A Call for Internal/External Audit practices improvement- for Fraud Detection

According to the “Report to the Nations - 2018 Global Study on Occupational Fraud & Abuse”, specifically on the “How is occupational fraud initially detected?” in organizations, “External Audit” represented 4% of the responses compared to 15% for “Internal Audit”. Yet it is so far, “What anti-fraud controls are most common?” the main control and line of defense that enterprises rely on – with 80% for external audit on financial statements and 67% for external audit on internal controls. Internal audit was the control of detection for 73% of respondents. Internal Audit was found to be more efficient in detecting fraud with median fraud duration and loss that is close to 50% less compared to External Audit.  (12 months, ~$108k) vs. (23 months, ~$250k).  from the figures we can see that organizations rely mainly on audit (either internal or external) while its contribution to detection is limited compared to the other detection methods (ref the detailed report for details). The reasons could include but not limited to: (1) current approaches used in performing the audit are still classical and lack agility (2) today businesses are becoming more complex with hybrid operating models, (3) border less organizations delivering across the globe in challenging market demands, (4) operations high reliance on technologies and automation, (5) advanced fraud techniques and increased opportunities – to mention some.

It is interesting to see that “How is occupational fraud initially detected in the Middle East and North Africa?” external audit contributed to only 2% compared to 20% for internal audit. When these figures are compared to “What anti-fraud controls are the most common in the Middle East and North Africa”: it is again External Audit on financial statements and financial reporting from one side (93%, 69%) and internal audit on internal controls at 85% from the other side.

While I have some reservation on the survey population for Middle East region (it is not representative, narrow with limited contribution) the overall figures are not contradicting with expectations and trends captured in the other regions. There is always a percentage of deviation which can be improved by careful selection of the survey population and the used analysis techniques.

In conclusion, Audit will continue to be a corner stone in the assurance layers of defense, however, organizations need to improve their audit strategies, techniques and consider the adoption of technologies like Artificial Intelligence (AI), Machine Learning, Deep Learning and Robotics where applicable to enhance the Audit performance and outcomes.