Mochammad Marsha Dhia

Dhanez Wastu Dharmesta

Raditya Mahendra
IUP Accounting
Internal Audit

About CBOK
CBOK is the worlds largest ongoing study of the internal audit profession,
consisting of two phases: the Practitioner Survey and the Stakeholder Survey.
The first phase is led by The IIA Research Foundation (IIARF) and supported by IIA
institutes and chapters around the world to include comprehensive studies of
practitioners at all levels. The second phase is a global study consisting of audit
stakeholder perspectives (senior management, audit committees, and boards)
and will complement the findings of the practitioner study. The results of this
combined research will provide a rich overview of how the profession is currently
being practiced and changes that are anticipated in the future.
One of the key components of CBOK 2015 is the global practitioner survey, which
provides a comprehensive look at the activities and characteristics of internal
auditors worldwide. This project builds on two previous global surveys of internal
audit practitioners conducted by The IIA Research Foundation in 2006 (9,366
responses) and 2010 (13,582 responses).
Definition by IIAs Standards:
Any illegal act characterized by deceit, concealment, or violation of trust.
These acts are not dependent upon the threat of violence or physical force.
Frauds are perpetrated by parties and organizations to obtain money, property,
or services; to avoid payment or loss of services; or to secure personal or
business advantage.
Auditor responsibility about fraud risk

1210: Proficiency (1210.A2) Internal auditors must have sufficient

knowledge to evaluate the risk of fraud
2120: Risk Management (2120.A2) The internal audit activity must
evaluate the potential for the occurrence of fraud and how the
organization manages fraud risk.
2210: Engagement Objectives (2210.A2) Internal auditors must consider
the probability of significant errors, fraud, noncompliance, and other
exposures when developing the engagement objectives.

COSO Principle 8 states that the organization considers the potential for fraud in
assessing risks to the achievement of objectives.

The Global Focus on Fraud Risk

1.
2.
3.
4.

Internal Audit May Prioritize Fraud Risk More Than Management

South Asia Has Highest Focus on Fraud Risk
Focus on Fraud Risk is Highest in Privately Held Organizations
Fraud Adds Value After Other Activities (i.e. assuring the adequacy and
effectiveness of the internal control system)
5. Fraud Risk Skills Are Being Recruited Moderately

Mochammad Marsha Dhia

Dhanez Wastu Dharmesta
Raditya Mahendra
IUP Accounting
Internal Audit

Fraud risk is important to executive management and CAEs in a way that

CAEs put more focus on fraud risk. Shareholders, especially in developing
markets, emphasize their company to be anti-fraud and therefore
developing management control towards fraud risk is essential.

Internal Audit Responsibility for Fraud Prevention and

Detection
Departments in Internal Audit have no responsibility for fraud detection.
Assigning the internal audit department with all of the responsibility for fraud
prevention and detection goes against the Standards and good practice.
Internal Auditors at Private Companies are more involved with Fraud Risk. The
responsibility differs between the organization types. Larger departments also
tend to have more responsibility. To exterminate fraud risk, it is better to use a
coordinated approach to fraud risk.

To conclude, internal auditors responsibility largely depends on the

organization culture, maturity, and the internal audit vision/positioning
within the organization. For smaller organizations, it may not be feasible
to maintain separate internal audit and investigations teams. However,
when internal audit engages extensively in fraud investigations, it may
not be able to add the most value to the organization.

Internal Audit Capabilities in Responding to Fraud Risk

Internal Auditors seem confident in fraud risk skills, even few of internal auditors
have fraud-related certificationsOnly 6% of internal auditors globally (5% in
2010) have a fraud examiner certification, such as the ACFEs certified fraud
examiner (CFE) certificationand some argue that without certification doesnt
mean that you cannot assess fraud risk.

Internal Auditors should be able to have the skills required when it comes
to assess fraud risk. Regular training is required, and from the
technological point of view, data analytics is used by internal auditors to
identify fraud and fraud red flags.

Five Ways to Improve Internal Audits Approach to Fraud

Risk
1. Establish internal audits role regarding fraud
2. Educate management about risk
3. Be proactive in addressing fraud risk

Mochammad Marsha Dhia

Dhanez Wastu Dharmesta
Raditya Mahendra
IUP Accounting
Internal Audit
4. Build a database of previous lessons learned
5. Create access to the right skills