Thank you for joining us for our session. Every year millions of dollars are lost to fraud due to a wide variety of factors. Fundamentally, organisations should have robust internal control procedures to limit the risk of fraud, and internal audit’s role is to assess these controls.
In addition to our guest speaker, we are also joined by Liz Sandwith, our Chief Professional Practices Advisor and our chair Piyush Fatania, Head of Audit, Risk, Assurance and Insurance Services for Gloucestershire County Council, and a member of our Council.
Chair's opening comments
Welcome to our Local Authority Forum.
Fraud is a forever war. It rages 24/7 perpetrated by combatants at all levels of sophistication. Internal audit and councils therefore need the tools, skills and knowledge to prevent fraud. Our speaker today is Andrea Deegan, Forensic and Fraud Risk Services Director at RSM UK.
Role of internal audit
Key tools and approaches
Common themes for internal audit
Things for internal audit to think about
Click here for details of our live virtual training course on auditing fraud and financial crime.
Chair's closing comments
It is often said that the best detectives are those who think like a criminal. As auditors, we should be thinking about what fraudsters are after. What is of value to them? We need to be alert to what is changing in our world – for example, is there a heightened risk of pension fraud as a consequence of the pandemic?
In our next LA forum on 29 September we will use Risk in Focus 2022 as the basis for discussion.
Organisations and their internal audit functions face a dizzying pace of change and unprecedented uncertainty. The world has changed. Internal audit must change too.
The IPPF is currently under review. Please take time to complete this IIA Global survey by 31 August.
Our Internal Audit Conference is open for booking – click here for details.
Thank you for attending. As always if you have any ideas or suggestions for what we might include in future agendas please contact Liz Sandwith firstname.lastname@example.org
Q In addition to fraud, there is also error. Some of the move to remote-working has led to reduced quality checks not picking up errors. Also, we’ve found culture to be important in addressing management behaviour. How do you measure culture?
A Looking at root cause is really important. It’s essential to understand why something happened - the outcome of an investigation determines the course of action that's taken. It’s not always fraud.
Measuring culture can be a challenge. Virtual working as a result of pandemic has been beneficial in some of our sectors to gain real-time assessments and insights. Establishing robust KPIs at the outset is important and they should be reflective of realistic organisational goals. For example, an uptake in the number of fraud referrals and breadth of where they come from is a good indicator that an awareness campaign landed, rather than just ticking the box that a campaign was done. Similarly, an increase in conflict-of-interest declarations for example can be used to demonstrate culture and that employees have a good awareness of what is and isn’t acceptable practice.
Q There is an expectation that the effectiveness of fraud-related work and strategies are suitably measured – can you give an example of how we can measure effectiveness?
A When putting the counter fraud strategy together, work out what you want to achieve, then work back from that to say what measures are needed to demonstrate this. We’ve talked about awareness. Also, measuring prevention work - what area of policies have internal audit been involved in reviewing, have changes been embedded? Having identified a weakness, go back after making a change and look at what differences can be seen in data, financial or otherwise. Put indicators in place that show that the counter-fraud strategy was successful and demonstrates that the investment in resource or change was effective.
Q Where does internal audit’s role sit alongside a counter-fraud team?
A Seeing much more collaborative approaches, not joint working but having specialist input. So long as work is risk assessed at the outset to remove any risk around self-review from internal audit’s perspective. Counter-fraud will often be able to advise and help internal audit in terms of next steps.
Q Having moved into internal audit from counter-fraud and then returned, it has enhanced the quality of work. Now we issue a management letter after the investigation to highlight the control weaknesses that led to the fraud/error. Does that resonate?
A Agree. We encourage our counter-fraud team to think like internal auditors. It’s about moving beyond the criminality to look at internal controls too.
Q Are traditional ‘red-flags’ still valid?
A Yes, although now there is possibly more opportunity for people to obtain ‘fancy goods’ without obvious means. It's important to look at indicators as a whole and beyond indicators. Someone not taking holiday doesn’t mean they are committing fraud for instance. The education sector recently published a list of key indicators for example which can be a useful reference.