UK businesses are monitoring risks better than ever and increasing their coverage of fraud risk. However, significant challenges around data analysis, staff training and a lack of routine risk assessments remain, according to a study from Deloitte.
The report, Internal Audit Fraud Challenge: Prevention, Protection, Detection, found that economic uncertainty and increased regulation have pushed fraud to the forefront of boardroom agendas. Seventy-six per cent of respondents, who are internal audit leaders within business, say they have discussed how to introduce or enhance fraud risk monitoring during the past year. As a result of this increased prominence at the board level, nearly two-thirds of organisations (64%) have increased their coverage of fraud risk, broadening the remit of internal audit teams. Internal audit functions are now better resourced than in 2010, with fewer than one-third of audit managers (28%) indicating they are under-resourced, compared with 51% two years ago.
In addition, a study by the Institute of Internal Auditors, The Pulse of the Profession: 2012 Global Insights, found that fraud risk is now among the top five planned audit focus areas in North America, Latin America and Asia-Pacific.
Room for improvement
Despite this increased focus on fraud risk, significant challenges remain for organisations if they are to meet the increased threat, Deloitte’s report found.
Forty per cent of internal audit functions surveyed for the report admitted they do not regularly use data analytics, and 38% said their teams do not have the skills or knowledge to do so.
“This sort of data analysis can be effective in not only identifying anomalies, but it also helps create a more proactive fraud prevention environment,” said Deloitte forensic technology partner Jarrod Haggerty in a video statement. “The major challenge facing organisations is reviewing how they store and hold data. By getting their document management strategies right, they can vastly improve the quality of their real-time transactions monitoring.”
How to prevent fraud
The report also revealed that only half of organisations carry out routine fraud risk assessments – which Deloitte describes as the most efficient and cost-effective way to prevent fraud.
“Failure to undertake fraud risk assessments on a regular basis will make it difficult for internal audit functions to determine how to effectively focus key and sometimes limited resources on the areas of highest risk,” said Michael Jones, a partner in Deloitte’s enterprise risk services practice.
In addition to these challenges, Deloitte forensic partner Nic Carrington said companies continue to face skills gaps in their investigation capabilities.
“Evidence handling and interviewing skills were two important areas which were highlighted as needing improvement,” he said. “These two areas are core and central to any investigation. Failing to approach witness and suspect information in the right way will mean that critical information is lost and key facts missed. Gather evidence or data incorrectly, and any employee proceeding or court action could be prejudiced.”
Over the coming year, Deloitte’s Jones expects companies to continue to improve their data analytics capability and carry out more fraud risk assessments.
“I’m not convinced we will see much more up-skilling in terms of the ability to deal with and investigate fraud. I would expect companies to continue to outsource those specialised forensic skills,” he said.
Other key findings
- Sixty-four per cent believe economic uncertainty has extended the level of internal audit remit around fraud risk.
- Of those who said fraud risk had increased, 57% noted an increase in internal fraud, while 74% noted an increase in external fraud, which is up from 60% in 2010.
- Internal audit’s top priorities on fraud risk are basic operational controls (noted by 77% of organisations), basic financial controls (74%) and new legislation (55%).
- There is a shortage of skills in investigating frauds. Organisations bring in external parties such as the police (45%), IT experts (42%) and forensic accountants (42%).
Kirsty Searles, Deloitte partner in enterprise risk services, in a video presentation offers these three steps to improving fraud risk assessment:
- Senior support is vital to ensure an honest assessment is delivered. Tone from the top is important. If the message from the chief executive down is zero tolerance, it will set the tone and ensure buy-in from all functions.
- Involve a broad spectrum of people who can bring different perspectives from their own detailed knowledge of systems and processes. You want to cover the process end to end and the organisation from top to bottom. For example, a store attendant might provide information on physical theft, while a store manager could provide evidence on management fraud.
- Use hard data to underpin the assessment. Back up statements with facts. For example, examine trends of sales through different channels and payments to high-risk destinations. The challenge is extracting the right data and reporting it in a meaningful manner.
Related CGMA Magazine content:
“Recession Dampens Effort to Stem Corporate Corruption”: A few wealthy nations stepped up efforts last year to crack down on companies that bribe foreign officials to get lucrative contracts abroad, a watchdog group reported. But most of the 39 countries that joined the crackdown launched 15 years ago have done nothing or not enough.
“Bridging the Ethical Divide”: About 80% of companies have ethics codes, yet only 36% collect ethics data. Learn more about the “ethical divide.”
“Companies Do Poorly Managing Corruption Risks in Emerging Markets”: Emerging markets have great potential for rapid growth, but corruption can run rampant. Processes exist to identify and mitigate corruption risks, but fewer than 40% of companies doing business in countries most prone to corruption use them well.
Other CGMA resources:
CGMA case study: Navigating ethical issues: This case study places you in the role of corporate controller for a larger public company, making decisions that will not only affect your future but also the future of many others. The facts of this case cover integrity and objectivity, confidentiality, internal accounting controls, and procedures for investigating and reporting.
Responding to ethical dilemmas: CGMA ethics resources: This tool provides links to resources to help CGMAs navigate ethical dilemmas and respond in a manner that upholds their professional standards.
Ethical reflection checklist: A checklist that allows individuals and organisations to assess the level at which sound ethical management practices have been embedded in the business.
Video: “The Future of Ethics”: A panel of experts discusses ethical culture, accounting for ethics, dilemmas, pressures and business issues.