are challenged to use their available resources effectively and efficiently. To this end, internal auditors require appropriate skills and should use available technological tools to help them maintain a successful fraud management program that covers prevention, detection, and investigation. As such, all audit professionals — not just IT audit specialists — are expected to be increasingly proficient in areas such as data analysis and the use of technology to help them meet the demands of the job. In addition to evaluating the adequacy of internal controls, a challenge for internal auditors is to look beyond the controls and find loopholes in systems where fraud could occur. With an understanding of the relationships among different IT systems and applications, internal auditors can apply their critical thinking to identify high-risk areas and drill down to specific transactions. The purpose of this GTAG is to supplement The IIA’s Practice Guide, Internal Auditing and Fraud, and to inform and provide guidance to CAEs and internal auditors on how to use technology to help prevent, detect, and respond to fraud. The guide focuses on IT fraud risks, IT fraud risk assessments, and how the use of technology can help internal auditors and other key stakeholders within the organization address fraud and fraud risks.