Internal Auditors and the Prevention and Detection of Computer Fraud

Abstract

This study examines the involvement and attitudes of internal auditors to the prevention and detection of computer fraud. This approach differs from previous research which has concentrated on learning from frauds which have occurred. The main enquiry was by means of a questionnaire sent to members of the Institute of Internal Auditors. Verification and additional information was forthcoming by visiting some respondents.

Almost a fifth of internal audit departments reported that they had no specific responsibility for either prevention or detection of computer fraud. It was clear that where responsibility was acknowledged, it is generally on an informal basis or is self imposed.

Internal auditors reported that most reliance was placed on computer assisted tools and manual techniques like input/output reconciliation for detection of computer fraud. Few of the organisations surveyed had any laid down guidelines what to do in the case of a fraud discovery. Where guidelines did exist they called for dismissal and prosecution. In smaller firms, external auditors have a larger role in the prevention and detection of computer fraud than in larger firms.

Opinion on the prevention and detection of computer fraud included the view that as network systems become more common, so detection and prevention will become more difficult. In addition it was claimed that management did not appreciate the level of the threat. Internal auditors feel that they have a role to play, but highlighted the fact that there is a shortage of staff with the requisite skills.