Auditing Financial Crime and Fraud: Planning Ahead for 2019

Many auditors at this time of year are deep in annual planning activities for 2019. Whilst preparing audit plans for the coming year, internal audit functions are finding that they face a variety of challenges posed by the new technology their business and anti-financial crime teams are deploying – such as robotics, artificial intelligence or machine learning. Forward looking auditors are therefore already utilising, or exploring how to utilise, data analytics to level the playing field to more effectively assess the control environment and mitigate financial crime and fraud risk.Senior internal audit professionals who oversee financial crime and fraud risk at leading financial institutions attended a roundtable breakfast hosted by Exiger in London. Below is a summary of their thoughts on key priorities for 2019, as well as the role of technology and data analytics in audit.Top priorities for 2019In a survey of those who attended, the following 5 areas won out as the top financial crime and fraud audit priorities for 2019:Financial crime & fraud detection & prevention systems Anti-fraud controlsCustomer due diligenceNew technologiesSecondary sanctionsIt’s not surprising to see that fraud is a hot topic for auditors. The Financial Conduct Authority Business Plan for 2018/19 specifically focuses on fraud and scams as a cross-sector priority for the year ahead. Many organisations are grappling with how to respond, and responsibility for mitigating fraud risk is often fragmented within financial services firms.Adoption of technologies by the business and the second line of defence, as well as shifts in the global sanctions regime, mean that new technologies and secondary sanctions work their way into the top 5.Technology & the role of data analyticsTo stay relevant, internal audit teams need to stay abreast of how the business operates and better understand the technologies they employ. The Board and regulators are unlikely to accept a ‘black box’ approach to auditing new technology solutions powered by artificial intelligence or predictive coding, especially if they influence risk management decisions. Such systems should not be outside the scope of internal audit due to a lack of understanding of how the technology works.Some internal audit teams from larger banks are increasingly employing data scientists who can utilise data analytics in a more powerful way. These more advanced teams measure the effectiveness of data analytics not merely by counting how many times they are used, but instead by focusing on the outcomes they help the auditors achieve – a more useful measure of effectiveness and therefore a step forward.Technology as a force multiplier for audits isn’t new, with computer assisted auditing techniques (CAATs) having been a staple of audit practice for the past decade. Modern data analytics tools and techniques are a significant step up however, allowing auditors to not only increase audit sample sizes, thus reducing audit risk, but to also join the dots between disparate, complex and large datasets much more easily to test things that simply could not be tested otherwise. Methods employed as part of this process include setting up data warehouses, using programming languages such as SQL or Python and utilising data visualisation tools like Tableau. Data visualisation tools enable auditors to identify anomalies and outliers that could indicate fraud or financial crime far more effectively. Some audit teams are also exploring the use of machine learning technologies to enable automation of routine audit tests – such as KYC file testing.As part of this technology-enabled approach, audit professionals who understand financial crime and fraud risks are being trained to understand data so they are equipped to ask a broader range of questions, helping to flag items that warrant further investigation. With the right expertise and technology, there may no longer be the need to throw bodies at so many manual audit testing tasks.An expertise mismatch?Finding and retaining people with the right subject matter expertise is an ongoing challenge for audit departments. Despite fraud being a key priority for 2019, only 4 out of 12 respondents to our roundtable questionnaire said they had fraud expertise on their team.Similarly, other than the larger banks many smaller organisations lack dedicated data analytics experts within their internal audit function who know enough about audit to offer insight, or vice versa. Training programmes at larger organisations are beginning to redress this balance by including data analytics as part of their agenda.As we creep closer to 2019, internal auditors need to ask themselves some important questions: is your audit approach up to speed with the new technology-enabled way their business works? And, is there a role data analytics can play to enhance your audit plan delivery? If so, do you have the right skillset in your team?We’re here to helpExiger is a global authority on regulatory compliance. We have worked with financial services firms and regulators across the world to enhance and assess the effectiveness of financial crime programmes.White paper: Read our white paper on how auditors can raise the bar in auditing financial crime risk. Read white paper >Benchmark your audit approach: By attending our next financial crime audit roundtable.  Request more information >Audit support:Read more about our audit and assurance services.  Find out more >