Whose job is it anyway?

Internal Auditor, April, 2007 by Anne Millage

THE RESPONSIBILITY FOR PREVENTING AND DETECTING FRAUD HAS long been debated. Management often believes it's internal auditing's job. But internal auditors know that, although they have an important role to play in fraud prevention and detection, ultimately, the responsibility falls on management.

The IIA's International Standards for the Professional Practice of Internal Auditing clearly states that the internal auditor "should have sufficient knowledge to identify the indicators of fraud but is not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud." And, a position paper from the IIA-UK and Ireland says "the primary responsibility for the prevention, detection, and investigation of fraud rests with management."

According to the experts in this month's cover story, "The Fraud Disconnect" (see page 38), managers aren't necessarily shirking their duties, but rather they often do not realize that responsibility for fraud prevention and detection is part of their job description, believing instead that it falls under auditing's purview. And that's where communication between internal auditing and management is lacking. "Internal auditing has to establish its role within the organization, and this starts at the top," internal auditor Tom Tobin tells readers. "There has to be a dialogue between the chief audit executive and senior management and the audit committee to ensure respective roles and responsibilities are clear and accepted."

Internal auditing's level of participation in fraud prevention and detection varies among companies, but the challenge is the same. According to author Neil Baker, it is "getting managers to understand where internal audit responsibility for fraud ends and where management responsibility starts, and eliminating the disconnect in between." In his article, Baker talks to internal auditors from around the world to discover how they tackle this thorny issue.

On a related subject, a new study by the National Bureau of Economic Research reveals that provisions in the U.S. Sarbanes-Oxley Act of 2002 created to encourage fraud reporting may not be working as intended. Read "Sarbanes-Oxley Changes Sources of Whistleblowing" on page 18 to discover how incentives to report fraud have changed since the act took effect and how that is affecting who blows the whistle.

Want to read more on fraud? This month's "Fraud Findings," on page 87, reveals how a vice chairman used his employees to help him defraud his organization of US $500,000 over a 10-year period. And, just to throw another twist into the responsibility question, what happens when the fraud occurs in the audit shop and management is internal auditing? Read this month's "Ask the Experts" on page 83 to find out.