I
n my December 2019 blog I stated “I will provide eleven statements in the spirit of causing you to think about your audit plan and help you create a dialog in your company about improving your ability to find fraud risk statements within your audit.”
The remaining three observations are what I have referred to as the “my statement”. These are my predictions, hopes or my aspirations.
In ten years there will be a software solution for detecting internal fraud. That is my prediction. I am currently working with a software company, please visit their website Valiresoftware.com.
The intent of my statement is not to market a software company, although I suppose to some extent, I am doing exactly that. I became involved with this company because I saw the opportunity to take fraud auditing to the next generation.
As you may be aware, I was a speaker about fraud data analytics at the 2019 General Auditor Conference, referred to as the GAM conference. The theme of the conference was: Looking toward the Future of Internal Auditing.
The brochure stated: For 40 years, the GAM Conference has been the essential experience for audit executives to be influential, indispensable, and informative. The tradition of excellence will continue with a future-focused theme, 2020 Vision — Influencing the Next Decade of Internal Audit. The top-notch program features industry influencers who will share their perspectives on how to best position audit leaders for future advancements.
At first, I just considered the phrase as a tagline. But, after attending as a speaker and a listener, I really started to think about statement and what it meant to the fraud audit profession. I have stated for a long time, your best anti-fraud strategy is to increase the perception of detection.
Think about that phrase, increase the “perception of detection”. This software solution is going to happen. It will create a proactive solution. From the Valire website:
Cognitive computing for internal fraud detection. Valire software is an automated and customizable cognitive internal fraud detection solution that continuously monitors organizational IT systems. By employing context detectors that utilize cognition-guided algorithms, we validate specific transactions as part of entire business processes to identify real fraudulent acts in real time.
So, should your audit department be an observer? Or should your audit department be a proactive facilitator in helping your company improve their anti-fraud program? I think audit has an opportunity to add value by helping management build a better mousetrap. Who knows more about fraud risk in your company?
Every large company has fraud schemes occurring in their core business systems right now. This is my opinion. Yes, many of the schemes are material, maybe not to the financial statements, but the cost of the schemes is a very large.
In the March / April 2019 ACFE magazine I published an article on detecting shell companies through the use of fraud data analytics. As part of researching the topic, I found more cases involving shell companies than I could read. One organization lost over $82 million. If you have read the annual fraud report published by the ACFE you know that total fraud may equal five percent of your company’s revenues.
I subscribe to the white collar 360 and the NY 360 newsletter. Every day, I read about various fraud schemes impacting organizations. These fraud schemes come in all sizes and shapes ranging from bribery to price fixing on tuna fish.
There is little doubt in my mind that fraud risk statements are occurring in every major company in the world, right now. No one really knows the frequency of these events or the dollar magnitude. The best we can do is infer the extent of the occurrence and magnitude of the fraud risk universe.
I am not a criminologist, so I will not opine on why people commit fraud risk statements. I simply accept that they do. From an internal control perspective, maybe we need to change our mindset. Do fraud risk statements occur because of a control failure? Or a people failure? Or has a company become so large & complex that fraud is inevitable? I am sure you are saying yes to all.
I really want you to think about “inevitable”.
Auditors should be responsible for detecting fraud in the conduct of an audit. This is one of my most controversial statements.
In one sense this is not a prediction. Statement of Auditing Standards # 99 already states that the audit of a financial statement includes misstatement from fraud whether the misstatement is caused by financial reporting or asset misappropriation.
For years at audit conferences I have heard auditors talk about how they add value to their organization. They talk about continuous auditing, enterprise wide risk assessment or aligning audit activities with the strategic goals and objectives of their companies. To be clear, I do not doubt their statements. However, I believe CAE’S are missing a great opportunity to help their organizations better manage the stealthy cost of fraud.
I personally believe that fraud is the greatest unmanaged cost to an organization. I am sorry, but fraud prevention controls are not enough. First, there are many fraud schemes that can occur and comply with your internal controls. In addition, the concept of internal control inhibitors can mitigate the effectiveness of internal fraud prevention controls: collusion, management override, bribery and corruption, etc. Every company needs both a solid fraud prevention and a proactive fraud detection program.
I have stated for many years that I believe audit should be the number one reason for fraud detection. We have the talent, resources and skills. What we do not seem to have is the desire. Why is that?
I have now written five blogs in the spirit of causing you to think about your audit plan and helping create a dialog in your company about improving your ability to find fraud risk statements within your audit. It is my hope many of you will in fact start to implement a proactive fraud auditing approach.
