Question 724 - IIA-CIA-Part1 discussion

If fraud is suspected during an audit engagement, the internal audit activity should first expand audit testing to gather sufficient and appropriate evidence to confirm or dispel the suspicion2.This may involve applying additional or alternative audit procedures, such as data analysis, interviews, observations, or confirmations3.The internal audit activity should also document the results of the expanded audit testing and communicate them to the appropriate parties in accordance with the organization's policies and procedures4.

1: CIA Exam Practice Questions - Certified Internal Auditor 20192: Fraud and Internal Audit | Grant Thornton53: FRAUD AND INTERNAL AUDIT IIA POSITION PAPER FRAUD AND INTERNAL AUDIT Assurance Over Fraud Controls Fundamental to Success Introduction Every year billions of dollars are lost to fraud and corruption resulting in inefficiencies, aborted projects, financial challenges, organizational failure, and, in extreme cases, humanitarian disaster. Often fraud occurs because of poorly designed controls and weak governance undermining the organization's processes. Organizations should have robust internal control procedures to limit the risk of fraud, and internal audit's role is to assess these controls. Fundamental Fraud Facts Fraud can be defined as any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage. Fraud is not unique to any organization type. It occurs in public and privately owned businesses, not-for-profit, in organizations that seek to contribute to economic and social well-being, such as government departments, financial institutions, and public and private utilities (water, electricity, education, health care, etc.). In short, the opportunity to commit fraud exists everywhere. How organizations deal with the risk of fraud may be influenced by legal jurisdiction and the organization's own risk assessment and appetite. Fraud can often lead to litigation, dismissal, and recovery of assets. It is essential, therefore, that any investigation is undertaken by suitably qualified individuals to reduce the risk of compromising evidence, accusing wrongfully, or undermining prospective legal actions. Consistent with The IIA's International Standards for the Professional Practice of Internal Auditing on proficiency (1210.A2), internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization. KEY TAKEAWAYS Organizations should have robust internal control procedures to limit the risk of fraud, and internal audit's role is to assess these controls. The organization should have a suitable fraud prevention and response plan in place allowing effective limitation and swift response to the identification of fraud and management of the situation. This should include digital data. The chief audit executive should consider how the risk of fraud is managed across the organization and assess the fraud risk exposure periodically. The risk of fraud should be included in the audit plan and each audit assignment to evaluate the adequacy of anti-fraud controls. Internal auditors should not investigate fraud unless they have the specific experience and expertise required to do so. The IIA's Perspective Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations.Its role includes detecting, preventing, and monitoring fraud risks and addressing those risks in audits and investigations.1, p.44: Standard 2400 -- Communicating Results - The Institute of Internal Auditors or The IIA