"If you do not hire me to capture the Fraudster, you may have the wrong person," the story of a character's internal audit Indonesia telling interviews in the recruitment of internal auditors has ever experienced. Thus the reality. Many perceive the internal audit activity is the party most responsible for capturing the perpetrators of fraud (fraud). In fact, the internal auditor is not the same as the investigator or fraud examiner.
So, how exactly the internal audit activity's role in a fraud investigation that needs to be done by the organization?
Indeed, many of the recent internal audit standards that connects the internal audit fraud. In the Standard 1200: Proficiency and Due Professional Care, for example, internal auditors should have sufficient knowledge to evaluate the risk of fraud and to evaluate what has been done for mitigation organization. Similarly, the standard set in 2060: Reporting to Senior Management and the Board, Standard 2120: Risk Management, or Standard 2210: Engagement Objectives. However, as affirmed in the 1200 Standard, the required knowledge is not required at the level of knowledge and expertise as a person or party primary responsibility is detecting and investigating fraud.
In accordance with the practice guide "Internal Auditing and Fraud" issued by the IIA in December 2009 and then, the role of internal audit activity in the investigation are not rigid and not single. According to IIA, internal audit activity is possible to assume primary responsibility for investigating fraud. In addition, the internal audit activity can also act merely as a provider of resources for investigation, or otherwise, may also not involved in the investigation. Internal audit activity can not be involved in the investigation of them having to be responsible for assessing the effectiveness of investigations. Another reason is because they do not have adequate resources to be involved in the investigation. Whatever the choice, once the first choice of that role needs to be defined first in the internal audit charter, policies, and procedures related to fraud set forth in the company. Different roles may be acceptable as long as the impact of the choices that role against the independence of internal audit activity recognized and dealt with appropriately.
In terms of internal audit activity is given a major role in charge of investigating fraud, then it must be ensured that the team assigned to it have sufficient expertise about the fraud schemes, investigation techniques, statutory provisions and applicable law, and the knowledge and expertise Another is needed in the investigation. Staff needed can be obtained from the (in-house), outsourcing, or a combination of both.
In some cases, internal audit can also use the nonaudit staff from other units within the organization to assist the assignment. This often happens when the necessary expertise and diverse team should be formed immediately. In terms of organization requires external experts, the CAE should establish conditions that must be met providers of external resources, especially in terms of competence and resource availability.
In the case where the primary responsibility for the investigation function is not assigned to the internal audit activity, internal audit activity can still be requested to assist the assignment of investigation in gathering information and making recommendations for improvements of internal controls.
References:
* Practice Guide: Internal Auditing and Fraud, The IIA, December 2009
Tidak ada komentar:
Posting Komentar