Food for Thought: Key Learnings from Exiger’s Roundtable on Auditing Fraud
"Food for Thought" is a series showcasing insights and best practices from Exiger's roundtables, where senior professionals and thought leaders come together to discuss the latest industry developments over a bite to eat.
Recent high-profile regulatory enforcement actions have pushed fraud to the top of the agenda for auditors in 2019. When fraud is perpetrated by bank staff or third parties, it can often result in other financial risks such as credit and market risk, as well as non-financial risks such as cyber, money laundering, sanctions or corruption risk.
Uncovering the control breakdowns that could indicate heightened fraud risk isn’t easy though, given the challenges many audit functions face with:
Raising awareness of fraud within the business.
Enabling auditors to better understand fraud risk dynamics, as well as how to prioritise fraud risk coverage effectively. This is especially the case given that fraud risk is potentially everywhere and the dynamics of fraud are continually shifting in light of new products, business channels and technologies.
Senior internal auditors at a range of financial institutions joined us for a roundtable in London to benchmark their approach to auditing fraud – and to discuss emerging typologies, training and the role of new technology.
'Know your employee'
Fraud risk can often come from within. As a result, auditors need not only ‘know your customer’, but also to ‘know your employee’. This means looking at a different set of typologies along with different motivating factors for committing fraudulent acts.
The fraud triangle is an invaluable tool to help auditors understand fraud risk dynamics and identify parts of a business that have a higher risk of internal or external fraud. People are motivated to commit fraud for a variety of reasons – including financial and non-financial factors. Whilst fraud committed by external actors is often motivated by financial gain, employee fraud can be driven by more subtle factors such as an employee lying to hide poor performance so it does not negatively impact on annual performance reviews.
Conduct risk and fraud risk are interrelated. But the key differentiator is whether someone intentionally lies or tries to cover up their poor conduct.
Audit coverage: where to start?
A key challenge for auditing fraud risk is knowing where to start. As responsibilities for managing fraud risk are spread across numerous different functions, auditing fraud risk can’t simply be left to the fraud or financial crime audit team – it must be on the radar of all audit teams. Some firms have found that targeted fraud audit awareness training across the audit function has helped to raise the bar for auditors. Another approach is to offer training to specialist fraud audit teams who then organise fraud risk workshops to assist other audit teams to identify the potential for fraud risk within their portion of the business. These workshops can help audit teams identify and recognise that the controls that mitigate fraud risk also mitigate other key risks, such as money laundering risk or credit risk.
Simulated exercises can be conducted during these workshops that utilise the fraud triangle methodology. They are a useful tool that allow stakeholders to think like a fraudster for an hour. In turn, this aids them in identifying weaknesses in key processes and controls that may drive fraud risk and control enhancements.
Auditing new technologies
From facial recognition to artificial intelligence, financial institutions are utilising new technologies to enhance the customer experience and drive more effective and efficient compliance processes. A key challenge for auditing fraud is that many of these technology solutions remain ‘black boxes’, where auditors have an insufficient understanding of how the tools work, if they adequately mitigate fraud risk and if they suffer from any inherent bias based on previous pattern recognition.
Innovative financial institutions are utilising multi-disciplinary teams that contain data analytics experts to help root out latent fraud risks. The most effective solutions are often those that see technology integrated with and trained by fraud experts.
We're here to help
Exiger is a global authority on regulatory compliance. We have worked with financial services firms and regulators across the world to enhance and assess the effectiveness of financial crime programmes.
- White paper:
Read our white paper on how auditors can raise the bar in auditing financial crime risk.
Read white paper >
- Benchmark your audit approach:
By attending our next financial crime audit roundtable.
Request an invitation >
- Compliance audit, assurance & testing:
Read more about our audit and assurance services.
Find out more >