The Association of Certified Fraud Examiners’ (ACFE’s) 2012 Report to the Nations on Occupational Fraud and Abuse estimates the global cost of internal fraud at US $3.5 trillion, or 5 percent of total revenue. And, as we all know, internal fraud is only part of the picture.
Everything is moving faster these days, including fraudsters. Today, a rogue employee with a smartphone, given a weak enough control environment, could transfer significant sums of money offshore in the blink of an eye. According to the ACFE, the average fraudster takes US $160,000 out of a company before the fraud is detected. Little of that money is ever recovered.…
I recently spoke at a conference where one of the sessions was called “Four Most Dangerous Words in Finance.” It reminded me of a blog I wrote a few years ago called “Ten Things Not to Say in an Audit Report.” In that blog I wrote about types of things not to say. Beyond the categories of phrases or messages that I explored in that blog, however, lie a handful of words that are so useless or polarizing that they should be banished from the internal audit dictionary.
Words have power. A well-written audit report is a call to action. A poorly written report can result in inappropriate action, or no action at all.…
As we recently learned, NASDAQ has withdrawn a proposed new rule (PDF) requiring that companies listed on the exchange establish and maintain an internal audit function, citing push-back from issuers and others during the public comment period. Some companies and commenters didn’t see the value of an internal audit function. There weren’t a lot of comments, but there were enough that it was troubling to NASDAQ.
The Securities and Exchange Commission (SEC) received dozens of comments, both for and against the proposal, including an official endorsement from The IIA under my signature. I have never been an advocate for laws or regulations requiring an internal audit function because I believe that mandates diminish the perceived value of auditors as trusted advisers to senior management and audit committees.…
In an era of sophisticated data analytics, Larry Harrington, chief audit executive (CAE) of Massachusetts-based Raytheon Co., relies on a relatively old-school key performance indicator (KPI) to monitor how his internal auditors are helping the business become more successful: telephone calls from business partners asking for assistance.
Harrington references a call he recently received from the head of one of Raytheon’s larger business units. The general manager explained that an upcoming reorganization would eliminate several management positions, and he wanted to make sure the changes would not adversely affect internal controls and risk management processes. The general manager asked for internal audit’s help reviewing the plan before it was implemented, and Harrington obligingly dispatched a team to assist.…