A fraud audit is a review of the financial records of a company by an in-house or independent auditor in an attempt to identify unauthorized and improper activity. It focuses on transactions that seem to have been made in the ordinary course of business by managers and employees who have various levels of discretion and positions of trust. This type of audit is particularly concerned with uncovering and preventing fraud and is not typically part of the yearly financial audit to produce a company’s financial statements.
An ordinary audit of a company’s financial records is conducted every fiscal year by an independent auditor or accounting firm to produce financial statements that can be used by managers to evaluate performance, sent to regulators, and reviewed by investors. The auditor checks the company’s financial records for accuracy, for instance by matching bank account debits and credits to their appropriate recordation in the company’s books. Determining whether or not any of the transactions are legitimate is not part of the ordinary audit process.
A fraud audit is a compliance tool that is used by company management to meet its internal and regulatory obligation to guard against illegal activity by employees. It is both a corrective and a preventive measure designed to not only identify fraudulent activity but to discourage employees from engaging in such activity in the first place. An internal audit policy for fraud can mandate a review at any appropriate interval, such as every six months or every two years.
The review can be conducted by the company’s in-house auditors or can be assigned to an outside individual or agency. In either case, a fraud audit is more investigatory in nature than the ordinary financial audit. These auditors take the next step and actually evaluate the characteristics of a transaction to determine if red flags exist that would indicate signs of certain types of fraud that auditors are trained to identify. The standard types of fraud include recording fake transactions, stealing, embezzling, bribery, extortion, and kickbacks.
Fraud audit investigation stops at the identification of suspicious transactions. Auditors identify transactions but are not responsible for figuring out whether or not a transaction is actually fraudulent or how the fraud occurred. That part of the investigation is the responsibility of management, who must determine if and how the fraud occurred and the guilt or innocence of the employees involved.