I found an article this week in regards to our discussion this past Saturday on the need for strong internal controls to prevent fraud in the workplace. The article discussed ways on improving internal controls already in place. Recommendations included improving communication with stakeholders, segregating duties, implementing and testing controls on mission critical technologies, and conducting period risk assessments. The author goes on to say that employees must change their attitude toward auditors and work with them as an ally to improve any weak controls that could make the organization vulnerable to fraud.
From my experience working in the corporate world, I concur with what the author is saying. Auditors are typically seen as a policing body who point out everything wrong within a business unit or department of an organization. I’ve been a part of interviews during internal audits and have been told to provide auditors with just enough information to answer their questions. I was told not to elaborate on any specific items. To me, part of improving weak internal controls is to provide auditors with adequate information so that they can give sound recommendations on improvement. There is often a misconception that the implementation of internal controls is the responsibility of auditors. This is in fact not the case. Auditors test the effectiveness of internal controls but they don’t own them. Therefore, it is important to work with them and implement policies, procedures, and processes that reduce the likelihood of fraud from occurring. While the ‘tone’ within the organization may dictate the attitude toward fraud, auditors, and internal controls in general, doing the right things the right way can certainly better protect an organization’s and its customers’ assets from a fraud perspective.