Chair: Derek Jamieson, Regional Director, Chartered IIA UK and Ireland
Chair's opening commentsWelcome to the HOIA forum. A warm welcome to those of you who are attending the forum for the first time today. I hope you all enjoy the session and benefit from this investment of your time. Also, a warm welcome to those members of the Fraud forum who are attending today. Thank you for your participation. I am joined today by Liz Sandwith, Chief Professional Practices Advisor, Chartered IIA UK and Ireland. Today’s session is looking at fraud, a topic which continues to be a significant and increasing concern in many organisations across the sectors, particularly given the increasing financial constraints across the economy just now and for the foreseeable future. Our session is in two parts: Firstly, we are going to give you an update on the activities of our Fraud Forum which was established just over a year ago now. You may not be aware of the Forum, or its activities and we therefore thought it appropriate to update you so that you can consider whether you wish to become involved over the coming year. For those who are aware we thought it appropriate to share some of the topics which have been discussed and to let you hear the views and reflection from two of the initiating members who have helped shape the agenda this year. The second part of the session will focus on the question: Is internal audit sufficiently equipped to effectively consider the risk and potential existence of fraud as it undertakes its work? It is appropriate to recognise at this point that the role of internal audit in relation to fraud may differ across organisations and sector. For the purposes of the discussion today we are focussing on the development and delivery of the internal audit plan rather than any activities internal audit may be directly involved in to prevent or investigate fraud. So, in the context of delivering an internal audit plan are our teams sufficiently knowledgeable to consider fraud risk during planning and as they undertake and report their work? How good are they at:
I would like to welcome Rachel Hallam from Worcestershire County Council and Alan Rose from SSE. Rachel and Alan were in the initial group of members who helped establish the Fraud Forum and contribute to its future agenda and direction. Before we speak to Rachel and Alan, I would like to ask Liz Sandwith to provide a brief overview of the scope and key messages from our recent report “Fraud is on the rise – step up to the Challenge” as a backdrop for the session. Hopefully you have all read the report and if not, you will do so after today’s session. Over to you Liz. |
Please find attached a copy of the slides for the session. Notes below are supplementary.
Some key initial thoughts from Derek Jamieson, Chartered IIA
Discussion regarding the Fraud Forum – Alan and Rachel’s Reflections
Is internal audit sufficiently equipped to effectively consider the risk and potential existence of Fraud as it undertakes its work? Do you perceive that we could do better as auditors? Reflections from Alan, and Rachel
Do you see any key trends at the moment?
Where do your main concerns lie just now?
Chair's closing commentsThank you, Rachel and Alan. Please let me know if you would like to join the Fraud Forum next year. Please also let me know if there are any topics you wish this HIA Forum to cover in future meetings. We will take the comments forward from today’s session and for those who’ve asked about policy and guidance, put you in touch with Rachel and Alan to continue that discussion. Our next meeting is on 11 January and will focus on data analytics and artificial intelligence focussing on our recently published research report “Embracing Data Analytics” Looking further forward, February’s meeting is titled “is your scorecard balanced?” In preparation for this session, I aim to collate anonymised versions of as many scorecards as possible. To this end I would be delighted if you are able to send me suitably anonymised versions of your scorecards which I will collate and an analyse prior to the meeting. (derek.jamieson@iia.org.uk) As usual, notes and chat comments from today will be placed on our Community Hub pages in the next couple of days. |
Questions/Chat box comments
Comment: I'm more concerned that process owners have the arrangements in place to assess fraud risk and to have preventative and detective controls in place rather than to find fraud ourselves.
Response: We're trying to encourage the first line to take more responsibility, so I would agree with that completely, but with the starting point we had, we were very immature regarding fraud, since the word wasn't really mentioned, people didn't like mentioning it. It's raising that awareness, getting people engaged, getting that discussion into committee meetings, getting them to develop their own risk registers and encouraging them to put controls in place. It's a bit of a mix and from the discussions in the Fraud forum, the role of internal audit can vary from organisation to organisation as well.
Comment: In a way, increased reporting of fraud in the media, often because of poorly managed/controlled COVID-related schemes may create more fraud. "If everyone is at it, why shouldn't I get a piece of the action". Increased rationalization, coupled with the motivations you've mentioned.
Comment: We're lucky at our organisation. Out of our team of 6 we have 4 ACFSs who are also PACE trained, to enable us to also undertake fraud investigations. in addition to our assurance and consulting work. Although our internal Standards require that we consider fraud risk during every audit, we live and breathe fraud anyway.
Comment: we work to the government 013 counter fraud standard which means a fraud risk assessment formal process, additionally, for those risks above the acceptable risk threshold of the organisation, proactive work is undertaken to improve controls. This should be used to provide assurance and include proactive work in the internal audit plan to provide this assurance.
Comment: The Fraud Advisory Panel has some good practice on fraud policies, freely available on their website.
Question: Can anybody recommend any fraud training for internal auditor teams, as Derek discussed the impact of fraud identification following a course his team undertook?
Answer: The Institute has a Fraud and Financial Crime training course https://events.iia.org.uk/training-courses/live-virtual-courses/auditing-fraud-and-financial-crime/
Question: We've been asked to create a Fraud Red Flags Protocol. Has anyone done something similar or does the IIA have a template that might help with this?
Answer: https://www.acfe.com/ if you join them they have lists of these red flags and you can find some example lists of red flags on the internet. The best source comes from experienced managers in the business / risk team incident reports / deep dives / lessons learnt.