Johannesburg, South Africa- Jan 22, 2015 – According to the recent Global Economic Crime Survey, *69% of South Africa's business leaders, government officials and private individuals have experienced some form of economic crime over a two year period.
As IT products advance, so too does the opportunity for fraudsters to take advantage of the increased layers of anonymity and online availability of personal information, thus allowing them to be more brazen. Despite corporate fraud being on the rise, the toughening economic climate has also reminded businesses of the importance of preventative measures in curbing corporate fraud.
Businesses are now more aware of the important elements that require attention in order to put them in an ideal position to spot fraud and protect their information. With that said however, many businesses are still operating on a reactive basis.
So why aren't more companies making use of internal audits? Quite simply, in several instances, they don't understand it; they believe that the internal audit function can be rather expensive and is only meant for big business. The internal audit function is a great tool for any business as it is a collaboration between management and the internal auditor. It requires management's input and experience of the business and brings the internal auditor's knowledge and expertise to identify potential risks, which management might not have considered.
The internal auditor also assists management in focusing on the important risks – for example, focusing on who has access to the company's bank account and can singlehandedly authorise large transactions rather than R100 in the petty cash box. Another common mistake is the belief that advanced IT systems will protect companies from risk. While these systems play an important role by introducing both efficiencies and security, it is essential that they are regularly monitored and managed.
Currently, two buzzwords in the internal audit environment are “combined assurance” and “co-sourced”. Once the risks have been properly identified, combined assurance allows management to mitigate risks in a myriad of ways by using several service providers, many of whom the company has already engaged. This includes insurance providers, external auditors, regulatory bodies, the independent board of directors, IT service providers and the internal auditors, to name a few. Management should rely on all of these parties to mitigate the risks faced by their business. This limits the cost of internal audit and allows management to focus on their different risk ‘mitigators'.
By co-sourcing the internal audit function, management can accept a level of responsibility by providing an oversight role and checking that the controls which should be operating, are in fact in place. Co-sourcing reduces the level of involvement for the internal auditor.
Prevention is the key in thwarting corporate fraud and it is imperative to be cognisant of the loopholes. The opportunities for fraud to be committed will continue to exist as long as a business exists and grows. We need to realise how much fraud can cost us before we realise how affordable prevention can be.