Audit & Risk

Half of companies fall short on fraud risk management

New survey finds that nearly half of businesses believe they lack the internal resources to be able to effectively manage the risk of fraud.

in News.

Article Image

Nearly half of companies fail to conduct a formal fraud risk assessment on an annual basis, a new survey of US companies has shown, highlighting just how many businesses are leaving themselves exposed to white collar crime. 

Not only that, more than a quarter have never implemented a formal fraud risk assessment, the joint study by consulting firm Protiviti and the Economic Crime and Justice Studies Department at Utica College has shown.

Companies face a number of challenges in effectively and proactively managing fraud risk. Of these the limited availability of internal resources was cited by 47 per cent of respondents as the biggest. Meanwhile, 31 per cent said that their company lacks a unified fraud risk management strategy and 29 per cent reported that fraud and misconduct is not considered high risk to the organisation. 

In the majority of cases the chief financial officer is designated responsibility for fraud risk management within organisations (18 per cent), followed by the chief legal officer, internal audit director and the chief risk officer, who each have prime responsibility in 13 per cent of those companies surveyed. 

When it comes to combatting fraud, the majority of companies run ethics and fraud awareness training programmes, although only 46 per cent conduct these every year and more than half lack a fraud detection programme. Most respondents reported that their company has a telephone hotline, website or electronic mailbox for employees to report fraud, only 13 per cent regularly conduct surprise audits.

“Fraud detection techniques, such as having a code of conduct set in place, employee background checks, awareness training, third-party due diligence and surprise audits, are crucial in not only detecting risk, but also proactively preparing for future threats,” said Donald Rebovich, professor of criminal justice and executive director of the Centre for Identity Management and Information Protection at Utica College. “A programme that engages all levels and departments in prevention and detection is vital to a company’s financial health and reputation.”

Read the full report here

The IIA: find out more

Visit the main IIA site


IT Audit Assistant Manager

Grade: Assistant Manager
Business Unit: Consulting
Location: Birmingham
Reporting to IT Audit Directors and Partners

Internal Auditor (Qualified Senior to Assistant Manager)

Grade: Qualified Senior or Assistant Manager
Business Unit: Governance, Risk, & Internal Controls – Public Sector
Location: London, City (Tower Bridge House)
Reporting to Internal Audit Managers and Partner
Key Relationships: Internal Audit Team, new and existing clients

Audit Senior

Grade: Senior
Business Unit: Audit and Assurance
Location: Poole
Key Relationships: Business Unit Leader, Appraising Manager, Assignment Team, Audit Managers, Audit Partners and Clients

Careers advice

Chartered by Experience

There is a new route to becoming a chartered internal auditor: Chartered by Experience.

Room to grow

If you feel stuck in your role or sector, yet are keen to progress in an internal auditing career, what are your options? You could become a non-executive director or contribute your experience to higher education, suggests Ann Brook CFIIA.

Time to volunteer

Rachel Bowden, chair of the IIA’s Guidance Working Group, explains why she started volunteering and what she has gained from the experience.

Training & Development

CPD: work in progress

Staying up to date is essential if you want to have a successful career in internal audit – and the IIA’s CPD competency framework is designed to help.

Tap into a rich resource

The IIA's website has loads of useful and important resources for members and the institute is committed to improving services by putting digital at its heart. So what is available – and where can you find it?


Mapping the road to assurance

Assurance maps are a vital tool that guide internal audits and give audit committees peace of mind. Sandie Dawson, director at Dawson Corporate Advisory, offers insight into effective assurance mapping.

Practical approaches to auditing culture

Corporate culture is high on audit committees' agendas, but few understand what to look for and how to measure something as nebulous and intangible as culture. Alexander Glebovskiy, internal auditor at an FCA-regulated firm, shares his advice.

Need for speed: risk velocity in control design

The importance of velocity as a risk assessment factor has been widely acknowledged by the risk management community in recent years. But so far the profession has largely failed to agree on a meaningful concept for measuring and weighting velocity as a risk factor. Maybe a simplistic approach can help, write Matt Rigby and Christian Thurow.