Page 69 - IAT_April_2025

Page 69 - IAT_April_2025_Magazine

P. 69

Under the Surface
viewpoints
The Shifting Fraud Landscape
c lt re dit
i pr ctice It’s esse ti l th t i ter l ditors eep p with the l test fr d tre ds d tools.

Many valuable insights can be gleaned
from this culture audit example. For
instance, this internal audit function has Wh t re so e fewer people were writing checks like the old days.
a strong culture, formal authority, and c rre t fr d checks, it wasn’t antici- Why is it happening?
level 1: level 2: espoused level 3: underlying seems to value perceived objectivity tre ds? pated we were going to Maybe fraudsters think
artifacts values assumptions and independence over relationships Organizations are see- see this reemergence. financial institutions

Dress Code Mission Statement, Core Values How to Work Together with stakeholders. Perceptions may ing a lot of fraud today. It’s plaguing quite a aren’t paying attention to
Formal Created 10 years Follow the chain of matter more than substance, and Especially in the finan- few organizations. checks as much as they
ago, not updated. command only. rigor and process more than critical cial industry, we’re see- And it comes in all used to. They don’t have
Language Holly Ray forms: altered checks, the appropriate controls
Technical, profes sional, Charter Behaviors That Lead to thinking or innovation. A risk is that Senior Manager, Fraud and ing the reemergence of
internal audit jargon. Unfettered access. Success or Failure the department may not be seen as Financial Crime Technology check fraud. Given there washed checks, forged in place, probably.
Consulting, EY
Come in early a trusted advisor and may become was a big digital shift checks, and then just We’re also seeing a lot
Talent Management Docs
Technology (appraisal, development, competency) and stay late. ineffective, as evidenced by: during COVID- where straight-up counterfeit of digital identity fraud,
Pen and paper. Annual appraisal • A culture that reacts to change slowly
Safety
Stories & Myths process matches with Never challenge the boss. and poorly, possibly rendering it
Internal audit is all the organization. ineffective.
about the “gotcha!” Blanket raises for Don’t rock the boat. • Disincentives to work efficiently:
the department. Perceptions of Power
Visible Traditions Presenteeism or “being there” is valued
Formal opening and Procedures, Training Guides Chain of command only. highly, and there is a lack of merit pay.
closing meetings. Outdated procedures. How Decisions Are Made • Cross-departmental relationships
No attendance at Reporting Structure Follow last year’s that are formal and potentially
company events. Audit committee. workpapers. confrontational, which can lead to a
lack of trust and stakeholders who
withhold information.
• A chain of command and a “we have
always done it this way” mentality that
can ultimately dampen critical thinking,
audit quality, and stakeholder value.
viewpoints
Internal Auditor 79 June 2024
Internal Auditor 55 June 2024 where fraudsters are Who is co itti he or she will sell it on test the bank’s response testing, control enhance-
creating synthetic IDs. fr d? social media for and thresholds, using ment recommenda-
They’re taking bits and Depending on the type each, and many differ- small-dollar amounts, tions, and ongoing mon-
pieces of information of fraud, there are indi- ent kinds of people will and they’ll go back and itoring. Internal audit,
from real individuals and viduals who are just buy that playbook and refine the fraud. They compliance, and other
pulling these together to reacting out of oppor- commit those frauds in test it on a small scale, groups often work hand
create a completely new tunity. But there also small-dollar amounts. and then they reorganize in hand to tackle fraud
identity that doesn’t exist. are very large, organized In a known network, a themselves to do it on a Holly Tucker risk management across
With that, they’re able networks. Maybe it’s a group of organized indi- very large scale. Partner, Deloitte Financial the enterprise.
to establish credit, open known network or an viduals comes together Advisory Services LLP
accounts, and ultimately unknown network. specifically to com- Wh t re the Wh t fr d
defraud institutions as In an unknown net- mit a fraud. If it’s a data bi est ch lle es Wh t is i ter l co trols re ofte
well as individuals. Keep work, for example, an breach, the target could i c tchi fr d? dit’s role i overloo ed?
in mind, it’s not just insider who knows the be any type of busi- Fraud is one of those fi hti or - Some organizations rely
affecting banks, because ins and outs of how an ness. If it’s in the finan- exciting spaces to work i
tio l fr d? solely on controls stem-
to establish an identity institution works puts cial sector, maybe they in because it’s always Internal audit’s role in ming from the U.S.
and credit line, fraudsters together a step-by-step are focusing on a par- changing. Today it’s preventing, detecting, Sarbanes-Oxley Act of
have to hit all the differ- playbook on how to ticular type of payment, checks; tomorrow it and monitoring fraud has for their fraud pre-
ent areas like retail stores defraud the company check, or wire. They might be wires. Or it’s evolved over the years, vention and detection
and healthcare. or an individual. Then will work together to synthetic IDs. So, one of and internal audit teams efforts, but fraud is bigger
the biggest challenges are now often deeply than that. Controls that
is knowing what you’re involved in — and some- are often overlooked are
looking for, knowing times leading — an orga- operational in nature. For
how the fraud scheme nization’s fraud risk example, the geographies
Fraud is one of those exciting spaces to is being perpetrated — assessment process. in which a company
work in because it’s always changing. but then also having the We increasingly see has operations can pose
Today it’s checks; tomorrow it might tools in place to help internal auditors lever- fraud risks. Certain prod-
age fraud risk assess-
identify those things.
ucts may have unique
be wires. Or it’s synthetic IDs. So, one You have to continually ment results, prior inves- fraud risks. Changes
refine your processes,
tigations, case informa-
within the organiza-
of the biggest challenges is knowing workforce, and tools and tion from whistleblower tion, such as an acquisi-
what you’re looking for, knowing how make sure you’re keep- hotlines, and other tion, divesture, or exec-
internal data to drive
utive management turn-
ing up with evolving
the fraud scheme is being perpetrated. fraud trends. insights in fraud control over, also can increase
INTERNAL AUDIT TODAY 66
Internal Auditor 80 June 2024

64 65 66 67 68 69 70 71 72 73