by Alex Movchan & Magdalena Wolska
“People show you who they are,
not by what they say, but by what they do.”
Jane Green, British journalist and writer
Probably, every internal auditor, at least once, had a feeling after the end of the audit engagement, that maybe there was something unnoticed, undiscovered, left “behind the curtains”. You start thinking about it, but nothing concrete really comes up on your mind – the interviews were held, reviews performed, testing completed. It looks like everything was examined properly, but the fear of missing something important just does not come out of the mind. Suddenly a thought comes up out of the blue: “And what, if there was a fraud out there?” Right, missing a fraud is the worst nightmare for an internal auditor. Although the Standards don’t put full responsibility of fraud detection on the internal auditors, but as is written in the Standard 1210.A2: “Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization”. What is the trickiest about fraud is that it is like an iceberg – seems to be just a small detail from the first sight, but 95% of an iceberg is hidden beneath the water. And the damage it can cause might be truly unpredictable. If you have any doubts about that, just think about Titanic – the largest ship afloat with 2500 passengers on board, 1 500 of them died, making it one of the deadliest commercial peacetime maritime disasters in modern history. And this tragedy happened because the crew did not manage to identify the iceberg in time.