A new era: using the internal audit to spot fraud.

• Author: Davis, A. Christine

Numerous headlines regarding recent litigation cases tell the tale: a strong internal audit group can be the most effective weapon for stopping fraud in its tracks.

An effective internal audit group can do everything from evaluating the substance of transactions and testing for compliance with GAAP and accounting and financial reporting procedures, to blowing the whistle on alleged financial statement fraud.

[ILLUSTRATION OMITTED]

No longer is an internal audit function merely an option or recommendation. Also gone are the days when the external auditors may perform the internal audit function.

A review of litigation matters from the last few years in which financial statement fraud was allegedly perpetrated shows that senior management had undermined or tried to suppress the effectiveness of the internal audit function. Findings of internal auditors were either ignored, especially when red flags were raised, or the responsibility for internal audits was outsourced to external auditors.

INTERNAL CONTROL AND THE INTERNAL AUDITOR

Internal control over financial reporting is defined by the Sarbanes-Oxley Act as a "process designed by, or under the supervision of [the CEO and CFO, or equivalent individuals] ... to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles and includes those policies and procedures that:

"(1) pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions ...;

"(2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures ... are being made only in accordance with authorizations of management and directors; and

"(3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the issuer's assets that could have a material effect on the financial statements."

KNOW WHAT TO LOOK FOR

The internal audit group is expected to be knowledgeable with the GAAP applicable to its company's transactions in this new era of SOX. The SEC requires that the internal control report disclose any material weaknesses in the company's internal control over financial reporting. PCAOB Auditing Standard No. 2 defines material weakness as...