The Association of Certified Fraud Examiners estimates that outside auditors discover only about 3 percent of organizational frauds, while internal audit departments find a little over 14 percent. Private corporations and small business have responded to rising fraud risk by beefing up internal audit departments. This has led to an emphasis on concepts like continuous monitoring and continuous auditing of business transactions and accounting activity.
The American Institute of Certified Public Accounts recommends that auditors find where a company is vulnerable to fraud, assess the risk of material misrepresentation and fraud by management, determine where fraud is likely, and use unscheduled activities such as surprise inventory counts and departmental visits to observe business operations. Discrepancies found during a routine audit may not pass the test of materiality -- that is, may not be considered significant -- and be reduced to a small notation in the audit report or not noted at all. An audit concerned with finding fraud, on the other hand, will look at discrepancies in a different light and in more detail, even if they appear small, to see if they may signal the presence of fraud.
Internal controls within an organization are checkpoints in the flow of business transactions. They are places where a transaction must be documented, approved, or sent to a different individual or department for authorization or some further action. Each checkpoint, or internal control, introduces a requirement that is intended to validate the transaction and create a paper trail. Auditing for fraud often starts with an examination of the internal controls of a particular department. The next step to the auditing process of each particular department is an analysis of source documents generated by transactions to determine any signs of forgery or alteration. This is true with internal documents and signatures as well as outside invoices. Confirmation of transactions requires correspondence with customers and vendors, interviews and account reconciliations.
Methods of auditing now include the use of software to apply statistical measurement of accounting data to highlight suspicious or questionable transactions. Continuous monitoring of information entered into the accounting system strengthens internal controls. One common risk area for fraud is accounts payable. Expense reimbursements, employee credit accounts and payments to suppliers and other vendors are easily manipulated. One auditing technique involves combining and comparing data: information from check registers, bank statements and accounts payable information is entered into the same database and compared, and can detect discrepancies. Computer analysis software that conducts trend analysis of accounts can show accounts trending higher or lower than other similar ones, which can signal kickbacks, phony payments or fictitious vendor accounts. The same tools can be applied to audit accounts receivable, payroll, purchasing and inventory accounts.
When fraud is discovered, a trained fraud investigator or forensic accountant is necessary to complete an investigation and resolve the issue. While audits are conducted on a continuous or recurring schedule, fraud examinations must have sufficient predication. Audits are non-adversarial. Fraud examination is an adversarial process. A fraud examination involves gathering evidence, conducting interviews and testifying in court.