Fraud is a key business risk and, as such, the internal control framework must include anti-fraud controls that adequately addresses and mitigates fraud risk. As highlighted in this publication, many corporates failed due to poor corporate governance and the prevalence of fraud as an enabler to hide the true state of the financial affairs in the business.
The auditor plays a critical role in providing assurance to the company and its board on the adequacy and effectiveness of the control environment and whether those controls address key business risks. In many instances the auditors either failed to raise fraud red flags, missed the boat completely or were influenced by management to change or dilute their findings thus compromising their independence.
Including forensic professionals in the planning and execution of key audits is fundamental especially in situations where fraud experience and skills are lacking. Knowing the business environment is key to successfully identifying fraud risk and knowing what the fraud risks are is key to detecting fraud during the audit.
Management is the first line of defence in detecting fraud but the opposite also holds true that, unfortunately, management is also the “first line of offense” in overriding of controls due to their authority, access to systems and potential to influence staff.
This is an inherent fraud risk and should be a basic consideration during the audit.
Placing too much reliance on management responses and documents provided without delving deeper or verifying through other means will render the audit useless or ineffective. Systems and controls should be designed to manage the risk of management override of controls.